As far as automatic certificate validation is concerned "download" of a Root CA certificate can never result in trust - clients need to trust the Root CA certificate explicitly before, that is, have it in a special store before certificate validation. That's why in the SSL standard the web ...