A root certificate is the most important part of all digital certificates. The root is responsible for validating and authenticating the certificates against your certificate authority (CA). Anytime you create a new digital certificate using your CA system it automatically creates the necessary root.
A Root Certificate Can Be Trusted Using Different Methods
There are different types of trusts which can be used with a root certificate. The most basic trust system is direct as users will trust the certificates they receive as being authentic and valid, such as those preinstalled on your computer by the manufacturer. Another kind of trust system used by organizations is hierarchical. This is where multiple roots exist between several certificates and authentication is traced backwards to your CA system. For instance, one user shares a certificate containing a public key with multiple users both inside and outside of your organization. The root contained in the certificate authenticates against the initial user’s private key and may even be validated against your CA system.