Trusted Root Certificates
GlobalSign’s Trusted Root Signing service allows suitably qualified organizations to capitalize on their investments in PKI or CA software to issue digital certificates which chain up to GlobalSign’s publicly trusted Root Certificate. Use cases for Trusted Root include issuing SSL Certificates to domains owned or controlled by an organization and client certificates to extranet users/stakeholders for secure email and authentication purposes.
The goal for Trusted Root is to simplify internal processes surrounding the issuance and lifecycle management of digital certificates. The GlobalSign Root Certificate is already distributed in all operating systems, browsers, and mobile devices, meaning that all GlobalSign Certificates are transparently trusted. By chaining to the GlobalSign Root, qualifying organizations no longer need to rely on self-signed certificates or worry about distributing their own Root Certificates, a time consuming and costly process.
Organizations using Trusted Root must meet the operational best practices in effect for Certificate Authorities, including compliance with CA/B Forum baseline requirements. For that reason, there are a number of technical, procedural, contractual requirements that must be met and maintained via regular auditing.
Trusted Root is a select service with strict requirements. Trusted Root is both technically and contractually prohibited from being used for deep packet inspection/scanning of outbound/inbound HTTPS traffic.
While there are certain scenarios where Trusted Root is the best fit for an organization, most organizations can meet Certificate needs through alternative GlobalSign services - namely managed services for SSL and Client Certificates (Managed PKI).