What are signing and root (digital) certificates of authenticity?

When you view a secure website, your browser uses cryptography to verify that a certificate authority (CA), usually a trusted independent third party (e.g., USERTrust or VeriSign), has registered and identified the server. The verification occurs through the use of SSL certificates. The CA cryptographically signs the web server's certificate with its own certificate. Because your browser trusts the CA, it will therefore also trust the web server.

The CA's certificate must also be signed. It may be self-signed, in which case it is known as a root certificate, or it may be a signing certificate signed by the root certificate. CAs will often sign their signing certificates with their root certificates, and then take the root certificates offline and store them in physically secure facilities. Their signing certificates will then be actively used to sign server certificates.

As long as your browser can either assign a level of trust to the CA's signing certificate, or follow the chain of trust back to the root by checking the cryptographic signatures of all the certificates in the chain, security and trust can be established.

This is document auaw in the Knowledge Base.
Last modified on 2017-04-15 17:04:22.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.