Apple Root Certificate Program

Program Requirements

Note: This version comes into effect October 1, 2022

Apple uses public key infrastructure (PKI) to secure and enhance the experience for Apple users. Apple operating systems and applications (such as Safari and Mail) use a common store for root certificates; see Apple requires certification authority (CA) providers to meet certain criteria, which include:

Policy Requirements

Note: For effective dates related to certificate issuance, the requirement is enforced for certificates issued on or after the specified date at 00:00:00 UTC.

Submission Process

To begin the submission process, request access to the CCADB and create a Root Inclusion Case in the CCADB. Once complete, e-mail with the details of your Root Inclusion Case. CA providers will be contacted if any additional information is required, and when consideration of the inclusion request is complete. For more information on the CCADB, please see

Root Acceptance

Apple accepts and removes root certificates as it deems appropriate at its sole discretion. Apple prioritizes Root Inclusion Requests as it deems appropriate at its sole discretion.


Failure to comply with the above requirements in any way is considered an incident. CA providers must report such incidents to the Apple Root Program at with a full incident report. This report can be shared directly or as a link from a public disclosure (e.g. Bugzilla).