The root certificate is the foundation of the trust chain. It is the highest-level digital certificate issued by a certification authority (CA) to verify the authenticity of other digital certificates. Root certificate is a public key certificate, which contains the public key of CA and other important information, such as the name of CA, signature algorithm, etc.
the role of the root certificate
the root certificate is the trust foundation in the digital certificate system, and its role is to verify the authenticity of other digital certificates. When we visit a website, the browser will request a digital certificate from the website. If the digital certificate is issued by a trusted CA, the browser will trust the digital certificate to establish a secure communication connection.
How to get the root certificate
There are many ways to get the root certificate, and the following are two common methods:
Method 1: Get from the browser
Most browsers have some trusted root certificates built in, and we can get them through the following steps:
1. Open the browser and enter the Settings page.
2. find the "security" option in the "settings" page.
3. find the trusted root certification authority in the security option.
4. click "trusted root certificate authority" to view the trusted root certificate built in the browser.
Method 2: Download from official website of CA
We can also download the root certificate from official website of CA, as follows:
1. Open official website of CA and find the "root certificate download" page.
2. select the root certificate type to be downloaded (such as RSA, ECC, etc.) in the "root certificate download" page.
3. click the "download" button to download the root certificate.
how to install the root certificate
There are many ways to install the root certificate, and the following is one of the common methods:
Method 1: Install from the browser
We can install the root certificate from the browser, and the following are the installation steps:
1. Find the root certificate file (usually a file ending in. cer or. crt) that needs to be installed.
2. Double-click the root certificate file, and the browser will automatically open and prompt for installation.
3. click the "install certificate" button and select "trusted root certification authority" as the installation location.
4. click "next" button to complete the installation.
Method 2: Install manually
We can also install the root certificate manually, as follows:
1. Find the root certificate file to be installed (usually a file ending in. cer or. crt).
2. right-click the root certificate file and select install certificate.
3. in the certificate import wizard, select trusted root certification authority as the installation location.
4. click "next" button to complete the installation.
How to verify the authenticity of the root certificate
It is very important to verify the authenticity of the root certificate. The following verification steps are:
1. Open the digital certificate that needs to be verified.
2. click the "certificate path" tab to view the certificate path.
3. confirm whether the root certifiCAte in the certificate path is issued by a trusted ca.
4. if the root certifiCAte is issued by a trusted ca, the digital certificate is authentic.