The Root signing service is regularly requested, however, the requirements and implications are rarely understood. Owning and operating a Trusted Root or TRoot, requires that your organisation's Trust Centre environment is WebTrust certified. Before cross certification of your Root CA can occur, WebTrust certification is required.
Achieving WebTrust certification is an onerous and sometimes, overwhelming, task for even the most seasoned of IT security professionals. The Digi-CAST™ team can simplify this process and 'fast track' the certification for you. If you truly require a TRoot, you need WebTrust certification and the Digi-CAST™ methodology is your solution. The actual WebTrust certification is audited by our partner of choice: KPMG.
The following is a high-level overview of the steps that must be followed to achieve WebTrust compliance and then get your Root CA cross-signed: