000017141 - What web browsers have the RSA 2048 Root CA embedded in it?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017141
Applies ToRSA Public Root Signing
Netscape Navigator
Mozilla Firefox web browser
Safari web browser
Opera web browser
Microsoft Internet Explorer
IssueWhat web browsers have the RSA 2048 Root CA embedded in it?
Resolution

RSA has two trusted Root Certificate Authorities, this note deals with the ?RSA Security 2048 v3? Root CA certificate (RSA 2048-bit Root). This Root CA certificate was created in 2001 and is embedded in the leading browsers as discussed below:


Netscape/Mozilla:  The RSA 2048-bit Root was embedded in Netscape/Mozilla in 2002. It was included in Netscape 7 and because it is in Mozilla is in all known derivatives of Mozilla.

Firefox:  The RSA 2048-bit Root is in all known versions of Firefox.

Safari:  The RSA 2048-bit Root is in all known versions of Safari.

Opera:  The RSA 2048-bit Root is embedded in the Opera browser starting with Opera version 8 and including the current release Opera 9.

Microsoft Internet Explorer: Microsoft no longer delivers trusted Root CA certificates along with Microsoft Internet Explorer, instead Trusted Root CA certificates are delivered using Windows update. This is completely seamless for users running Windows XP or newer. The description from Microsoft can be found at:
http://www.microsoft.com/technet/archive/security/news/rootcert.mspx?mfr=true

"When a user visits a secure Web site (that is, by using HTTPS), reads a secure e-mail (that is, S/MIME), or downloads an ActiveX control that uses a new root certificate, the Windows XP certificate chain verification software checks the appropriate Windows Update location and downloads the necessary root certificate. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.

New roots will be available to Windows 2000, Windows NT, Windows 95, Windows 98, and Windows Millennium Edition (ME) clients through a Windows Update download file."

The Root Update can be reached at the following link:
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe

In certain cases an enterprise may block access to Windows Update, in which case they can add required Trusted Root CA certificates using enterprise Group Policy. The instructions can be found at:
http://technet2.microsoft.com/WindowsServer/en/library/4b7ea7f9-311a-479b-aecc-c856165b97c11033.mspx?mfr=true


As can be seen from the above, the vast majority of Internet users will automatically and seamlessly trust the RSA 2048-bit Root CA. For users using older versions of Windows a simple Windows Update will enable this trust and for those enterprises restricting access to Windows Update the trusted CA certificates can be updated through group policy.

Notes

Oracle/Sun Java:  At this time, there are no plans to include the RSA 2048 Root CA as a trusted root in Java.

Legacy Article IDa40560

Attachments

    Outcomes