The certificates are issued by the Certificate Authority (CA), the Certificate Authority that owns their own Trusted Root CA certificate; these are known to the browser as the trusted issuing authority since their Trusted Rooted CA  are already added to all the most popular browsers. Browser carries CA certificate in “Trust Rooted Library” to trust the certificates are signed by CA’s private key. These certificates are known as “Single Root” certificates.

Some CA’s does not poses Trusted Root CA certificates present in the browser, and hence need “Chain Root” for their certificates to get trusted by the browser. CA with a Trusted Root CA certificate can issue a certificate to the third party certificate provider which then “acquire” browser recognition of the Trusted Root CA. These certificates are known as “Chain Root” certificates. Chain Root certificates installation is very complex and some of the web servers and applications are not compatible with it.

Certificate Authority having its own its own Trusted Rooted CA certificate already present in the browser is a clear indication that they are stable, long-time, and credible organization, and having a long run relationship with the browser vendor like, Netscape and Microsoft. Because of this reason, CA’s are considered as more stable then chain root as they require additional effort to install. This is not necessary in case of single root certificates.