Create Root CA

A self-signed trust anchor — the top of your PKI hierarchy.

Root CA Certificate: The top of the trust chain — a self-signed certificate that vouches for itself. Trust comes from being pre-installed in the OS.
Everything traces back to a root. If you trust the root, you trust everything it has signed (transitively).

Certificate Details

Label (display name inside PKILab)

Common Name (CN)

The name that will appear as both Subject and Issuer in this self-signed certificate.

Organization (O)

Country (C)

Key Type

Key Size

Validity (days)

Root CAs typically last 10 years (3650 days).

Cancel