Кореневі сертифікати trustedrootcertificates.com. wildcard ssl сертифікати, цифрові сертифікати, SAN SSL сертифікати, купити ssl в Україні, ssl сертифікати, Сертифікат SSL сертифікати Веб Траст Україна WebTrust - Ukraine 

ADGRAFICS ® GROUP
Український центр сертифікації сайтів та верифікації компаній Веб Траст Україна Ukrainian site certification and company verification Center, SSL, UA SSL сертифікати CodeSigning Верифікація компаній
Ukrainian certificate

Кореневі сертифікати

 +A | R | -A | |--| |<-->|
Русская версия сайта по продаже сертификатов English version Certificates Shop Українська версія магазину з продажу сертифікатів
До хати | Про нас | Контакти | Все Продукты | Купівля | Замовлення сертифікату


Root Certificates


ACEDICOM

The Edicom Certification Authority (ACEDICOM) provides companies, communities and physical persons with secure electronic identification mechanisms that enable them to engage in activities where the digital signature replaces the handwritten with identical legal guarantees. To this end, ACEDICOM issues certificates in accordance with the stipulations of Directive 1999/93/EC of 13th December 1999 and Law 59/2003 of 19th December, on electronic signature, and so has sufficient recognition to operate in all countries of the European Union. The Edicom CA is responsible for obtaining the corresponding official authorisation in those places outside the Union where it operates commercially.

Audit:WebTrust CA, performed by Ernst and Young:

Audit Report and Management's Assertsions

ACEDICOM Root

This root has three internally-operated subordinate CAs. The ACEDICOM 01 subordinate CA issues Qualified certificates for identification and advanced electronic signature, for the use of physical persons or legal organisations. The ACEDICOM 02 subordinate CA issues certificates for purposes other than Qualified electronic signature. The ACEDICOM Servidores subordinate CA issues server/client certificates and code signing certificates.
LinkDownload/Install
SHA1e0:b4:32:2e:b2:f6:a5:68:b6:54:53:84:48:18:4a:50:36:87:43:84
Version3
Modulus (key length)4096
Valid From2008-04-18
Valid To2028-04-13
RevocationRoot CRL, OCSP
TypeOV
DocumentCPS in English
DocumentCPS in Spanish
DocumentDeclaration of Certification Practices and Policies according to Certificate Type
DocumentTLS Certificate Policy (in Spanish)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (471045), Inclusion (550521)
Inclusion Date2010-07-15
Commentsnone


Buypass

Buypass has over 2 million customers in Norway and is a provider of secure solutions for electronic identification, electronic signature, and payment. Buypass is registered with the Post and Telecommunications Authority as the issuer of the qualified ID according to the law on electronic signature. The company has a license from the Ministry of Finance as e-money business pursuant to the Act on e-money.

Audit:WebTrust CA, performed by KPMG:Audit Report and Management’s Assertions

Audit: WebTrust EV Readiness, performed by KPMG:Audit Report and Management’s Assertions

Buypass Class 2 CA 1

This root signs end-entity certificates directly, and does not have subordinate CAs. Buypass Class 2 certificates are issued to persons or enterprises and have the same basic usage areas as Class 3 certificates. The Class 2 CP has, however, less strict requirements with respect to identification of the requesting party than Class 3 certificates.
LinkDownload/Install
SHA1a0:a1:ab:90:c9:fc:84:7b:3b:12:61:e8:97:7d:5f:d3:22:61:d3:cc
Version3
Modulus (key length)2048
Valid From2006-10-13
Valid To2016-10-13
RevocationCRL, OCSP
TypeOV
DocumentCP and CPS
DocumentBuypass Class 2 SSL Certificate Policy in English
DocumentBuypass Class 2 SSL Certificate Practice Statement in English
Requested Trust Bits
  • Websites
BugsAuthorisation (477028), Inclusion (499712)
Commentsnone

Buypass Class 3 CA 1

This root signs end-entity certificates directly, and does not have subordinate CAs. The Buypass Class 3 certificates are either issued to persons or enterprises. The certificates may be used for authentication purposes, encryption/decryption and/or electronic signatures (non-repudiation). The certificates are part of an infrastructure provided by Buypass AS enabling electronic commerce in Norway. The certificates are used by many different service providers ranging from purely commercial companies to governmental and other public institutions including the health sector. Extended Validation SSL certificates will be issued exclusively by Class 3 CA.
Link Download/Install
SHA161:57:3a:11:df:0e:d8:7e:d5:92:65:22:ea:d0:56:d7:44:b3:23:71
Version3
Modulus (key length)2048
Valid From2005-05-09
Valid To2015-05-09
RevocationCRL, OCSP
TypeOV, EV (Policy OID 2.16.578.1.26.1.3.3)
DocumentCP and CPS
DocumentBuypass Class 3 SSL Certificate Policy in English
DocumentBuypass Class 3 SSL Certificate Practice Statement in English
Requested Trust Bits
  • Websites
BugsAuthorisation (477028), Inclusion (499712), EV (499716)
Commentsnone


Camerfirma

AC Camerfirma S.A. is a commercial CA issuing certificates for companies primarily in Spain. Camerfirma is the digital certification authority for Chambers of Commerce in Spain.

Audit:WebTrust CA, performed by Ernst and Young:Audit Report and Management's Assertions

Audit:WebTrust EV, performed by Ernst and Young:Audit Report and Management's Assertions (Spanish), Audit Report and Management's Assertions (English)

Chambers of Commerce Root - 2008

This CA has internally-operated subordinate CAs that issue certificates for Spanish companies and representatives. Chambers of Commerce act as RAs for end user registration.
LinkDownload/Install
SHA178:6a:74:ac:76:ab:14:7f:9c:6a:30:50:ba:9e:a8:7e:fe:9a:ce:3c
Version3
Modulus (key length)4096
Valid From2008-08-01
Valid To2038-07-31
RevocationCRL, OCSP
TypeOV, EV (Policy OIDs 1.3.6.1.4.1.17326.10.14.2.1.2 and 1.3.6.1.4.1.17326.10.14.2.2.2)
DocumentPolicy Repository
DocumentCertificate Practice Statement (Spanish)
DocumentCertification Policy Camerfirma Express Corporate Server (Spanish)
DocumentCertification Policy for Camerfirma Corporate Server EV (Spanish)
DocumentCertification Policy for Code Signing (Spanish)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (406968), Inclusion (562395), EV (562399)
CommentsEnablement of EV is pending.

