Public Certificate Authority

Unless your browaser already supports DANE, you'll need update your root CA's!.

Click each of the big certificates below to install the Legacy, Pacy World and TDMC, Inc. root CA's n your browser (note there are two). For an explanation on what this is continue reading.

Most users should only need to install the individual root certificate (Legacy Root and Root CA).

Certificate Authority
Certificate Authority

Pacy World
Legacy Root

July 2015

Pacy World, TDMC
Root CA

Combined Root & Intermediate or Individual Intermediate
July 2018

Users of FreeBSD version 12.2 or later can add the above certificates using these commands:

fetch -qo /usr/share/certs/trusted/ca-pacyworld.com.pem \
    http://www.pacyworld.com/ca-pacyworld.com.crt
fetch -qo /usr/share/certs/trusted/alt_ca-morante_root.pem \
    http://www.pacyworld.com/alt_ca-morante_root.crt
certctl rehash

Users of Debian or Ubuntu may do:

wget -qO /usr/local/share/ca-certificates/ca-pacyworld.com.pem \
    http://www.pacyworld.com/ca-pacyworld.com.crt
wget -qO /usr/local/share/ca-certificates/alt_ca-morante_root.pem \
    http://www.pacyworld.com/alt_ca-morante_root.crt
sudo update-ca-certificates

Users of Fedora derivatives (Centos, Rocky Linux, etc):

yum install -y ca-certificates && update-ca-trust force-enable
wget -qO /etc/pki/ca-trust/source/anchors/ca-pacyworld.com.pem \
    http://www.pacyworld.com/ca-pacyworld.com.crt
wget -qO /etc/pki/ca-trust/source/anchors/alt_ca-morante_root.pem \
    http://www.pacyworld.com/alt_ca-morante_root.crt
update-ca-trust extract

Linux (or older FreeBSD) users can add the above certificates to the local /etc/ssl/cert.pem file.

Mac OS users can run the following commands:

curl -qo ~/Downloads/ca-pacyworld.com.pem \
    http://www.pacyworld.com/ca-pacyworld.com.crt
curl -qo ~/Downloads/alt_ca-morante_root.pem \
    http://www.pacyworld.com/alt_ca-morante_root.crt
sudo security add-trusted-cert -d -r trustRoot -k \
    /Library/Keychains/System.keychain \
    ~/Downloads/ca-pacyworld.com.pem
sudo security add-trusted-cert -d -r trustRoot -k \
    /Library/Keychains/System.keychain \
    ~/Downloads/alt_ca-morante_root.pem

Microsoft Windows 10 users can instead download and run the following update package.

Windows 10 Update Package Download
pacyworld_rootcerts_update-win10.ppkg

If you are installing the Pacy World Root CA on Firefox for Android tap the icons below:

Certificate Authority
Windows 10 Update Package Download

Pacy World
Legacy Root

July 2015

Pacy World, TDMC
Root CA

July 2018

If you are having problems loading web pages and the error message is similar to "This connection is Untrusted", then your web browser does not support DANE and is missing root certificates.

Connection is Untrusted

A website that uses encryption to protect your privacy and sensitive information relies on something called a TLS certificate chain in order to validate the content is indeed from the original source.

Unfortunately due to the design of the current implementation of TLS certificates, many web browsers are highly dependant on centralized entities called "Certificate Authorities" (CA) to make this work. It's impossible for a web browser vendor to a pre-load every CA in existence, your browser vendor may simply not know about them.

DANE which stands for "DNS-based Authentication of Named Entities", is a technology that decentralizes the validation of a TLS certificate chain. Thus removing the need for software like a web browser to have to keep a local store of Root CA's. This is still a new emerging technology and not all browsers support it as of 2024.

It's up to you (the end user) to install any missing CA's so that you can properly open web pages. You may also want to kindly send a note to your browser vendor informing them of the CA's they missed so that other users won't have to go through the same trouble you did. Usually this is done in the form of a bug report or support ticket.

Pacy World® Pacy © 2007 - 2024 The Daniel Morante Company, Inc.