# Get trusted CA List

Every iSHARE request must be signed with a certificate issued by a Certificate Authority (CA) on the iSHARE trusted list. Participants can retrieve this list via the **`/trusted_list`** endpoint. The trusted list consists of CAs of qualified Trust Service Providers (currently eIDAS issuers). The receiver of a signed request is responsible for verifying that the signer’s certificate chains to a CA from this list.

### Steps to Follow

**1.1 Create client assertion**\
The Service Provider creates a signed JWT client assertion to authenticate with the Participant Registry’s token endpoint.

**1.2 Request access token (`GET/POST /connect/token`)**\
The Service Provider sends the client assertion to the Participant Registry’s OAuth token endpoint to obtain an access token.

**1.3 Receive access token (`200 OK`)**\
The Participant Registry returns an access token (JWT).

**1.4 Request trusted list (`GET /trusted_list`)**\
The Service Provider calls the Participant Registry’s `/trusted_list` endpoint with the bearer token.

**1.5 Receive trusted CAs (`200 OK`)**\
The Participant Registry returns the trusted CA list (typically in an iSHARE-signed JWT).

<figure><img src="https://1961974616-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhIVZwp4ZxhYhb39SlKH3%2Fuploads%2Fgit-blob-54e1c98ad0519b98ee79fc636d817fb6efe60264%2Fget-trusted-CA-list.png?alt=media" alt=""><figcaption><p>Get a list of trusted CA's from the /trusted_list capabilities endpoint</p></figcaption></figure>