Will all computers recognize even a well-known root CA? Unfortunately, the answer is no. Many software applications assume these root certificates are trustworthy on the user's behalf, but not all do. This "chain of trust" assumes that the end-organization's applications have validated and verified that the root CA you use is a trusted CA. Just like a driver's license may be valid in the U.S. but not necessarily recognized by other...
countries, there isn't a root CA that is a trusted CA for all applications. While using a root CA dramatically improves the chance of your certificates being trusted, there's not a 100% guarantee. (Expect help desk calls if electronic signatures are turned on by default , since the general public doesn't have access to every CA certificate. This can cause errors for many senders, as many of them may not be able to get to the specific CA being used to protect the content) It's always a best practice to discuss your secure communications schemes in advance with any outside organizations where you'll be using them.
Dig deeper on Active Directory and LDAP Security
Related Q&A from Randall Gamby, Contributor
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.