Global Chambersign Root - 2008

This CA has internally-operated subordinate CAs that issue certificates for general use globally. Other companies act as RAs for end user registration.
LinkDownload/Install
SHA14a:bd:ee:ec:95:0d:35:9c:89:ae:c7:52:a1:2c:5b:29:f6:d6:aa:0c
Version3
Modulus (key length)4096
Valid From2008-08-01
Valid To2038-07-31
RevocationCRL, OCSP
TypeOV, EV (Policy OIDs 1.3.6.1.4.1.17326.10.8.12.1.2 and 1.3.6.1.4.1.17326.10.8.12.2.2)
DocumentPolicy Repository
DocumentCertificate Practice Statement (Spanish)
DocumentCP of RACER sub-CA (Spanish)
DocumentCertification Policy Camerfirma Express Corporate Server (Spanish)
DocumentCertification Policy for Camerfirma Corporate Server EV (Spanish)
DocumentCertification Policy for Code Signing (Spanish)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (406968), Inclusion (562395), EV (562399)
CommentsEnablement of EV is pending.


Certicamara S.A.

Sociedad Cameral de Certificación Digital - Certicámara S.A. is a commercial CA primarily serving Colombia and Andean Region

Audit: WebTrust, performed by Deloitte and Touche :Audit Report and Management's Assertions

AC Raíz Certicámara S.A.

This is a new root CA certificate authorized by Industry and Commerce Department of Colombia, to replace the Certificado Empresarial Clase-A certificate. It has one internally operated subordinate CA.
LinkDownload/Install
SHA1CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36
Version3
Modulus (key length)4096
Valid From2006-11-27
Valid To2030-04-02
RevocationCRL
TypeOV
DocumentCertificate Hierarchy
DocumentCertification Practices Statement (CPS) – in Spanish
DocumentDeclaration of Practices
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (401262), Inclusion (486424)
Commentsnone


Certigna of Dhimyotis

Dhimyotis services include Certigna ID and Certigna SSL. Certigna is a French CA for the European market and expects to expand to serve other countries (India, USA, South America ... ) soon.

Audit:ETSI TS 102.042, performed by LSTI - La Sécurité des Technologies de l'Information:Statement of Compliance with ETSI TS 102.042

Audit:ETSI TS 102.042, performed by LSTI - La Sécurité des Technologies de l'Information:2008 Statement of Compliance with ETSI TS 102.042

Certigna

The Certigna root has three internally operated subordinated CA’s: Certigna SSL is for SSL-enabled servers, Certigna ID is for authentication and digitally-signed email, and Certigna Chiffrement is for encrypting email.
Link Download/Install
SHA1B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97
Version3
Modulus (key length)2048
Valid From2007-06-29
Valid To2027-06-29
RevocationCRL for the SSL Subordinate CA, CRL for the ID Subordinate CA
TypeIV/OV
DocumentPublic Portion of CPS
DocumentTranslated Portion of CPS
DocumentTranslated Portion of Code Signing CPS
DocumentCertificate Policy for SSL Subordinate CA
DocumentCertificate Policy for ID Subordinate CA
Requested Trust Bits
  • Websites
  • Email
BugsAuthorisation (393166), Inclusion (483889)
Commentsnone


certSIGN

certSIGN is operated by SC CERTSIGN srl, a private corporation. certSIGN is a company member of UTI Group and an accredited supplier of certification services. certSIGN solutions are developed integrally in Romania.

Audit:WebTrust CA, performed by Ernst and Young:Audit Report and Management's Assertions

certSIGN ROOT CA

This root issues internally-operated subordinate CAs for different classes of certificates based on use and verification requirements.
LinkDownload/Install
SHA1fa:b7:ee:36:97:26:62:fb:2d:b0:2a:f6:bf:03:fd:e8:7c:4b:2f:9b
Version3
Modulus (key length)2048
Valid From2006-07-04
Valid To2031-07-04
RevocationCRL, OCSP
TypeOV
DocumentCertification Policy in English
DocumentCertification Practice Statement in English
DocumentDownload Links of Subordinate CAs
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (470756), Inclusion (526532)
Commentsnone


Chunghwa Telecom

Chunghwa Telecom (CHT) chiefly provides telecommunication and information-related services. A public corporation, CHT is the largest integrated telecommunication operator in Taiwan.

Audit:WebTrust CA, performed by Sun Rise CPA Firm of DFK International:Audit Report and Management's Assertions

ePKI Root Certification Authority

This is the eCA root, which has two subordinate CAs: CHTCA and Public CA. The CHTCA is the internal CA of Chunghwa Telecom (CHT) which signs certificates for CHT employees. The Public CA signs certificates for CHT clients.
LinkDownload/Install
SHA167:65:0d:f1:7e:8e:7e:5b:82:40:a4:f4:56:4b:cf:e2:3d:69:c6:f0
Version3
Modulus (key length)4096
Valid From2004-12-19
Valid To2034-12-19
RevocationCRL
TypeDV, OV
DocumentCHT Certificate Repository
DocumentePKI CP
DocumenteCA CPS
DocumentPublic CA CPS
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (448794), Inclusion (496193)
CommentsIn the eCA CPS the term cross-certificate means a certificate used to establish a trust relationship between two CAs. Within the ePKI the cross-certificate is intended to mean subordinate CA. All subordinate CAs are operated by the Data Communication Business Group, which is a division of Chunghwa Telecom.


CNNIC

China Internet Network Information Center (CNNIC), the state network information center of China, is a non-profit organization. CNNIC takes orders from the Ministry of Information Industry (MII) to conduct daily business, while it is administratively operated by the Chinese Academy of Sciences (CAS). The CNNIC Steering Committee, a working group composed of well-known experts and commercial representatives in domestic Internet community, supervises and evaluates the structure, operation and administration of CNNIC. The objective customers of the CNNIC root are domain owners from general public, including enterprise, government, organization, league, individual, etc.

Audit:WebTrust CA, performed by Ernst and Young:Audit Report and Management's Assertions

CNNIC ROOT

This root has one internally-operated subordinate CA named CNNIC SSL, which offers only SSL certificates that may be issued to general public, including enterprise, government, organization, league, individual, etc.
LinkDownload/Install
SHA18b:af:4c:9b:1d:f0:2a:92:f7:da:12:8e:b9:1b:ac:f4:98:60:4b:6f
Version3
Modulus (key length)2048
Valid From2007-04-16
Valid To2027-04-16
RevocationCRL
TypeOV
DocumentPolicies of the CNNIC Trusted Network Service Center
DocumentEnglish CPS of the CNNIC Trusted Network Service Center
Requested Trust Bits
  • Websites
Bugs Authorisation (476766), Inclusion (525008)
Commentsnone


Comodo

Comodo CA Ltd is a commercial CA based in the UK and serving customers worldwide. Comodo has a total of 12 root CA certs included in Mozilla, and altogether 124 subordinate CAs signed by those root CAs. Some of them exist to differentiate between different Comodo brands or products and some are used to re-brand products for its partners. In each case Comodo retains the private key for the subordinate CA within its infrastructure.

