Root CA

Root CAs (called trust anchors in X.509 terminology) hold the highest position in the trust tree and are recognized by all clients (browser/OS) at all levels. Root CAs are responsible for identifying intermediate CAs and verifying their trustworthiness. The root CA uses its certificate’s private key to sign the certificates of the intermediate CAs (or, in the case of unchained certificates, the server certificate) under it. The trustworthiness of the root CA is thus passed down to the intermediate CAs; any CA that is validated by the root CA is automatically trusted by its clients.