Apple Root Certificate Program

Program Requirements

Note: This version comes into effect December 1, 2021

Apple uses public key infrastructure (PKI) to secure and enhance the experience for Apple users. Apple operating systems and applications (such as Safari and Mail) use a common store for root certificates; see https://support.apple.com/kb/HT209143. Apple requires certification authority (CA) providers to meet certain criteria, which include:

Policy Requirements

Submission Process

To begin the submission process, request access to the CCADB and create a Root Inclusion Case in the CCADB. Once complete, e-mail certificate-authority-program@apple.com with the details of your Root Inclusion Case. CA providers will be contacted if any additional information is required, and when consideration of the inclusion request is complete. For more information on the CCADB, please see https://www.ccadb.org/cas.

Root Acceptance

Apple accepts and removes root certificates as it deems appropriate at its sole discretion. Apple prioritizes Root Inclusion Requests as it deems appropriate at its sole discretion.

Incidents

Failure to comply with the above requirements in any way is considered an incident. CA providers must report such incidents to the Apple Root Program at certificate-authority-program@apple.com with a full incident report. This report can be shared directly or as a link from a public disclosure (e.g. Bugzilla).