Audit:WebTrust, performed by KPMG:Audit Report and Management's Assertions

Audit:WebTrust EV, performed by KPMG:Report in relation to the WebTrust for Certification Authorities Extended Validation Criteria

COMODO Certification Authority

Root CA certificate with subordinate CAs issuing SSL certificates, email certificates, and code signing certificates.
LinkDownload/Install
SHA166:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B
Version3
Modulus (key length)2048
Valid From2006-12-01
Valid To2029-12-31
RevocationCRL,OCSP
TypeDV, IV/OV, EV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
DocumentComodo Certification Practice Statement, Version 3.0
DocumentComodo Extended Validation (EV) Certification Practice Statement, Version 1.03
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (401587), Inclusion (426568), EV (426572)
Commentsnone

COMODO ECC Certification Authority

Root ECC certificate with internal subordinate CA issuing EV SSL certificates, email certificates, and code signing certificates.
LinkDownload/Install
SHA19F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11
Version3
Modulus (key length)SECG elliptic curve secp384r1 (aka NIST P-384)
Valid From2008-03-06
Valid To2038-01-18
RevocationCRL,OCSP
TypeEV (policy OID 1.3.6.1.4.1.6449.1.2.1.5.1)
DocumentComodo Certification Practice Statement
DocumentECC Amendment to Comodo EV CPS
DocumentComodo EV Certification Practice Statement
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (421946), Inclusion (450427), EV (450429)
CommentsThis is a new EV request.


ComSign

ComSign is a private company owned by Comda, Ltd., a company specializing in information protection products and solutions. In 2003, ComSign was appointed by the Justice Ministry as a certificate authority in Israel in accordance with the Electronic Signature Law 5761-2001, and is currently the only entity issuing legal authorized electronic signatures according to the Israel law. ComSign has issued electronic signatures to thousands of business people in Israel.

Audit:Israel Electronic Signature Law, performed by The State of Israel – Ministry of Justice:Registered CA

Audit:ETSI TS 101 456, performed by Sharony-Shefler:Audit Statement 2009

ComSign CA

This root has six internally-operated subordinate CAs that are used for issuing digital IDs to individuals and corporations in accordance with the Israeli Electronic Signature Law.
LinkDownload/Install
SHA1E1 A4 5B 14 1A 21 DA 1A 79 F4 1A 42 A9 61 D6 69 CD 06 34 C1
Version3
Modulus (key length)2048
Valid From2004-03-24
Valid To2029-03-19
RevocationCRL
TypeIV, OV
DocumentCert Hierarchy Diagram
DocumentLinks to CPSs in Hebrew and English
DocumentCPS in English
Requested Trust Bits
  • Email
BugsAuthorisation (420705), Inclusion (490487)
Commentsnone

ComSign Secured CA

This root has two internally-operated subordinate CAs that are used for issuing certificates for SSL and for code-signing.
Link Download/Install
SHA1F9 CD 0E 2C DA 76 24 C1 8F BD F0 F0 AB B6 45 B8 F7 FE D5 7A
Version3
Modulus (key length)2048
Valid From2004-03-24
Valid To2029-03-16
RevocationCRL
TypeOV
DocumentCert Hierarchy Diagram
DocumentLinks to CPSs in Hebrew and English
DocumentCPS in English
DocumentSecurity Certificate Approval Regulations For SSL Websites in English
Requested Trust Bits
  • Websites
  • Code
BugsAuthorisation (420705), Inclusion (490487)
Commentsnone


DCSSI/ANSSI

ANSSI is the French Network and Information Security Agency, a part of the French Government. It issues certificates to French Government websites which are used by the general public. Each department has a sub CA; there are at least 20 at the moment, and potentially up to 60. Note: The O of the root is PM/SGDN. SGDN stands for "Secrétariat général de la Défense nationale", which is now named "Secrétariat général de la défense et de la sécurité nationale" (SGDSN). The OU of the root is DCSSI which stands for "Direction Centrale de la sécurité des systèmes d'information". The name of the organizational unit has been changed to "Agence nationale de la sécurité des systèmes d'information" (ANSSI).

Audit:Government -- WebTrust CA Equivalent, performed by French Secretariat GÈnÈral de la DÈfense Nationale:Official decision for IGC/A homologation

IGC/A

This is the root certificate of the French Government CA. The IGC/A root issues a subordinate CA for each organization, which can be only a government or an administrative organization. Each of these subordinate CAs may issue end-entity certificates or additional subordinate CAs to be used for divisions within that organization. Each organization is required to follow the CP and the Government RGS/PRIS, and be audited.
Link Download/Install
SHA160:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
Version3
Modulus (key length)2048
Valid From2002-12-13
Valid To2020-10-17
RevocationCRL
TypeOV
DocumentPolicies and other useful information specific to this root
DocumentCertificate Policy
DocumentRepository General Security (RGS) Website
DocumentDocuments relating to the use of certificates: all RGS_A
DocumentVariables de temps (for CRL frequency update)
DocumentPC-Type authentification
DocumentProfiles de certificats, LCR et OCSP
DocumentPC-type signature
Requested Trust Bits
  • Websites
  • Email
  • Code
Bugs Authorisation (368970), Inclusion (477147)
Commentsnone


DigiCert

DigiCert is a US-based commercial CA with headquarters in Lindon, UT. DigiCert provides digital certification and identity assurance services internationally to a variety of sectors including business, education, and government.

Audit:WebTrust, performed by KPMG:AuditReport and Management's Assertions

Audit:WebTrust EV, performed by KPMG: Report in relation to the WebTrust for Certification Authorities Extended Validation Criteria

DigiCert Assured ID Root CA

Link Download/Install
SHA105:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
Version3
Modulus (key length)2048
Valid From2006-11-10
Valid To2031-11-10
RevocationCRL,OCSP
TypeOV, EV
DocumentDigiCert Certificate Policy and Certification Practice Statement (CP and CPS for OV), v3.0.3
DocumentDigiCert Certification Practice Statement for Extended Validation Certificates (CPS for EV), v1.0.1
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (364568), Inclusion (378162)
Inclusion Date2007-06-05
Comments The Code Signing trust bit was enabled in bugzilla #595013.

DigiCert Global Root CA

Link Download/Install
SHA1A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
Version3
Modulus (key length)2048
Valid From2006-11-10
Valid To2031-11-10
RevocationCRL,OCSP
TypeOV, EV
DocumentDigiCert Certificate Policy and Certification Practice Statement (CP and CPS for OV), v3.0.3
DocumentDigiCert Certification Practice Statement for Extended Validation Certificates (CPS for EV), v1.0.1
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (364568), Inclusion (378162)
Inclusion Date2007-06-05
Comments The Code Signing trust bit was enabled in bugzilla #595013.

