If the trust policy selected uses a well-known public CA (such as VerisignTM), their root certificates are typically already installed in the relevant operating systems and browsers. However, IP Office does not have well-known public CA certificates in its TCS – these can be downloaded from the CA's web site and manually administered via IP Office Manager or IP Office Web Manager for each IP Office.

For more information on Root CA Certificate distribution, see Implementing IP Office PKI.