What is the self-signed certificate that serves as the trust anchor in a PKI hierarchy called?

• A. Root certificate
• B. Trust anchor
• C. Public Key Infrastructure root
• D. Root Certificate Authority

Answer: (D)

The trust anchor in a PKI is the root certificate. This is the self-signed certificate at the very top of the hierarchy, and it establishes the baseline of trust that all other certificates in the chain rely on. Because it is self-signed, there is no higher certificate to verify it, so clients must already trust this root certificate by having it pre-installed or configured as trusted. The root certificate signs the certificates below it (intermediate CAs, then end-entity certificates), creating a chain of trust. If the root certificate is compromised or lost, the entire PKI’s trust foundation is affected. The concept of a trust anchor is about the trusted starting point, which is embodied by the root certificate; referring to the “root certificate authority” points to the issuing entity rather than the certificate itself, which is why the precise term for the certificate is root certificate.