DigiCert High Assurance EV Root CA

Link Download/Install
SHA15F:B7:EE:06:33:E2:59:DB:AD:OC:4C:9A:E6:D3:8F:1A:61:C7:DC:25
Version3
Modulus (key length)2048
Valid From2006-11-10
Valid To2031-11-10
RevocationCRL,OCSP
TypeOV, EV (policy OID 2.16.840.1.114412.2.1)
DocumentDigiCert Certificate Policy and Certification Practice Statement (CP and CPS for OV), v3.0.6
DocumentDigiCert Certification Practice Statement for Extended Validation Certificates (CPS for EV), v1.0.1
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (364568), Inclusion (378162), EV (416827)
Inclusion Date2007-06-05
Comments The Code Signing trust bit was enabled in bugzilla #595013.

DigiNotar

DigiNotar is a Dutch trusted third party, mainly operating in the Netherlands. They issue certificates based on notary verification of applicants. They service the business, government and consumer markets.

Audit:ETSI 101.456, performed by Price Waterhouse Coopers:ETSI Certificate, Statement of ETSI Compliance

Audit:WebTrust EV, performed by Price Waterhouse Coopers:Assertion of Management and Audit Report

DigiNotar Root CA

This is the top root, used only to issue CA certificates for five application-specific subordinate CAs: DigiNotar Public CA 2025 (non-qualified personal certificates), DigiNotar Qualified CA (qualified personal certificates), DigiNotar Services CA (SSL and object signing certificates), DigiNotar Extended Validation CA (EV certificates), and DigiNotar Private CA (CA certificates for organizational CAs).
Link Download/Install
SHA1C0:60:ED:44:CB:D8:81:BD:0E:F8:6C:0B:A2:87:DD:CF:81:67:47:8C
Version3
Modulus (key length)4096
Valid From2007-05-16
Valid To2025-03-31
RevocationCRL, OCSP
TypeOV, EV (policy OID 2.16.528.1.1001.1.1.1.12.6.1.1.1)
DocumentCPS DigiNotar 30 October 2007, Version 3.5
DocumentOverview of DigiNotar Root Certificates
Requested Trust Bits
  • Websites
  • Code
BugsAuthorisation (369357), Inclusion (431621), EV (493265)
Commentsnone


Disig

Disig is a public Certification Service Provider, located in Slovakia. Disig is a member of international ASSECO Group, one of the strongest software houses in the CEE region. Asseco is a leader in selected IT segments in countries across Central and Eastern Europe.

Audit:ETSI 102.042, performed by Scientia:Audit Statement

CA Disig

This root has no subordinate CAs, issuing end-entity certs for SSL, email, and code signing directly.
Link Download/Install
SHA12a:c8:d5:8b:57:ce:bf:2f:49:af:f2:fc:76:8f:51:14:62:90:7a:41
Version3
Modulus (key length)2048
Valid From2006-03-21
Valid To2016-03-21
RevocationCRL
TypeOV
DocumentCP Version 4.0 (Slovak)
DocumentCPS Version 4.0 (Slovak)
DocumentCP Version 3.4 (English)
DocumentDisig Certification Authority Website
DocumentSecurity Policy (Slovak)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (455878), Inclusion (539235)
Commentsnone


E-Guven

E-Guven is a private corporation that serves certificates mainly the Turkish market and they plan to expand their market to other countries. E-Guven certificates are used in Public projects, such as www.turkiye.gov.tr, and Mobile Signature as well. E-Guven also develops B2B secure transaction projects.

Audit:ETSI 101.456, performed by Republic of Turkey Telecommunicatins Authority:Audit Statement

e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi

This root certificate signs SSL certificates directly. Additionally, this root has the following three intermediate CAs: E-Guven Mobile CA issues mobile certificates for end users; E-Guven NES CA issues qualified electronic certificates for Turkish citizens; and E-Guven Secure Client Certificates issues Class 3 certificates. All of the intermediate CAs chaining up to this root are operated internally by e-Guven.
Link Download/Install
SHA1dd:e1:d2:a9:01:80:2e:1d:87:5e:84:b3:80:7e:4b:b1:fd:99:41:34
Version3
Modulus (key length)2048
Valid From2007-01-04
Valid To2017-01-04
RevocationCRL,OCSP
TypeOV
DocumentCA Hierarchy
DocumentE-Guven Document Repository
DocumentQualified Electronic CP (GKNESI) in Turkish
DocumentSSL Cert Application Basics (SUE) in Turkish
Requested Trust Bits
  • Websites
  • Email
Bugs Authorisation (476428), Inclusion (571932)
Commentsnone


Entrust

Entrust is a commercial CA serving the global market for SSL web certificates. Entrust also issues certificates to subordinate CAs for enterprise and commercial use.

Audit:WebTrust, performed by Deloitte and Touche LLP:Audit Report and Management's Assertions

Audit:WebTrust EV, performed by Deloitte and Touche LLP:Audit Report and Management's Assertions

Entrust Root Certification Authority

This root was primarily created as the trust root for Entrust EV SSL certificates. EV certificates are issued using the Entrust Certification Authority - L1A subordinate CA.
Link Download/Install
SHA1B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
Version3
Modulus (key length)2048
Valid From2006-11-27
Valid To2026-11-27
RevocationCRL,OCSP
TypeOV, EV (policy OID 2.16.840.1.114028.10.1.2)
DocumentEntrust SSL Web Server Certification Practice Statement, Version 2.06
DocumentEntrust Certificate Services Certification Practice Statement for Extended Validation (EV) SSL Certificates, Version 1.01
DocumentEntrust Extended Validation Business Practices
Requested Trust Bits
  • Websites
Bugs Authorisation (382352), Inclusion (387892), EV (416544)
Commentsnone


E-TUGRA

E-TUGRA is the EBG Informatics Technologies and Services Corporation. E-TUGRA is a privately held CA operating in Ankara, Turkey, with customers from all geographic areas within Turkey. E-TUGRA has been certified as one of the four authorized CAs that issues qualified certificates as well as SSL and other types of certificates to public in Turkey.

Audit:ETSI TS 101.456, performed by Turkish Information and Communications Technologies Authority (ICTA):ICTA statement of ETSI compliance

EBG Elektronik Sertifika Hizmet Sağlayıcısı

From this root CA E-TUGRA has issued two internally-operated subordinate CAs. The Qualified Certificate (QC) subordinate CA issues certificates for Digital Signing and Non-Repudiation (document and email signing). The Non Qualified Certificate (NQC) subordinate CA (EBG Web Sunucu Sertifika Hizmet Sağlayıcısı) issues certificates for SSL, email encryption, and code signing.
Link Download/Install
SHA18c:96:ba:eb:dd:2b:07:07:48:ee:30:32:66:a0:f3:98:6e:7c:ae:58
Version3
Modulus (key length)4096
Valid From2006-08-17
Valid To2016-08-14
RevocationCRL,OCSP
TypeOV
DocumentNon Qualified (NQC) CP/CPS in English
DocumentQualified (QC) CP/CPS in English
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (443653), Inclusion (509440)
Commentsnone


Firmaprofesional

Firmaprofesional is a commercial CA in Spain that issues certificates to professional corporations, companies and other institutions. Their main activity is the generation, transmission and distribution of digital certificates through professional corporations, companies or other institutions, which act as Registration Authorities and Certification Authorities in the hierarchy of certification Firmaprofesional. Firmaprofesional has a network of more than 70 Registration Authorities located throughout Spain.

