Downloading a Root Certificate

A root certificate is the root node of a certificate trust chain. It is used to verify the authenticity of all lower-level certificates issued by a certificate authority (CA) and is the basis of the client trust system.

• You do not need to manually configure the root certificate in the following scenarios: If users access your web services through the JDK environment, mainstream browsers (such as Google Chrome, Mozilla Firefox, and Microsoft Edge), or OSs (such as Windows, macOS, Android, and iOS), you do not need to pay attention to the root certificate because the root certificate is embedded in the web server. You only need to install the SSL certificate issued by the CA on the web server to implement HTTPS communication between the client and server.
• You need to manually install the root certificate in the following scenario: If users access your web services through a Java client, download the root certificate and manually install it on the client because the client does not have a built-in root certificate. This ensures that the client can verify the encryption information of your web server. For example, if a GeoTrust EV SSL certificate is installed on your web server, the GeoTrust EV root certificate must be installed on the client to implement HTTPS communication between the client and server.

When the root certificate is installed on the client, an insecure message may be displayed or the access may fail due to reasons such as root certificate expiration or policy change. You are advised to download the root certificate and install it in the default trust store of the system, and use the trust store to verify the client.