Is GeoTrust legitimate?

Is GeoTrust and DigiCert the same?

I've always used GeoTrust with our customers.

No, they're different. DigiCert is a commercial Certificate Authority and GeoTrust was not commercial but a reseller. DigiCert was founded by GeoTrust and DigiCert's product lines are derived from GeoTrust's. If you ever use GeoTrust or any other reseller CA it doesn't matter - you get the same root certificates (that trust your web browser software, etc) but are in different places as part of an enterprise network.

So yes, a few parts of the ecosystem work like this.

Is GeoTrust legitimate?

Can I trust it?

When a business starts to talk about their products and services and then mention that they use GeoTrust as a Certificate Authority, I cringe. Here's why: Why do businesses talk about their certifications? Are they trying to sell you something or are they trying to prove that they are legitimate? I hate to be the bearer of bad news but I have read through enough GeoTrust blog articles and other documentation to say that GeoTrust is a Certification Authority like any other one that sells their products and services. GeoTrust has certified themselves and the people who have certified them, but I see that as a difference.

So what's wrong with a Certificate Authority that certifies itself? It's only fair that the CA does so because most companies that buy certificates are paying to have them verified by others. They want to know that the cert was issued by a company that meets the needs of the marketplace and that they are not purchasing a self-certified cert. In short, a CA must be validated as being legit because it is an issue of trust.

GeoTrust has been approved by a few very credible organizations. These include: So how can we know that GeoTrust is legit? I could tell you that I have never heard of GeoTrust or that I have never seen them on a webpage and that I have never purchased anything from them. While this is true, it would make me question my own judgment. So what I am going to do is take the easy way out and look at the information that GeoTrust provides on their website. This includes everything from their company history to their certification, including my recommendation that they are trustworthy. Here's what I found:

When I found GeoTrust I immediately went to their website to see what their certifications were. First of all, there is no proof that their certifications are from a CA that is validated by a trusted organization. There are several documents on their website. The first is a certification document that states their intention to be a CA and that they have gone through the process of being accredited by a third party. However, they don't state whether this is a government accredidation or a private accreditation. This is a big problem.

Second, there is a list of companies that they have certified.