search cancel

Trusted Certificate Authorities when enforcing TLS with Email


Article ID: 161437


Updated On:




You need information on the Certificate Authorities (CA) that are trusted by the Symantec Email service when enforcing TLS using Strong certificate validation.

A CA is a trusted third-party organization or company that issues digital certificates. These certificates are used to create digital signatures and public-private key pairs.

The role of the CA is to guarantee that the company or individual granted the unique certificate is, in fact, who they claim to be. CAs are a critical component in data security as they guarantee the identity of the two parties exchanging information.




  • Common name


Trusted CAs

AC Camerfirma S.A.

  • Global Chambersign Root - 2008

Actalis S.p.A.

  • Actalis Authentication Root CA


  • AffirmTrust Commercial


  • Amazon Root CA 1


  • Atos TrustedRoot 2011

A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH

  • A-Trust-nQual-03


  • Baltimore CyberTrust Root

CESCA Root Certification Authority


Chunghwa Telecom Co., Ltd.

  • ePKI Root Certification Authority
  • ePKI Root Certification Authority - G2


  • COMODO Certification Authority
  • COMODO RSA Certification Authority

Comodo CA Limited

  • AAA Certificate Services

Cybertrust, Inc

  • Cybertrust Global Root


  • Certigna Root CA
  • Certigna

DigiCert Inc

  • DigiCert Assured ID Root CA
  • DigiCert Global Root CA
  • DigiCert High Assurance EV Root CA
  • DigiCert Global Root G2
  • DigiCert Global Root G3

Digital Signature Trust Co.

  • DST Root CA X3

D-Trust GmbH

  • D-TRUST Root Class 3 CA 2 2009

Entrust, Inc.

  • Entrust Root Certification Authority
  • Entrust Root Certification Authority - G2

GeoTrust Inc.

  • GeoTrust Primary Certification Authority - G3
  • GeoTrust Primary Certification Authority
  • GeoTrust Global CA


  • GlobalSign

GlobalSign nv-sa

  • GlobalSign Root CA, Inc.

  • Go Daddy Root Certificate Authority - G2

Hongkong Post

  • Hongkong Post Root CA 1
  • Hongkong Post Root CA 3

  • Hongkong Post e-Cert SSL CA 3 - 17

  • Hongkong Post e-Cert EV SSL CA 3 - 17


  • IdenTrust Commercial Root CA 1
  • IdenTrust Public Sector Root CA 1

IPS Certification Authority s.l. ipsCA

  • ipsCA Global CA Root

NetLock Halozatbiztonsagi Kft.

  • NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado

NetLock Kft.

  • NetLock Arany (Class Gold)

Network Solutions L.L.C.

  • Network Solutions Certificate Authority

QuoVadis Limited

  • QuoVadis Root CA 2
  • QuoVadis Root CA 3
  • QuoVadis Root CA 2 G3

SECOM Trust Systems CO.,LTD.

  • Security Communication RootCA2


  • Security Communication RootCA1

SecureTrust Corporation

  • SecureTrust CA

Staat der Nederlanden

  • Staat der Nederlanden EV Root CA
  • Staat der Nederlanden Root CA - G3

Starfield Technologies, Inc.

  • Starfield Root Certificate Authority - G2
  • Starfield Class 2 Certification Authority

StartCom Ltd.

  • StartCom Certification Authority

SwissSign AG

  • SwissSign Platinum CA - G2
  • SwissSign Silver CA - G2
  • SwissSign Gold CA - G2

Symantec Corporation

  • Symantec Class 1 Public Primary Certification Authority - G6
  • Symantec Class 2 Public Primary Certification Authority - G6


  • TWCA Root Certification Authority
  • TWCA Global Root CA

TC TrustCenter GmbH

  • TC TrustCenter Class 2 CA II
  • TC TrustCenter Class 3 CA II
  • TC TrustCenter Universal CA I




  • TeliaSonera Root CA v1

thawte, Inc.

  • thawte Primary Root CA - G3
  • thawte Primary Root CA

The Go Daddy Group, Inc.

  • Go Daddy Class 2 Certification Authority


  • USERTrust RSA Certification Authority


  • TRUST2408 OCES Primary CA

Trustis Limited

  • Trustis FPS Root CA

T-Systems Enterprise Services GmbH

  • T-TeleSec GlobalRoot Class 2
  • T-TeleSec GlobalRoot Class 3

T-Systems International GmbH

  • TeleSec ServerPass Class 2 CA

Unizeto Sp. z o.o.

  • Certum CA

Unizeto Technologies S.A.

  • Certum Trusted Network CA

Vaestorekisterikeskus CA

  • VRK Gov. Root CA

VeriSign, Inc.

  • VeriSign Universal Root Certification Authority
  • Class 3 Public Primary Certification Authority
  • Class 3 Public Primary Certification Authority - G2
  • Class 4 Public Primary Certification Authority - G2
  • VeriSign Class 3 Public Primary Certification Authority - G5


  • Criminal Justice IT Root CA (CJSM)

Additional Information

If a particular CA/CN pair that is required for the successful email exchange via TLS enforcement is missing. Please let our support team know via a support case.