Audit:WebTrust CA, performed by Ernst & Young:Audit Report and Management’s Assertions

Autoridad de Certificacion Firmaprofesional CIF A62634068

This is a renewal for the Firmaprofesional root certificate that is currently in NSS. Sub-CAs of the new root cross-sign end-entity certs with sub-CAs of the old root, in order to maintain business continuity. This root CA signs subordinate CAs that sign end-entity certificates. One sub-CA is used by Firmaprofesional, and other sub-CAs are issued for organizations including professional corporations, companies or other institutions, which act as Registration Authorities and Certification Authorities in the hierarchy of certification Firmaprofesional.
Link Download/Install
SHA1AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA
Version3
Modulus (key length)4096
Valid From2009-05-20
Valid To2030-12-31
RevocationCRL,OCSP
TypeOV
DocumentFirmaprofesional Document Repository
DocumentCPS (Spanish)
DocumentSSL CP (Spanish)
DocumentCode Signing CP (Spanish)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (521439), Inclusion (601718)
Commentsnone


GeoTrust

GeoTrust is a commercial CA with worldwide operations and customer base; it is a subsidiary of VeriSign, Inc.

Audit:WebTrust CA and WebTrust EV, performed by KPMG:Audit Report and Management's Assertions

GeoTrust Primary Certificate Authority - G2

This CA will be used to sign certificates for SSL-enabled servers, and may in the future be used to sign certificates for digitally-signed executable code objects. GeoTrust is not yet actively issuing certificates from this root, so they have not yet published a CRL. All subordinated CAs for this root will be internally operated.
Link Download/Install
SHA18D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0
Version3
Modulus (key length)SECG elliptic curve secp384r1 (aka NIST P-384)
Valid From2007-11-04
Valid To2038-01-18
RevocationCRL
TypeDV, OV
DocumentGeoTrust Certification Practice Statement, Version 1.1.1
DocumentOther documents
DocumentGeoTrust Subscriber Agreement
DocumentGeoTrust Relying Party Agreement
DocumentGeoTrust Reseller Agreement
DocumentGeoTrust EnterpriseSSL Agreement
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (409236), Inclusion (517242)
Commentsnone

GeoTrust Primary Certification Authority - G3

This CA will be used to sign certificates for SSL-enabled servers, and may in the future be used to sign certificates for digitally-signed executable code objects.
Link Download/Install
SHA103:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
Version3
Modulus (key length)2048
Valid From2008-04-01
Valid To2037-12-01
RevocationCRL
TypeDV, OV
DocumentGeoTrust Certification Practice Statement, Version 1.1.2
DocumentOther documents
DocumentGeoTrust Subscriber Agreement
DocumentGeoTrust Relying Party Agreement
DocumentGeoTrust Reseller Agreement
DocumentGeoTrust EnterpriseSSL Agreement
Requested Trust Bits
  • Websites
  • Email
BugsAuthorisation (484899), Inclusion (517234)
Commentsnone

GeoTrust Primary Certification Authority

This CA issues a CA certificate to the subordinate CA GeoTrust Extended Validation SSL CA, which in turn issues Extended Validation certificates for SSL-enabled servers.
Link Download/Install
SHA132:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
Version3
Modulus (key length)2048
Valid From2006-11-26
Valid To2036-07-16
RevocationCRL,OCSP
TypeEV (policy OID 1.3.6.1.4.1.14370.1.6)
DocumentGeoTrust Certification Practice Statement, Version 1.0 (January 31, 2008)
DocumentOther documents
Requested Trust Bits
  • Websites
Bugs Authorisation (407168), Inclusion (424169), EV (424171)
CommentsNote that for compatibility reasons GeoTrust has implemented a cross-signing scheme involving this CA. In this scheme, if applications not supporting EV functionality (e.g., Firefox 2 and earlier) encounter GeoTrust EV certificates then they will end up treating this CA as a subordinate CA under the existing Equifax Secure CA root.


GlobalSign

GlobalSign is a commercial CA based in Portsmouth NH and serving customers worldwide.

Audit:WebTrust CA, performed by Ernst & Young:Audit Report and Management’s Assertions

Audit:WebTrust EV, performed by Ernst & Young:Audit Report and Management’s Assertions

GlobalSign Root CA – R3

This is the SHA256 version of the GlobalSign root (SHA1) that is already included in NSS. This root is primarily suitable for Server and Client Authentication, Secure e-mail, Code Signing and Timestamping. However the root itself is marked for all issuance policies and therefore can also be used for OCSP, Encrypting File System, IP Sec (Tunnel, User) and CA Encryption Certificate purposes. The root has been created (A ceremony to WebTrust audited standards witnessed by Ernst and Young). However, this root is not yet active, so no CRL or OCSP service has yet been provided for it. GlobalSign will be supporting a new certificate hierarchy in 2010 based on this SHA256 root.
LinkDownload/Install
SHA1D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
Version3
Modulus (key length)2048
Valid From2009-03-18
Valid To2029-03-18
RevocationCRL
TypeDV, OV, EV (policy OID 1.3.6.1.4.1.4146.1.1)
DocumentRepository of All Legal Documents
DocumentGlobalSign Certification Practice Statement
DocumentGlobalSign CA Certificate Policy
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (507360), Inclusion (582375), EV (582381)
Commentsnone

GlobalSign Root CA - R2

Root CA with one subordinate CA.
Link Download/Install
SHA175:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
Version3
Modulus (key length)2048
Valid From2006-12-15
Valid To2021-12-15
RevocationCRL, OCSP
TypeEV (policy OID 1.3.6.1.4.1.4146.1.1)
DocumentGlobalSign Certification Practice Statement, version 6.0
DocumentGlobalSign CA Certificate Policy, version 3.0
DocumentGlobalSign CP v2.1
DocumentGlobalSign CPS v5.3
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (367245), Inclusion (378163), EV (406796)
Commentsnone

GlobalSign Root CA

Root CA with two subordinate CAs.
Link Download/Install
SHA1B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
Version3
Modulus (key length)2048
Valid From1998-09-01
Valid To2028-01-28
RevocationCRL,OCSP
TypeDV, IV/OV, EV (policy OID 1.3.6.1.4.1.4146.1.1)
DocumentGlobalSign Certification Practice Statement, version 6.0
DocumentGlobalSign CA Certificate Policy, version 3.0
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (406794), Inclusion (449883), EV (446407)
CommentsNote that a version of this root CA certificate with the same public key but an earlier expiration date (2014-01-28) is already included in the Mozilla list. This request is to replace the older certificate with this certificate and then enable this CA certificate for EV.


