When does Salesforce require a certificate from a root Certification Authority (CA)?

Salesforce requires a certificate from a root Certification Authority (CA) specifically when it involves secure communications, such as when sending outbound messages and interacting with secure Secure Sockets Layer (SSL) endpoints.

Using an SSL endpoint ensures that the data transmitted over the internet is encrypted and secure from interception. For Salesforce to trust the SSL connection to an external system, it must validate that the SSL certificate presented is trusted, which is typically done against a known set of root CA certificates. This is critical for maintaining the integrity and confidentiality of data in transit.

The other choices do not involve direct secure communications with external systems where root CA certificates are needed. User logins, report generation, and the creation of custom applications typically operate within the Salesforce platform's secure environment and do not necessitate direct verification against root CAs for the purposes described.