rootcertificaten

Root certificates are self-signed public keys that serve as trust anchors in a public key infrastructure (PKI). They establish the root of the chain of trust for digital certificates used in secure protocols such as TLS, as well as for code signing and email security. A root certificate is trusted because it is included in software and operating system trust stores and is assumed to be under the control of a reliable certificate authority.

In typical PKI operation, leaf certificates are issued by intermediate certificate authorities that themselves rely on

Root certificates have long validity periods, often decades, but they can be retired or replaced. When a

Root certificates do not typically appear in normal TLS handshakes; instead, servers present a chain of certificates