punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
©1996-2009 2008-07-30 Roedy Green, Canadian Mind Products
| Why You need to Install Root Certificates | Caveat |
| Importing Code-Signing Root Certificates | Sources of Root Certificates |
| How to Import Root certificates Into Various Browsers | Links |
When a company such as Thawte or Verisign issues a digital certificate for SSL or code signing, they digitally sign it with their own master private key certificate. To verify that the certificates that they issue are valid, you need a copy of the issuing authority’s public key in your browser for SLL (or in your cacerts. file for signed Applets or Java Web Start). The process of installing these public keys is called downloading root certificates or installing certificate authorities.
With modern JREs, it is most important to get the JREs updated with the recent root certs, then secondarily the browser.
| How To Update Root Signing Authority Certificates | ||
|---|---|---|
| Last revised/verified: 2008-01-23 | ||
| Logo | Browser | What To Do |
 |
Java | You download the root certificate then import it into both your JRE and JDK with: Where C:\temp\Thawte Code Signing CA.cer is the name of the root certificate you are importing. The default password for cacerts. is changeit. |
 |
Opera | Just click on the certificate reference to download and import it, or click File
⇒ Open.
Alternatively, Click tools ⇒ preferences ⇒ advanced ⇒ security ⇒ manage certificates ⇒ import. To see what root certificates are installed Click tools ⇒ preferences ⇒ advanced ⇒ security ⇒ manage certificates. |
 |
Firefox | Just click on the certificate reference to download and import it, or click File
⇒ Open.
Alternatively, click Tools ⇒ Options ⇒ Advanced ⇒ Encryption ⇒ View Certificates ⇒ import . |
 |
Sea Monkey | Just click on the certificate reference to download and import it, or click File
⇒ Open.
Alternatively, click Edit ⇒ Preferences ⇒ Privacy & Security ⇒ Certificates ⇒ Manage Certificates ⇒ import . |
 |
IE 7 | Download each certificate, then click file ⇒ open.
To see which root signing authority certificates are included click tools ⇒ Internet Options ⇒ Content ⇒ Trusted Root Certificate Authorities. |
 |
IE 6 | Download each certificate, then click file ⇒ open.
To see which root signing authority certificates are included click tools ⇒ Internet Options ⇒ Content ⇒ Trusted Root Certificate Authorities. |
 |
Safari | Click start ⇒ Control Panel ⇒ network ⇒ Internet Options ⇒ Content ⇒ Trusted Root Certificate Authorities ⇒ import . |
| Installing Root Certificate | |
|---|---|
| Source | Notes |
| Actalis | Site is mostly in Italian. roots Last revised/verified: 2009-08-09 |
| AdTrust | Hosted on the InstantSSL website. AddTrust, InstantSSL and Comodo appear to be sister companies. |
| Aegis | |
| Aloaha | For the Aloaha free timestamp server. |
| ASP | Association of Shareware Professionals, the PAD people. They have a list of root certificates used for signing PAD files, including ASP itself. |
| CalNet | University of Berkeley. Need CalNet id. |
| Cacert | Have certs in PEM, DER and TXT form, interesting if you are curious about what is inside a cert. Also have GPG cert. Australian. Issue free certs. |
| Cren | non-profit |
| Deutsche Bank | |
| Digicert | There is a link so you test to see if you already have the certificates installed before bothering with downloading them. |
| Digicert Malysia | |
| Entrust | |
| GeoTrust | include Equifax roots. |
| GlobalSign | |
| GoDaddy | handle Valicert. |
| Harvard University | I searched and searched but could not find it. They ignored my email. |
| IdentTrust | |
| InstantSSL | aka Comodo |
| Microsoft | For W98/Me/NT/W2K Microsoft root certificate updates are part of the Windows Update, though they are not part of the automatic install mechanism. |
| Netrust | |
| RapidSSL | |
| Sprint | for cell-phones |
| RSA | They must be somewhere on the website, but I can’t find them. If you find them, please tell me the URL. |
| Starfield | For the Starfield free timestamp server, and SSL certificate roots. |
| SwissSign | |
| Thawte | You can download a complete zipped collection of Thawte root certificates in three different wrapping styles. JDK 1.5 beta inadvertently left out the root Thawte code signing root certificate. You need to import it into all the cacerts. files on machines using your cert. |
| TrustWave | Certificates as ASCII text. Revocation lists in a form not a acceptable to Opera. |
| University of Connecticutt | |
| University of Darthmouth | |
| University of Maryland | |
| Usher | Handles issuing certifaces for various universities |
| Verisign | code-signing and SSL. You can also download a bundle of Verisign, Thawte and Geotrust certificates. You can also verify the certificate fingerprints. |
| Verison | for cell-phones |
| Virginia Tech | |
| WebMoney | |
 |
You can get the freshest copy of this page from: | or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror) |
| http://mindprod.com/jgloss/rootcertificate.html | J:\mindprod\jgloss\rootcertificate.html | |
 |  Please email your feedback for publication, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to
Roedy Green :
 | |
| Canadian Mind Products | ||
| mindprod.com IP:[65.110.21.43] | ||
| view Blog | Your face IP:[38.107.191.100] | |
| Feedback | You are visitor number 11. | |