You are here:
Trusted Root for Inhouse PKI / Certificate Authority
Get Immediate trust for your SSL & S/MIME Client Certificates by chaining your PKI / Certificate Authority to the pre-trusted GlobalSign Root CertificateGlobalSign Trusted Root extends the capability of an enterprise inhouse PKI / Certificate Authority (CA) solution to issue SSL and S/MIME Digital Certificates chained to GlobalSign’s pre-distributed Root Certificate. The GlobalSign Root Certificate is already present in all Operating Systems, browsers and devices, meaning that all SSL and S/MIME Certificates issued from the Root Certificate gain automatic recognition. Without this inherited trust, the Certificates issued from the internal PKI / CA present errors and confusion to users relying on the Certificates. Trusted Root eliminates the need to provide support to explain such errors and also means organisations need not distribute their own self-signed Root Certificate – a time-consuming (years) and costly process.
Who should use Trusted Root?
- Public Certificate Authorities – where a trusted Public Key Infrastructure (PKI) is used to support Government or industry standards, regulations and internal security policies
- Enterprise Certification Authorities, where drivers include:
- Compliancy requirement for strong authentication to extranets
- Passwords no longer acceptable
- eProcurement and workflow processes drive the need for digital signatures
Many enterprises have established their own PKI (Public Key Infrastructure) / CA with the goal of enhancing security for an increasing number of web based business processes. To establish their own CA, the enterprise must self-sign a Root Certificate, which is then used to issue Digital Certificates (SSL and S/MIME) to employees, extranet users and devices. Such Certificates can be used for SSL security, or to digitally sign and encrypt emails, documents and control access to web resources. However a self-signed Root Certificate is not automatically trusted by operating systems (such as Microsoft Windows), browsers ( Microsoft Internet Explorer, Mozilla Firefox, Opera etc) or email clients (such as Microsoft Outlook). This inability to trust causes warning messages to be displayed, resulting in a lack of confidence by staff and increased cost for support and training.
To avoid these warnings the enterprise would be forced to to undertake a Root Embedding programme to have the self-signed Root Certificate inserted into all operating systems, browsers and devices. Such a programme is expensive and takes many years before the enterprise’s Root Certificate is sufficiently embedded to be used without support issues. The time and cost associated with an embedding programme massively outweigh any advantage that would be associated with implementing an enterprise CA solution.
Today, there is no need for such CAs to have their Root Certificate directly embedded in browsers to create the necessary feeling of trust. GlobalSign has made available a simple solution for CAs to chain themselves under GlobalSign's widely embedded Root Certificate: Trusted Root.
As a leading WebTrust accredited Certification Authority, GlobalSign has maintained its own pioneering Root Embedding programme GlobalSign Ready since 1996 and now the GlobalSign Root Certificate is trusted by all mainstream browsers, applications and devices. With GlobalSign’s Trusted Root there is no need for individual CAs to have their own embedding programme, instead GlobalSign allows use of its own ubiquitous Root CA Certificate to give the customer its own set of new, but highly trusted, Root Certificates. The customer then immediately inherits the trust associated with the GlobalSign Root Certificate which provides an easy way for Certificates issued by the enterprise to be transparently trusted, thereby eliminating the costly support issues.
