Netscape Navigator
Mozilla Firefox web browser
Safari web browser
Opera web browser
Microsoft Internet Explorer
RSA has two trusted Root Certificate Authorities, this note deals with the ?RSA Security 2048 v3? Root CA certificate (RSA 2048-bit Root). This Root CA certificate was created in 2001 and is embedded in the leading browsers as discussed below:
Netscape/Mozilla: The RSA 2048-bit Root was embedded in Netscape/Mozilla in 2002. It was included in Netscape 7 and because it is in Mozilla is in all known derivatives of Mozilla.
Firefox: The RSA 2048-bit Root is in all known versions of Firefox.
Safari: The RSA 2048-bit Root is in all known versions of Safari.
Opera: The RSA 2048-bit Root is embedded in the Opera browser starting with Opera version 8 and including the current release Opera 9.
Microsoft Internet Explorer: Microsoft no longer delivers trusted Root CA certificates along with Microsoft Internet Explorer, instead Trusted Root CA certificates are delivered using Windows update. This is completely seamless for users running Windows XP or newer. The description from Microsoft can be found at:
http://www.microsoft.com/technet/archive/security/news/rootcert.mspx?mfr=true
"When a user visits a secure Web site (that is, by using HTTPS), reads a secure e-mail (that is, S/MIME), or downloads an ActiveX control that uses a new root certificate, the Windows XP certificate chain verification software checks the appropriate Windows Update location and downloads the necessary root certificate. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes.
New roots will be available to Windows 2000, Windows NT, Windows 95, Windows 98, and Windows Millennium Edition (ME) clients through a Windows Update download file."
The Root Update can be reached at the following link:
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe
In certain cases an enterprise may block access to Windows Update, in which case they can add required Trusted Root CA certificates using enterprise Group Policy. The instructions can be found at:
http://technet2.microsoft.com/WindowsServer/en/library/4b7ea7f9-311a-479b-aecc-c856165b97c11033.mspx?mfr=true
As can be seen from the above, the vast majority of Internet users will automatically and seamlessly trust the RSA 2048-bit Root CA. For users using older versions of Windows a simple Windows Update will enable this trust and for those enterprises restricting access to Windows Update the trusted CA certificates can be updated through group policy.
Oracle/Sun Java: At this time, there are no plans to include the RSA 2048 Root CA as a trusted root in Java.
Related Articles
How to 'Trust' the RSA Authentication Manager Security Console Self-Signed Root CA certificate and prevent Cert warnings. Number of Views Obtain the RSA root CA certificate from RSA Authentication Manager 8.x Number of Views Root CA certificate is required for activation error when importing a custom certificate signed by a known CA into Operati… Number of Views Supported web browsers report an error message when accessing RSA Authentication Manager 8.1 Security Console or Operation… Number of Views A website security scanning tool reports that the RSA SecurID Access Portal's server certificate cannot be trusted, even t… Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) RSA-2022-12: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities
