List of Trust Lists

A global list of CA certificates trusted by public, private, industry, or solution-specific PKI

Help the PKI Consortium to manage this list of Trust Lists

360 Browser

https://caprogram.360.cn/

360 is a security company in China and has always been working on the secure development of the Internet.

  • TLS
    • View or download list: HTML
    • Audit scheme: WebTrust



Adobe

https://helpx.adobe.com/acrobat/kb/approved-trust-list2.html

The Adobe Approved Trust List is a program that allows millions of users around the world to create digital signatures that are trusted whenever the signed document is opened in Adobe® Acrobat® or Reader® software. Essentially, both Acrobat and Reader have been programmed to reach out to a web page to periodically download a list of trusted "root" digital certificates. Any digital signature created with a credential that can trace a relationship ("chain") back to the high-assurance, trustworthy certificates on this list is trusted by Acrobat and Reader.

  • PAdES
    • View or download list: HTML



Android

http://www.android.com

  • TLS
    • View or download list: HTML



Apple

https://www.apple.com/certificateauthority/ca_program.html

Apple uses public key infrastructure (PKI) to secure and enhance the experience for Apple users. Apple products, including the web browser Safari and Mail.app, use a common store for root certificates.

  • TLS
    • Audit scheme: WebTrust



Chrome

http://g.co/chrome/root-policy

When Chrome presents the connection to a website as secure, Chrome is making a statement to its users about the security properties of that connection. Because of the CA's critical role in upholding those properties, Chrome must ensure the CAs who issue certificates are operated in a consistent and trustworthy manner.

  • TLS
    • View or download list: HTML
    • Audit scheme: WebTrust



Cisco Trusted Root Store

https://www.cisco.com/security/pki/

The Cisco Trusted Root Store supports the distribution of root certificates for over 90 products and families.

  • TLS, Code-Signing
    • Audit scheme: WebTrust



eIDAS List of Trusted Lists

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN

The Member States of the European Union and European Economic Area publish trusted lists of qualified trust service providers in accordance with the eIDAS Regulation. The European Commission publishes a list of these trusted lists, the List of Trusted Lists (LOTL).

  • TLS, S/MIME, Code-Signing, Time-Stamping
    • Audit scheme: eIDAS ETSI



Gmail

https://www.google.com/gmail/about/

  • S/MIME
    • View or download list: HTML



ICAO Public Key Directory (PKD)

https://www.icao.int/Security/FAL/PKD/

The ICAO Public Key Directory (PKD) is a central repository for exchanging the information required to authenticate ePassports.

  • ePassport
    • View or download list: HTML



Microsoft

https://aka.ms/RootCert

The Microsoft Root Certificate Program supports the distribution of root certificates, enabling customers to trust Windows products.

List info: https://docs.microsoft.com/en-us/security/trusted-root/participants-list
List policy: https://wiki.mozilla.org/CA/FAQ#Can_I_use_Mozilla.27s_set_of_CA_certificates.3F

  • TLS
    • Audit scheme: WebTrust ETSI CABForum
  • S/MIME
    • Audit scheme: WebTrust ETSI
  • Code-Signing
    • View or download list: PEM
    • Audit scheme: WebTrust ETSI



Mozilla

https://wiki.mozilla.org/CA

Mozilla’s CA Certificate Program governs inclusion of root certificates in Network Security Services (NSS), a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products. The program is overseen by the module owner and peers of the CA Certificates Module; the policy itself is overseen by the module owner and peers of the CA Certificate Policy Module.

List info: https://wiki.mozilla.org/CA/Included_Certificates
List policy: https://wiki.mozilla.org/CA/FAQ#Can_I_use_Mozilla.27s_set_of_CA_certificates.3F

  • TLS
    • View or download list: PEM
    • Audit scheme: WebTrust ETSI CABForum
  • S/MIME
    • View or download list: PEM
    • Audit scheme: WebTrust ETSI



Oracle Java

https://www.oracle.com/java/technologies/javase/carootcertsprogram.html

The Oracle Java Root Certificate program includes widely recognized Certificate Authorities with a significant customer base and global reach.

  • TLS, S/MIME, Code-Signing, Time-Stamping
    • View or download list: HTML
    • Audit scheme: WebTrust



Wi-Fi Alliance

https://www.wi-fi.org/certification/certificate-authority-vendors

In the Wi-Fi CERTIFIED Passpoint® certification program, mobile devices use Online Sign-Up (OSU) to accomplish registration and credential provisioning to obtain secure network access. Each Service Provider network has an OSU Server, an AAA Server, and access to a certificate authority (CA). A CA is a collection of computer hardware, software, and the people who operate it. The CA is known by two attributes: its name and its public key. One of the requirements for a mobile device and the hotspot to trust each other is that the OSU Server shall hold a certificate signed by a Certificate Authority whose root certificate is issued by one of the CAs authorized by Wi-Fi Alliance, and that these trusted root CA certificates are installed on the mobile device.

  • Wi-Fi
    • View or download list: HTML



Participate in our community discussions and/or join the consortium