A digital certificate that attests to the identity of a certificate authority (CA). A root certificate is signed by the CA itself (self-signed) or by a higher authority in a hierarchy of CAs in a public key infrastructure (PKI).
Every CA requires a root certificate so that it can be “trusted” by entities that request digital certificates from it. If a client trusts the root certificate of a CA, it automatically trusts any other certificates that are issued by that CA. Root certificates thus form one of the foundations of public key cryptography.
Microsoft Certificate Server, which is included with Microsoft Windows NT Option Pack, and Certificate Services in Windows 2000 can self-sign a root certificate during the installation process or create a certificate request file that can be used to request a certificate from a higher CA.