360 Browser
360 is a security company in China and has always been working on the secure development of the Internet.
- TLS
- View or download list: HTML
- Audit scheme: WebTrust
Adobe
https://helpx.adobe.com/acrobat/kb/approved-trust-list2.html
The Adobe Approved Trust List is a program that allows millions of users around the world to create digital signatures that are trusted whenever the signed document is opened in Adobe® Acrobat® or Reader® software. Essentially, both Acrobat and Reader have been programmed to reach out to a web page to periodically download a list of trusted "root" digital certificates. Any digital signature created with a credential that can trace a relationship ("chain") back to the high-assurance, trustworthy certificates on this list is trusted by Acrobat and Reader.
- PAdES
- View or download list: HTML
Android
- TLS
- View or download list: HTML
Apple
https://www.apple.com/certificateauthority/ca_program.html
Apple uses public key infrastructure (PKI) to secure and enhance the experience for Apple users. Apple products, including the web browser Safari and Mail.app, use a common store for root certificates.
Chrome
http://g.co/chrome/root-policy
When Chrome presents the connection to a website as secure, Chrome is making a statement to its users about the security properties of that connection. Because of the CA's critical role in upholding those properties, Chrome must ensure the CAs who issue certificates are operated in a consistent and trustworthy manner.
- TLS
- View or download list: HTML
- Audit scheme: WebTrust
Cisco Trusted Root Store
https://www.cisco.com/security/pki/
The Cisco Trusted Root Store supports the distribution of root certificates for over 90 products and families.
eIDAS List of Trusted Lists
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN
The Member States of the European Union and European Economic Area publish trusted lists of qualified trust service providers in accordance with the eIDAS Regulation. The European Commission publishes a list of these trusted lists, the List of Trusted Lists (LOTL).
Gmail
https://www.google.com/gmail/about/
- S/MIME
- View or download list: HTML
ICAO Public Key Directory (PKD)
https://www.icao.int/Security/FAL/PKD/
The ICAO Public Key Directory (PKD) is a central repository for exchanging the information required to authenticate ePassports.
- ePassport
- View or download list: HTML
Microsoft
The Microsoft Root Certificate Program supports the distribution of root certificates, enabling customers to trust Windows products.
List info: https://docs.microsoft.com/en-us/security/trusted-root/participants-list
List policy: https://wiki.mozilla.org/CA/FAQ#Can_I_use_Mozilla.27s_set_of_CA_certificates.3F
- TLS
- Audit scheme: WebTrust ETSI CABForum
- S/MIME
- Audit scheme: WebTrust ETSI
- Code-Signing
- View or download list: PEM
- Audit scheme: WebTrust ETSI
Mozilla
Mozilla’s CA Certificate Program governs inclusion of root certificates in Network Security Services (NSS), a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products. The program is overseen by the module owner and peers of the CA Certificates Module; the policy itself is overseen by the module owner and peers of the CA Certificate Policy Module.
List info: https://wiki.mozilla.org/CA/Included_Certificates
List policy: https://wiki.mozilla.org/CA/FAQ#Can_I_use_Mozilla.27s_set_of_CA_certificates.3F
- TLS
- View or download list: PEM
- Audit scheme: WebTrust ETSI CABForum
- S/MIME
- View or download list: PEM
- Audit scheme: WebTrust ETSI
Oracle Java
https://www.oracle.com/java/technologies/javase/carootcertsprogram.html
The Oracle Java Root Certificate program includes widely recognized Certificate Authorities with a significant customer base and global reach.
- TLS, S/MIME, Code-Signing, Time-Stamping
- View or download list: HTML
- Audit scheme: WebTrust
Visa
https://developer.visa.com/developer_program
Visa List of Trusted Certifying Authorities
- TLS
- View or download list: HTML
Wi-Fi Alliance
https://www.wi-fi.org/certification/certificate-authority-vendors
In the Wi-Fi CERTIFIED Passpoint® certification program, mobile devices use Online Sign-Up (OSU) to accomplish registration and credential provisioning to obtain secure network access. Each Service Provider network has an OSU Server, an AAA Server, and access to a certificate authority (CA). A CA is a collection of computer hardware, software, and the people who operate it. The CA is known by two attributes: its name and its public key. One of the requirements for a mobile device and the hotspot to trust each other is that the OSU Server shall hold a certificate signed by a Certificate Authority whose root certificate is issued by one of the CAs authorized by Wi-Fi Alliance, and that these trusted root CA certificates are installed on the mobile device.
- Wi-Fi
- View or download list: HTML
Disclaimer
The PKI Consortium does not endorse any of the trust lists included in the List of Trust Lists, nor does it validate the policies or quality of these lists. The PKI Consortium makes no representations or warranties regarding the accuracy, completeness, or reliability of these trust lists, and shall not be held liable for any damages resulting from their use. The inclusion of a trust list in the List of Trust Lists does not constitute an endorsement by the PKI Consortium. It is the responsibility of the user to carefully evaluate and verify the trustworthiness of any trust list before relying on it for any purpose.
