Trusted Certificate Authorities
Note: The Wormly SSL Tester trusts Mozilla’s database of trusted Certificate Authorities.
Many different entities can sign certificates - indeed anyone can generate a signing key and use that key to sign other entities’ certificates.
To participate in the SSL ecosystem, you must trust one or more Certificate Authorities (CAs). By trusting a CA, you are trusting in their ability to verify the information contained in any certificates they sign.
In a practical sense, if a CA signs the certificate you generated to secure your web server’s domain, then trusting that CA means implicitly trusting that you are the legitimate owner of that domain.
So for this system to be useful, all participants must decide on a set of Certificate Authorities which they trust.
All operating systems, and some web browsers, ship with a set of trusted CAs. You may be surprised at just how many - sometimes obscure - CAs are trusted by your OS or browser.
The list of commonly trusted CAs is of critical importance, because the entire system is only as secure as the least secure commonly trusted CA. If a CA fails to keep its’ signing keys secure, or if they sign inaccurate certificates (i.e. containing misleading or fraudulent details) then the security of the entire ecosystem is compromised.