Will all computers recognize even a well-known root CA? Unfortunately, the answer is no. Many software applications assume these root certificates are trustworthy on the user's behalf, but not all do. This "chain of trust" assumes that the end-organization's applications have validated and verified that the root CA you use is a trusted CA. Just like a driver's license may be valid in the U.S. but not necessarily recognized by other countries, there isn't a root CA that is a trusted CA for all applications. While using a root CA dramatically improves the chance of your certificates being trusted, there's not a 100% guarantee. (Expect help desk calls if electronic signatures are turned on by default , since the general public doesn't have access to every CA certificate. This can cause errors for many senders, as many of them may not be able to get to the specific CA being used to protect the content) It's always a best practice to discuss your secure communications schemes in advance with any outside organizations where you'll be using them.
Dig Deeper on Active Directory security
Related Q&A from Randall Gamby
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading
Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading
A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.