Why are the webCARES Root and Issuing CA certificates not already installed in my browser?
“CA” stands for “Certificate Authority” and CA certificates are used by Certificate Authorities to prove (via a Digital Signature) that the end user certificates they issue are indeed issued from them. There are generally two kinds of CA certificates, Public and Industry. Public CA certificates are used by the general public and as such come preinstalled into most browsers. Industry CA certificates typically have items unique to a specific industry or industry standard (i.e. validity period, key usages, issuance policies, etc.) which prevents them from being preinstalled into a browser. This means end users who wish to use certificates issued from an Industry CA must first manually install its CA certificates.