Chrome Root Program

From :

Chrome will soon have its own dedicated certificate root store

I suppose Let's Encrypt will ask to be included ? :slightly_smiling_face:


And, on the same subject, is there a list of status (asked;in process;rejected;included;(not)planned;...) of inclusion to different root stores ? Such as Microsoft Root Program Inclusion Status? ? As Let's Encrypt now has more roots with separate chains, I think it became more important than the simple binary "trusted or not".


The Chrome Root Store can be seen here:

ISRG Root X1 is already part of this "Transitional Root Store", as is the "DST Root CA X3".

I'm not sure if LE is required to do anything at this moment, besides including ISRG Root X2 when the time comes. The "Requesting Inclusing" section literally states: "For Certification Authorities that have not been included as part of this initial Chrome Root Store (…)", so I assume the CAs which are included don't have to apply for inclusion.


I wonder why they don't reuse android trust store? running two separate root store in single company is just byzantine


edit: oops, I think I probably misinterpreted what you were saying.

Agreed, maybe they will consolidate the two.

1 Like

I assume they do, whether or not partly. Their "Transitional Root Store" has come from somewhere, probably also the Android root store.


I am just personally so thrilled about this! It's a big step for Chrome but one in the right direction!


To address @tdelmas's second question:

The authoritative answer is each individual root store. You can see the most recent list of participants in Microsoft's root program here: (yes, it includes ISRG Root X1).

We do not maintain a list of which programs our roots are included in, but we do maintain the compatibility page, which is a good proxy for that information. We will be updating the compatibility page with information regarding ISRG Root X2 soon.


Thank you @aarongable for that response!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.