emSign Roots

emSign’s root certificates form the foundational trust anchors used within public trust hierarchies operated by eMudhra and are a critical component of globally trusted Public Key Infrastructure (PKI). These roots are available for download and inspection from the emSign certificate repository at https://repository.emsign.com/, which hosts emSign’s public trust roots, subordinate/intermediate CAs, CP/CPS documents, and related materials. EmSign Repository

Root certificates represent the highest level of trust in a certificate chain. When a certificate is issued under an emSign root, it inherits trust from that root and is automatically trusted by browsers, operating systems, and devices that include the emSign root in their trust stores. emSign maintains multiple root certificates covering different algorithms and usage categories (e.g., TLS, S/MIME, client authentication, timestamping), enabling broad compatibility and cryptographic flexibility. EmSign Repository

Trusted Public Root Certificates

The emSign root repository contains a range of root certificates used for publicly trusted operations, including but not limited to:

• TLS/SSL Root CAs – Serve as the ultimate trust anchor for web server and API certificates trusted by browsers and clients.

• S/MIME Root CAs – Anchor certificates used for secure email encryption and signing.

• Client Authentication Root CAs – Anchor certificates for mutual TLS and user/device authentication.

• Timestamping and Code Signing Roots – Anchor trust for timestamping and software signing where broad trust is required. EmSign Repository

Each root certificate is digitally signed and has a long lifespan (often multiple decades), reflecting its role as a stable trust anchor.

Availability and Accessibility

All emSign public trust root certificates and their subordinate CAs are made publicly accessible through the emSign repository:

https://repository.emsign.com/ This repository includes downloadable PEM/DER certificates and associated Certification Practice Statement (CP/CPS) documents that govern how certificates are issued under each root. EmSign Repository

Providing public access to roots and policy documentation supports transparency and operational readiness for administrators who need to install or verify trust anchors across their environments.

Trust Store Inclusion and Compatibility

Root certificates distributed through the emSign repository are included in major trust stores across platforms, ensuring universal recognition:

• Major browser trust stores (Chrome, Firefox, Safari, Edge)

• Operating system root programs (Windows, macOS, Android, iOS)

• Enterprise platforms and Java trust stores This broad inclusion means certificates issued under emSign roots are inherently trusted by billions of devices worldwide without additional configuration.

Why emSign Roots Matter

• Foundational Trust: emSign roots anchor the validity of all publicly trusted certificates issued under the hierarchy.

• Global Compatibility: Inclusion in major trust stores ensures seamless interoperability across platforms and devices.

• Transparency: The public repository provides administrators with direct access to roots, intermediates, and governance documentation.

• Flexibility: Multiple root certificates support different cryptographic profiles and use cases.

emSign Repository as a Reference Source

The emSign repository is a comprehensive source for:

• Root and intermediate certificates in downloadable formats

• Certificate Practice Statements (CP/CPS) governing issuance policies

• Legal and subscriber agreements

• Audit and compliance artifacts

This repository serves as the authoritative reference for public trust components of the emSign PKI, enabling organizations to integrate and configure trust anchors accurately within their systems.