What holds the position of the root of trust in a certificate chain?

The root of trust in a certificate chain is represented by the root certificate. This certificate is at the top of the hierarchy and serves as the foundational trust anchor for the entire chain of certificates. The root certificate is self-signed and is often embedded in browsers and operating systems, allowing them to trust certificates signed by that root authority.

When a digital certificate is issued, it is typically signed by a subordinate or intermediate certificate that in turn is issued by the root certificate. This create a hierarchy that allows for a secure means of verifying the identities of entities (like websites) that hold certificates. The integrity and validity of the entire certificate chain hinge on the root certificate, which is why it is termed the "root of trust."

Subordinate certificates and intermediate certificates are part of the structure that helps establish trust but do not serve as the trust anchor themselves. An end-user certificate is issued to an individual or entity, but without the root certificate, it cannot be trusted independently. Thus, the root certificate holds a unique and critical role in the certificate hierarchy.