Go Daddy

Go Daddy operates a commercial CA based in the US and serving customers worldwide.

Audit:WebTrust and WebTrust EV, performed by KPMG:Independent Accountants' Report

Valicert Class 2 Policy Validation Authority

Root CA certificate with a single subordinate CA issuing SSL certificates (DV, OV and EV), email certificates, and code signing certificates.
LinkDownload/Install
SHA131:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
Version1
Modulus (key length)1024
Valid From1999-06-25
Valid To2019-06-25
RevocationCRL,OCSP
TypeDV, IV/OV, EV (policy OIDs 2.16.840.1.114413.1.7.23.3 and 2.16.840.1.114414.1.7.23.3)
DocumentStarfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)
Requested Trust Bits
  • Websites
  • Email
  • Code
Bugs Authorisation (403437), Inclusion (418958), EV (403437)
CommentsBoth of the CA certificates below are cross-signed to the Valicert Class 2 Policy Validation Authority root for legacy support, so this root is configured to enable EV with both of the EV OIDs associated with the other certificates.

Go Daddy Class 2 CA

Root CA certificate with a single subordinate CA issuing SSL certificates (DV, OV and EV), email certificates, and code signing certificates.
Link Download/Install
SHA127:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
Version3
Modulus (key length)2048
Valid From2004-06-29
Valid To2034-06-29
RevocationCRL,OCSP
TypeDV, IV/OV, EV (policy OID 2.16.840.1.114413.1.7.23.3)
DocumentStarfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (403437), Inclusion (418958), EV (403437)
Commentsnone

Starfield Class 2 CA

Root CA certificate with a single subordinate CA issuing SSL certificates (DV, OV and EV), email certificates, and code signing certificates.
Link Download/Install
SHA1AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
Version3
Modulus (key length)2048
Valid From2004-06-29
Valid To2034-06-29
RevocationCRL,OCSP
TypeDV, IV/OV, EV (policy OID 2.16.840.1.114414.1.7.23.3)
DocumentStarfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (403437), Inclusion (418958), EV (403437)
Commentsnone


Hongkong Post

Hongkong Post is a government agency and is a recognized CA under the law of Hong Kong Special Administrative Region (HKSAR) of China, and has been issuing digital certificates under the e_Cert brand name to individuals and organizations of HKSAR since January 2000. Hongkong Post CA operations have been outsourced to E-Mice Solutions. This is documented in the CPS and the Management Assertions. The WebTrust audit covers both Hongkong Post and E-Mice CA operations.

Audit:WebTrust, performed by PricewaterhouseCoopers:Audit Report and Management Assertions

Hongkong Post Root CA 1

This root has only one direct subordinate, Hongkong Post e-Cert CA 1, which is the signer key and is used to issue different types of recognized e-Certs to individuals and organizations.
Link Download/Install
SHA1D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58
Version3
Modulus (key length)2048
Valid From2003-05-15
Valid To2023-05-15
RevocationCRL
TypeOV
DocumentCertificate Practice Statement for e-Certs
Requested Trust Bits
  • Websites
BugsAuthorisation (408949), Inclusion (541499)
Commentsnone


IdenTrust

IdenTrust is a for-profit corporation serving the private, commercial and government sectors.

Audit:WebTrust, performed by Ernst and Young:Audit Report and Management's Assertions

DST Root CA X3

Link Download/Install
SHA1DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
Version3
Modulus (key length)2048
Valid From2000-09-30
Valid To2021-09-30
RevocationCRL,OCSP
TypeDV
DocumentTrustID CP v1.3.1
DocumentIdenTrust CPS v2.2
Requested Trust Bits
  • Websites
BugsAuthorisation (359069), Inclusion (394733)
Commentsnone

DST ACES CA X6

Link Download/Install
SHA140:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
Version3
Modulus (key length)2048
Valid From2003-11-20
Valid To2017-11-20
RevocationCRL,OCSP
TypeDV
DocumentCertificate Policy v20040506_1
DocumentCertificate Practice Statement v4.1
Requested Trust Bits
  • Websites
BugsAuthorisation (359069), Inclusion (394733)
Commentsnone

Izenpe

Izenpe is owned by the government of the Basque country, Spain.

Audit:ETSI TS 101.456, performed by BSI Management Systems:ETSI Certificate

Audit:WebTrust EV Readiness, performed by KPMG:Audit Report and Management Assertions

Izenpe.com

This SHA256 root has five internally-operated subordinate CAs. One sub-CA issues EV SSL certs. Two of the sub-CAs are for Qualified certificates, one for Public Administration, and one for Citizens and Entities. There are also two sub-CAs for non-Qualified certificates, one for Public Administration and one for Citizens and Entities, which issue SSL Server, Email, and Code Signing certs.
Link Download/Install
SHA12F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19
Version3
Modulus (key length)4096
Valid From2007-12-13
Valid To2037-12-13
RevocationCRL,OCSP
TypeOV, EV (Policy OID 1.3.6.1.4.1.14777.6.1.1)
DocumentCA Hierarchy
DocumentLinks to CPS in Spanish, Basque, and English
DocumentCPS in English
DocumentCPS in Spanish
DocumentCertificate Specific Documentation
DocumentProcedures for EV SSL Secure Server Certificates (Spanish)
DocumentProcedures for Secure Server Certificates (Spanish)
DocumentProcedures for Code Signing Certificates (Spanish)
DocumentProcedures for Corporate Certificates (Spanish)
Requested Trust Bits
  • Websites
  • Code
BugsAuthorisation (361957), Inclusion (578491), EV (578499)
CommentsEnablement of EV is pending.


Japanese GPKI

In Japan there are two root CAs, one is GPKI (Government Public Key Infrastructure) and the other one is LGPKI (Local government public Key Infrastructure). GPKI is controlled by the Ministry of Internal Affairs/Communications and National Information Security Center, and it is separate from Local government sectors. The Japanese government decided to centralize to GPKI from each of the ministry's certification systems and it has finished migration on Oct, 2008.

Audit:WebTrust CA, performed by Deloitte Touche Tohmatsu:Audit Report and Management's Assertions (Japanese), Audit Report and Management's Assertions (English)

ApplicationCA - Japanese Government

This root is operated by the national government of Japan. It issues server certificates and code signing certificates to national government agencies. This root issues end-entity certificates directly, and does not have any subordinate CAs.
Link Download/Install
SHA17F:8A:B0:CF:D0:51:87:6A:66:F3:36:0F:47:C8:8D:8C:D3:35:FC:74
Version3
Modulus (key length)2048
Valid From2007-12-12
Valid To2017-12-12
RevocationCRL
TypeIV/OV
DocumentApplicationCA Info
DocumentCP/CPS in English
DocumentCP/CPS in Japanese
Requested Trust Bits
  • Websites
  • Code
BugsAuthorisation (474706), Inclusion (523434)
Commentsnone


JCSI

Japan Certification Services, Inc. (JCSI) is a commercial CA whose primary market is Japan. Some of the relying parties are outside Japan, such as US, Canada, European countries, and Asia.

