Need Help?

Contact QuoVadis Sales at
+1-441-278-2803 or e-mail

Root Signing

In recent years, increasing numbers of enterprises have chosen to operate their own internal Certification Authority (CA) to support their growing array of web-based business operations. With the availability of well-understood tools like the Microsoft Certificate Services CA, these enterprises wish to maintain complete control over certificate lifecycle management, including issuance, renewal and revocation.

However, these private CAs often face obstacles due to lack of global recognition for their “self-signed” CA certificates. While options exist to distribute the internal root within the enterprise, it is not feasible to widely distribute an enterprise root to the vast array of external users who may need to rely upon the certificates. If a certificate is not recognized, end users may receive an error message, and consequently not trust either the protected information or its source.

QuoVadis root signing allows enterprise CAs to chain themselves under the QuoVadis trusted roots, which are embedded in mainstream browsers and applications. This allows the enterprise CA to inherit QuoVadis’ widespread recognition.  At the same time, the enterprise CA maintains flexibility and control over authenticating individuals, deploying and managing SSL server certificates and client certificates, and managing the distribution of public keys to appropriate parties – whether they are internal users, clients, or external partners.

Enterprises using QuoVadis root signing must comply with industry standards including the CA/B Forum Baseline Requirements, and must not use their CAs to support deep packet inspection including scanning of HTTPS traffic. To support compliance, QuoVadis imposes technical, contractual, and audit requirements on its root signed CAs. In many circumstances, our Trust/Link Enterprise managed PKI provides a more flexible alternative.

Features and Benefits

  • Global Recognition: The QuoVadis roots are widely distributed in operating systems, browsers, and mail clients. Certificates issued by the enterprise CA inherit the trust of QuoVadis embedding programme.
  • Reduce Support Costs: By chaining to the QuoVadis trusted roots, the complex administrative task of distributing the enterprise CA root can be avoided, while minimizing the risk of certificate errors.
  • Certificate Management: Customer maintains close control over CA operations as well as the integration with infrastructure and business applications.
  • Independent Policies: The enterprise CA may define its PKI policies independently within the scope of the QuoVadis root signing rules.
  • Privately Branding: Certificates may be issued and managed under the name of the enterprise CA.