How can we get CA's public key?

Question

To get a public key of some organization or someone we want to send an encrypted message to, we need to make a request to CA asking that organization's public key. CA then returns X509 certificate. It contains CA's signature. To decrypt it we need to have a CA's public key. How can we securely obtain CA's public key?

_{Related:

- How can we get CA's public key?

- I've got my private key compromised. How does CRL work?

- What happens when a root CA has its private key compromised?}

score 2 · Accepted Answer · answered Nov 13 '13 at 23:07

You can search for root certificates of a given CA.

E.g.:

http://www.symantec.com/page.jsp?id=roots, but this page is served over plain HTTP so maybe you shouldn't trust it!
or https://www.mozilla.org/projects/security/certs/included/.

From there when you want to check a certificate you can check whether it belongs to/was signed by a root CA you trust. If you trust it, then you can get its public key.

More commonly as CodesInChaos said, trusted certificates are shipped with your OS/browser.

How can we get CA's public key?

1 Answers1

Linked