To issue certificates to end-users directly

To validate the identity of web browsers

To serve as the top entity in a certificate chain

To encrypt data for secure communication

It is not trusted by any web browsers

The issuer and subject are the same entity

It is issued by a different organization

It is only valid for a short period

By manually verifying each certificate

By only trusting certificates from well-known companies

By shipping with a pre-installed list of trusted root certificates

By requiring user approval for each certificate

Cert Manager

System Preferences

Keychain Access

Terminal

They are less secure than root CA certificates

They are included in a separate list

They are not necessary for establishing trust

They are automatically updated by the browser

It ensures that only root CAs can issue certificates

It prevents any form of certificate revocation

It allows users to create their own certificates

It establishes a hierarchy of trust from root to intermediate CAs

March 10th, 2025

January 19th, 2038

December 15th, 2021

July 4th, 2040