The invention relates to a method and system for protecting a root CA certificate in a virtualization environment. The method comprises the steps that a root CA certificate safety manager is arranged on a host machine, a root certificate list is stored in the root CA certificate safety manager, and a root certificate service is provided for a client virtual machine through a read-only interface; when the client virtual machine carries out certificate verification, a certificate service request is proposed to the root CA certificate safety manager, and the root CA certificate safety manager responds to the request and provides the certificate service to the client virtual machine. The virtual root certificate list has the following advantages that the root certificate service is provided for the client virtual machine through the read-only interface, the root certificate list is isolated form the client virtual machine, the client virtual machine can only have access to the root certificate list in a Read Only mode, all the configuration modification operations on the root CA certificate can only be completed by accessing the root CA certificate safety manager through an operation interface in the host machine, and the client virtual machine flexibly selects the mode for verifying the certificate.