for most part SSL cert providers doesn't generate and provide access through their primary root servers. Most of the ssl vendors i.e. Verisign has differetn intermediary root servers, which sometimes they call it by classes i.e. class1, class2, class3 etc. Depending upon your business activity and rules governing the certs are issues by respective intermediate authroties. i.e. .gov intermediates have special trust to .gov TLDs.
Thus on the server side when you plant a new cert, you had to apply hostname ssl cert and its corresponding intermediate cert. If you deal with F5, NetScaler devices - they have provision the GUI to request for each of one before proceeding further. The root certs are automatically updated on client workstations periodically by Microsoft through the Windows update services. Hope this helps. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin