Home > Mechanisms > Certificate Trust Store

Certificate Trust Store

Certificate Trust Store

The certificate trust store provides a mechanism for trusting self-signed root certificates from internal and other organizations' certificate authorities (CAs). It is essentially a container for certificate trust lists. Provisioning certificate stores with only the certificate issuers trusted by the organization is critical. The stores must also be locked down so that they cannot be updated without a secure process. Relying parties must consult their certificate trust store to determine whether a particular submitted certificate is trusted.

Figure 1 shows that there must be mutual trust between a consumer and provider by trusting the corresponding CAs that issued each other's identity certificate.

Figure 1 - An example of mutual trust between the consumer trust store and provider trust store. Cloud Certified Professional (CCP) Module 7: Fundamental Cloud Security Cloud Certified Professional (CCP) Module 8: Advanced Cloud Security

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit

Cloud Computing Design Patterns

This cloud computing mechanism is also covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit