Root CA certificates
This
Root CA Certificates establish a validation chain that verifies other certificates signed by the included roots. For example, to establish a secure connection to a web server.
A customer that self-hosts a WOS and uses their own TLS certificate (such as from an internal CA or a public CA) must ensure the TLS certificate comes from one of the root CAs on Axon's Fleet 3 trust list (below). Otherwise, offloading will fail due to trust errors.
Axon products use the following root certificates:
- Baltimore CyberTrust Root
- COMODO ECC Certification Authority
- COMODO RSA Certification Authority
- AAA Certificate Services
- DigiCert Assured ID Root CA
- DigiCert Assured ID Root G2
- DigiCert Assured ID Root G3
- DigiCert Global Root CA
- DigiCert Global Root G2
- DigiCert Global Root G3
- DigiCert High Assurance EV Root CA
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- DigiCert Trusted Root G4
- ISRG Root X1
- ISRG Root X2
- IdenTrust Commercial Root CA 1
- IdenTrust Public Sector Root CA 1
- USERTrust ECC Certification Authority
- USERTrust RSA Certification Authority
Information about products not manufactured by Axon, or independent websites not controlled or tested by Axon, is provided without recommendation or endorsement. Axon assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Axon makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
Axon Evidence admin settings ï this topic ð Troubleshooting
Last modified - 19 February 2026