Audit:WebTrust CA, performed by Ernst and Young ShinNihon LLC:Audit Report and Management’s Assertions

SecureSign RootCA11

This root has one internally-operated subordinate CA for issuing SSL certificates to the public. In the future, JCSI plans to add other internally-operated subordinate CAs for S/MIME, Time Stamping, and other certificate types.
Link Download/Install
SHA13B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3
Version3
Modulus (key length)2048
Valid From2009-04-07
Valid To2029-04-07
RevocationCRL
TypeOV
DocumentRepository
DocumentCP/CPS in English
Requested Trust Bits
  • Websites
BugsAuthorisation (496863), Inclusion (542798)
Commentsnone


Kamu SM

Kamu Sertifikasyon Merkezi is the one government CA in Turkey that has authorization to issue certificates to government entities. They are also authorised to issue to commercial companies.

Audit:ETSI TS 101.456, performed by Turkish Information and Communications Technologies Authority (ICTA):ICTA statement of ETSI compliance

TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3

Link Download/Install
SHA11B:4B:39:61:26:27:6B:64:91:A2:68:6D:D7:02:43:21:2D:1F:1D:96
Version3
Modulus (key length)2048
Valid From2007-08-24
Valid To2017-08-21
RevocationCRL, OCSP
TypeDV, IV
DocumentCP
DocumentCPS
Requested Trust Bits
  • Websites
  • Email
BugsAuthorisation (381974), Inclusion (499705)
Commentsnone

Keynectis/Certplus

Keynectis is a French commercial CA that issues certificates to the general public. Keynectis was created by merging two previous French certification operators, Certplus and PK7.

Audit:ETSI TS 101.456, performed by LSTI - La Sécurité des Technologies de l'Information:ETSI Certificate

Audit:WebTrust EV, performed by KPMG:Audit Report and Management's Assertion

Certplus Class 2 Primary CA

Link Download/Install
SHA174:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
Version3
Modulus (key length)2048
Valid From1999-07-07
Valid To2019-07-06
RevocationCRL,OCSP
TypeOV, EV (Policy OID 1.3.6.1.4.1.22234.2.5.2.3.1)
DocumentDeclaration des Pratiques de Certification (CPS in French)
DocumentCPS for EV SSL CA (English)
DocumentRoot CA CP (English)
DocumentSSL CP (English)
DocumentSSL CPS (English)
DocumentKeynectis Information (English)
Requested Trust Bits
  • Websites
  • Email
BugsAuthorisation (335392), Inclusion (379032), EV (555860)
Inclusion Date2007-06-05
Commentsnone

Microsec

Microsec Ltd. is a Hungarian certificate authority.

Audit:Government, ETSI TS 101.456 equivalent, performed by Hungarian Government National Communications Authority:Authority statement

Microsec e-Szigno Root CA

Link Download/Install
SHA123:88:C9:D3:71:CC:9E:96:3D:FF:7D:3C:A7:CE:fC:D6:25:EC:19:0D
Version3
Modulus (key length)2048
Valid From2005-04-06
Valid To2017-04-06
RevocationCRL for this root, List of CRLs
TypeOV
DocumentCertificate Hierarchy in English
DocumentCPS in English
DocumentQualified Certificate CPS
DocumentETSI TS 101.456, QCP public CP
DocumentETSI TS 101.456, SSCD CP
DocumentNon-qualified Certificates CPS (electronic signatures)
DocumentETSI TS 102.042, NCP+ CP
DocumentETSI TS 102.042, NCP CP
DocumentETSI TS 102.042, NCP and ETSI TS 102.042, LCP CP
DocumentNon-qualified Certificates CPS (other uses)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (370505), Inclusion (483852)
Commentsnone

Microsec e-Szigno Root CA 2009

This is a new, SHA256, version of the Microsec SHA1 root that is already included in NSS. The new root has a new DN and a new key. Microsec plans to operate the two roots simultaneously for some years, and the old one shall be phased out afterwards. Under the new root, Microsec issues certificates with an OCSP service usable for the general public.
Link Download/Install
SHA189:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
Version3
Modulus (key length)2048
Valid From2009-06-16
Valid To2029-12-30
RevocationCRL for this root, List of CRLs,OCSP
TypeOV
DocumentCertificate Hierarchy in English
DocumentCPS in Hungarian, v2.0
DocumentCPS in English, v1.6
DocumentMicrosec CP and CPS documents
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (510506), Inclusion (557904)
Commentsnone


NetLock

NetLock Ltd. is a qualified Certificate Authority in Hungary that issues certificates to organizations and individuals.

Audit:ETSI TS 101.456, ETSI 102.042, performed by National Communications Authority, Hungary:Statement of audit conformance in English, Statement of the NCA that Netlock is a Qualified Service Provider

Audit:ETSI TS 101.456, ETSI 102.042, performed by CERT-Hungary:Cover letter of the rDSP audit in Hungarian, English Translation of part of the rDSP Audit Report

NetLock Arany (Class Gold) Főtanúsítvány

NetLock currently has four separate root CAs included in NSS. The redesigned equivalent of these existing roots will be created under this new root. The new root will sign seven internally-operated subordinate CAs. Two of those subordinate CAs will sign sub-CAs that will be externally-operated by MKB (Hungarian Trade Bank) and MNB (National Bank of Hungary).
Link Download/Install
SHA106:08:3f:59:3f:15:a1:04:a0:69:a4:6b:a9:03:d0:06:b7:97:09:91
Version3
Modulus (key length)2048
Valid From2008-12-11
Valid To2028-12-06
RevocationCRL for Class B,OCSP
TypeOV
DocumentCA Hierarchy
DocumentPractice Statements and Terms of Agreements in Hungarian
DocumentCPS in English
DocumentVerification Practice for Non-Qualified certificates
DocumentNon-qualified certificate CRL and OCSP profile definitions
DocumentCertificate Issuance Practice Statement
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (480966), Inclusion (532201)
Commentsnone


Network Solutions

Network Solutions is a US-based commercial CA with worldwide customer base.

