GlobalSign Blog

Why Root Ubiquity Matters When Choosing a Certificate Authority (CA)

Why Root Ubiquity Matters When Choosing a Certificate Authority (CA)

In the vast world of the internet, trust is the glue that holds everything together. Whether it's sharing important info or sealing a big deal, trust is at the core of every successful transaction. 

As a trusted identity and security solutions provider or also known as a Certificate Authority (CA), with over 25 years of providing expertise and secure solutions to our partners, GlobalSign understands the importance and necessity of a strong foundation of trust, for our partners, and third parties. 

What is Root Ubiquity?

Root ubiquity is just a way of saying that our certificates are widely trusted across different browsers, devices, and platforms. It's like having a stamp of approval that guarantees our legitimacy as a trusted security provider.

Organizations must ensure that they procure their digital certificates from a trusted CA with strong root ubiquity. Here’s why:  

  1. Compatibility: A CA with broad root ubiquity means that their certificates will work smoothly with all kinds of devices and software, making it easier for you to do business with others.
  2. Trust: By choosing a CA with widely distributed roots, you're showing your partners that you take security and interoperability seriously.
  3. Compliance: Some industries are governed by strict rules around digital security. Partnering with a CA with broad root ubiquity can help to reduce the hassle of meeting compliance mandates.

Why Does Root Ubiquity Matter?

Think of root ubiquity as the foundation of trust online. Without it, our certificates wouldn't mean much. Imagine if you visited a website with a validated TLS certificate, but your browser didn't recognize the CA that issued it. This would produce a warning indicating the site might not be safe to visit. That's why root ubiquity is so important—it ensures that our certificates, and the sites that use them are trusted everywhere they're needed.

Understanding the Chain of Trust

To better understand root ubiquity, you need to know about the Chain of Trust. The Chain of Trust is like a hierarchy which shows who is trusted by who in the certificate market. At the top of this hierarchy are Root Certificates, issued by trusted CAs, like GlobalSign. These are the ultimate stamps of approval. Below them are Intermediate Certificates, signed by the root CA. Finally, the TLS certificates you see in your browser are signed by the intermediate.

When you visit a secure website, your browser performs a number of checks, including establishing a chain of trust from the website’s certificate through any number of intermediates, up to a trusted Root CA. If everything matches up, you'll see that reassuring padlock symbol. But if there's any doubt along the way, your browser will give you a warning.


There are strict requirements for a CA to gain public trust, including technical, security, and operational requirements, undergoing audits, and applying to various root programs to gain trust on their respective platforms. This means it takes time for newer CAs to establish root ubiquity. 

Cross-Signing is a mechanism used in Public Key Infrastructure (PKI) to establish trust between different CAs or certificate hierarchies. One CA gain trust when issued a certificate by another publicly trusted CA, vouching for their authenticity and establishing a Chain of Trust. This is an alternative method to establishing trust in smaller CAs which are recognized by some entities but not others. This is beneficial for clients who need assurance that any certificate they receive can be trusted, regardless of the issuing CA. This allows for interoperability and seamless trust validation across different CAs.

Cross-signing is often used during transitions between Root Certificates, allowing new Root Certificates to gain trust gradually without disrupting existing systems that rely on the old root certificate. Cross-signing can effectively fast-track Root Ubiquity, promote interoperability, and enhance the resilience of PKI systems by facilitating trust establishment across multiple CAs and certificate hierarchies. This mechanism plays a vital role in ensuring the widespread acceptance and reliability of digital certificates in diverse computing environments.

Choosing a Trusted CA

When it comes to digital security, choosing a CA like GlobalSign with strong Root Ubiquity is key. It's like picking a trustworthy locksmith to secure your home. By choosing a CA that's widely trusted, you can be confident that your connections are safe, and your data is protected.

We understand there are options within the market whereby root ubiquity is not provided which means you could run into big problems in establishing trust. If digital certificates aren’t widely trusted, it can cause issues with compatibility and security warnings.

Businesses are moving away from those who do not provide root ubiquity as they need to mitigate compatibility issues, establish effective risk management, enhance security, ensure regulatory compliance, protect their reputation, and improve operational efficiency in their transactions.

Internet Usage and Why You Need that Trust

In the past year, the Internet is now within reach for around 64.6% of the world's population, totaling about 5.18 billion people. Globally, 5.47 billion people use the internet daily, demonstrating a remarkable 6.2% year-to-year growth in the past year according to Eartheweb.

In an environment where cyber threats are prevalent, customers are increasingly cautious about sharing sensitive information online. Businesses need to build and maintain trust with their customers to facilitate online transactions. When customers see trusted digital certificates, indicating secure connections to websites or encrypted communication channels, they are more likely to feel confident in sharing their personal and financial information. Root ubiquity and cross-signing contribute to this trust by ensuring that digital certificates are recognized and accepted across different platforms and devices, bolstering the credibility of the business.

In Conclusion

Root ubiquity and cross-signing might sound technical, but it's just about trust. At GlobalSign we take pride in being a name you can trust online. By prioritizing root ubiquity, cross-signing and following strict security standards, we're committed to making the internet a safer place for everyone.

Together, let's keep building that Chain of Trust and making the internet a place where we make it easy for businesses to connect, share, and succeed with confidence.

Talk to us about your PKI needs and know that your certificates will be trusted!

Share this Post

Recent Blogs