I believe Firefox allows OS-level root CAs in addition to their built-in ones (not sure if that includes OS-provided ones or is limited to local administrator/user installed ones).
Chrome used to defer to the OS-provided one entirely, but it looks like it now has its own store and ignores OS-provided CAs (but does accept admin-provided ones).
Hm, the more I look at this... It seems like they do, these days :) At least the large ones; I doubt that smaller browsers such as Opera, Brave etc. have their own trusted root program.
Opera do. Cisco have their own. Oracle do (for Java, primarily) but tend not to participate in CA/B Forum much.
Brave did previously have something of a root program - not sure if they still do or if they track Moz and/or Chromium.
Quihoo 360 (China) have a root program, too. There are certainly other 'smaller' ones.
Interesting, although I do still suspect that the trend is to just piggy back onto one of the large well-respected ones.
For example, I do believe that Opera used to have their own (while they were still doing well), but they seem to be using Chrome these days [1]:
> Opera considers certificates presented trustworthy only when they either have a certificate chain that can be validated up to a Root CA certificate included in the Chrome Root Store or a certificate explicitly configured to be trusted by the user.
Do they?
I believe Firefox allows OS-level root CAs in addition to their built-in ones (not sure if that includes OS-provided ones or is limited to local administrator/user installed ones).
Chrome used to defer to the OS-provided one entirely, but it looks like it now has its own store and ignores OS-provided CAs (but does accept admin-provided ones).
Hm, the more I look at this... It seems like they do, these days :) At least the large ones; I doubt that smaller browsers such as Opera, Brave etc. have their own trusted root program.