Home > Products > SSL for the enterprise > GeoRoot

SSL for the Enterprise: GeoRoot

Become Your Own Certificate Authority

GeoTrust® GeoRoot allows enterprises to retain full control over Registration Authority (RA) functions for the issuance of SSL server certificates and client certificates (x.509). With privately-branded certificates, organizations build their reputation for secure, trusted transactions. Low fixed annual fees and cost-effective licensing help maximize IT budgets and lower TCO.

Contact Sales or call 1-866-511-4141 (option 3).

Global recognition for self-signed certificates

GeoTrust certificates are recognized by 99% of all web browsers and most popular mobile devices, and are compatible with most digital certificate and public key security applications. Ubiquitous recognition of GeoRoot signed certificates gives enterprises the confidence of knowing that digital certificates chained to the GeoTrust root are trusted globally.

Certificate lifecycle management and control

Enterprises use GeoRoot for customized internal applications and for the secure exchange of data between partners. The enterprise retains complete control over authenticating individuals, deploying and managing SSL server certificates and client certificates, and managing the distribution of public keys to appropriate parties, providing maximum flexibility for securing enterprise-wide business applications.

Seamless integration

GeoRoot works seamlessly with Microsoft Active Directory and Certificate Server for the authentication and delivery of GeoTrust-signed certificates. In most instances, once a certificate is generated by MS Certificate Server and signed in GeoRoot, the information about that certificate automatically flows into Active Directory.

GeoRoot Eligibility Requirements

To purchase GeoRoot you must meet the following minimum requirements:

• Net worth of $5M or more
• A minimum of $5M in Errors and Omissions insurance
• Articles of Incorporation (or similar) and an incumbency certificate provided
• A written and maintained Certificate Practice Statement (CPS)
• A FIPS 140-2 Level 2 compliant device (GeoTrust has partnered with SafeNet, Inc.) for key generating and storing your root certificate keys
• An approved CA product from Baltimore/Betrusted, Entrust, Microsoft, Netscape or RSA

GeoRoot Customer Guidelines

• GeoTrust must review and approve certificate profiles for an organization's root and end entity certificates before certificates can be issued.
• Organizations must maintain an accurate Certificate Revocation List (CRL) for all company issued certificates.
• GeoTrust may request a statement of compliance or may perform an audit.

GeoRoot SSL Server Certificate Guidelines

• SSL certificates can be issued for one or multiple years
• All domains must be owned by the enterprise customer
• The certificates can be installed on as many servers as needed
• The SSL certificates must include the standard set of X.509 extensions

GeoRoot Client Certificate Guidelines

• Client certificates can be issued for one or multiple years
• Organizations may only issue certificates to employees and domains that they control
• Companies may not resell or provide to users who have no affiliation with company
• The certificates must include the standard set of X.509 extensions

SafeNet Luna HSM

SafeNet Luna® products feature true hardware key management to maintain the integrity of encryption keys. Sensitive keys are created, stored, and used exclusively within the secure confines of the Luna hardware security module (HSM) to prevent compromise. SafeNet's Luna products have been integrated with GeoTrust solutions and fully support the GeoRoot requirement of a FIPS 140-2 Level 2 compliant device.