WebPKI & Trust Anchors

Certificate Verification

To ensure that connections to websites are cryptographically secure and authenticated, Opera considers certificates presented trustworthy only when they either have a certificate chain that can be validated up to a Root CA certificate included in the Chrome Root Store or a certificate explicitly configured to be trusted by the user.

In order to become a trusted issuer in Opera, Certificate Issuers must thus apply for inclusion in the Chrome Root Store.

Opera requires that all Certificate Issuers’ CA certificates that have audit statements demonstrating ongoing compliance with the CA/Browser Forum’s Server Certificate Working Groups Baseline Requirements. Opera reserves the right to distrust any root CA certificate at any time for any reason, however in particular if it becomes aware of information putting into question the reliability or trustworthiness of any Root CA certificate or certificate issuer.

Certificate issuers are encouraged to contact the Opera WebPKI team ( webpki-team @ opera . com ) in cases where their Root CA certificates need to be urgently distrusted.

To contact Opera regarding violations of the Baseline Requirements, security incidents, or other issues or concerns related to certificate validation, please reach out to webpki-team @ opera . com