Audit:WebTrust for CAs, performed by KPMG:Audit Report and Management's Assertions

Audit:WebTrust EV, performed by KPMG:Report in relation to the WebTrust for Certification Authorities Extended Validation Criteria

Network Solutions Certificate Authority

This CA has a subordinate CA, Network Solutions EV SSL CA, which issues Extended Validation certificates for SSL-enabled servers. At present there are no other subordinate CAs under this root; however in the future Network Solutions may establish additional subordinate CAs to issue non-EV certificates.
Link Download/Install
SHA174:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE
Version3
Modulus (key length)2048
Valid From2006-12-01
Valid To2029-12-31
RevocationCRL
TypeIV/OV, EV (policy OID 1.3.6.1.4.1.782.1.2.1.8.1)
DocumentNetwork Solutions Certification Practice Statement, Version 1.4.1
DocumentCertification Practice Statement (CPS) for Extended Validation (EV) Certification, Version 1.1
Requested Trust Bits
  • Websites
BugsAuthorisation (403915), Inclusion (431381), EV (431384)
Commentsnone


QuoVadis

QuoVadis is a commercial CA, based in Bermuda and operating globally. QuoVadis is a Qualified Certification Services Provider in Switzerland.

Audit:WebTrust, performed by Ernst & Young (Technology and Security Risk Services):Audit Report and Management's Assertions

Audit:ETSI TS 101.456, performed by KPMG:Swiss Accreditation Service statement

QuoVadis Root CA 2

This root will be used for SSL/device certificates, including standard "organisation validated" certificates as well as EV certificates.
Link Download/Install
SHA1CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
Version3
Modulus (key length)4096
Valid From2006-11-24
Valid To2031-11-24
RevocationCRL,OCSP
TypeOV, EV
DocumentQuoVadis Root CA2 CP/CPS v1.7
DocumentQuoVadis Root CA2 CP/CPS v1.7
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (365281), Inclusion (378161)
Inclusion Date2007-06-05
Commentsnone

QuoVadis Root CA 3

This root will operate under a similar CP/CPS to our existing "qualified" Root CA 1, primarily used for end user certificates.
Link Download/Install
SHA11F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85
Version3
Modulus (key length)4096
Valid From2006-11-24
Valid To2031-11-24
RevocationCRL,OCSP
TypeOV
DocumentQuoVadis Root CA CP/CPS 4.3
DocumentQuoVadis Root CA CP/CPS 4.3
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (365281), Inclusion (378161)
Inclusion Date2007-06-05
Commentsnone


SECOM Trust

SECOM Trust Services Co., Ltd are a commercial CA based in Japan.

Audit:WebTrust, performed by PricewaterhouseCoopers Aarata:Report of Independent Certified Public Accountant

Audit:WebTrust EV, performed by KPMG:Audit Report and Management's Assertion

Security Communication EV RootCA1

This request is to add a newly constructed EV root to the NSS database. Note that there is currently a non-EV CA called Security Communication RootCA1 in the NSS database.
Link Download/Install
SHA1FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
Version3
Modulus (key length)2048
Valid From2007-06-06
Valid To2037-06-06
RevocationCRL
TypeEV (policy OID 1.2.392.200091.100.721.1)
DocumentSecurity Communication EV RootCA1 Certification Practice Statement, Version 1.00 (Japanese)
DocumentSecurity Communication EV RootCA1 Subordinate CA Certificate Policy, Version 1.00 (Japanese)
Requested Trust Bits
  • Websites
BugsAuthorisation (394419), Inclusion (477134), EV (477145)
Commentsnone


Sertifitseerimiskeskus AS

SK (Certification Centre, legal name AS Sertifitseerimiskeskus) is a commercial CA, covering the Baltic region (Estonia, Lithuania, Latvia). SK is Estonia's primary certification authority, providing certificates for authentication and digital signing to Estonian ID Cards. Established in 2001, SK has the backing of Estonian and Nordic financial and telecom sector. SK’s customers include the Estonian court system and notaries, Central Bank and commercial banks, and enforcement organisations (e.g. Police).

Audit:ETSI TS 101.456, performed by KPMG Estonia:Audit Report

Juur-SK

This root issues three types of internally operated subordinate CAs. The first type of subordinate CA is used to issue electronic ID cards which contain certificates for digital signature and for digital identification. The second type of subordinate CA is used to issue internal ID cards of the Republic of Estonia. The third type of subordinate CA is used to issue device and SSL certificates.
Link Download/Install
SHA140:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89
Version3
Modulus (key length)2048
Valid From2001-08-30
Valid To2016-08-26
RevocationCRL
TypeOV
DocumentCertificate Hierarchy Diagram
DocumentCertificate Practice statement
DocumentEID-SK Certificate Policy
DocumentESTEID-SK Certificate Policy
DocumentKLASS3-SK Certificate Policy
Requested Trust Bits
  • Websites
  • Code
BugsAuthorisation (414520), Inclusion (532742)
Commentsnone


Staat der Nederlanden

Staat der Nederlanden is the Netherlands national government CA. The Dutch governmental PKI hierarchy consists of 2 roots. This first root, Staat der Nederlanden Root CA, is already included in NSS. The second root is the next generation, Staat der Nederlanden Root CA – G2. The organization operating these roots is called Logius as of January 2010, it used to be called GBO.Overheid. Logius is the digital government service of the Netherlands Ministry of the Interior and Kingdom Relations (BZK).

Audit:WebTrust CA, performed by KPMG:Audit Report and Management Asserstions

Staat der Nederlanden Root CA - G2

This is the next generation of the Staat der Nederlandend Root CA that is currently in the Mozilla store. The PKIoverheid issues two internally operated subordinate CAs, which issue subordinate CAs to CSPs. The CSPs are commercial and governmental organizations. Each CSP has to prove that it complies with ETSI TS 101 456 and the Dutch law on electronic signatures. CSPs must conclude a contract with a representative of a government organization or commercial company before issuing end-entity certificates. A request for a certificate is always signed by a specified representative of a government organization or commercial company.
Link Download/Install
SHA159:af:82:79:91:86:c7:b4:75:07:cb:cf:03:57:46:eb:04:dd:b7:16
Version3
Modulus (key length)4096
Valid From2008-03-26
Valid To2020-03-25
RevocationCRL
TypeOV
DocumentDescription of PKI Overheid (English)
DocumentCertification Practice Statement of the Policy Authority PKI Overheid (Dutch)
DocumentCP for CSPs (Dutch)
DocumentCertificate Policy Part 3a for employees of governmental organizations or commercial companies (Dutch)
DocumentCertificate Policy Part 3b for SSL services of governmental organizations or commercial companies (Dutch)
DocumentCertificate Policy Part 3c for personal use of civilians (Dutch)
DocumentSchedule of Requirements (Dutch)
Requested Trust Bits
  • Websites
  • Code
BugsAuthorisation (436056), Inclusion (529874)
Commentsnone


StartCom

StartCom is a commercial corporation with customers worldwide, and is the producer and vendor of the StartCom Linux operating systems, operates the StartCom Certification Authority and MediaHost.

Audit:WebTrust CA, performed by Ernst and Young:Audit Report and Management's Assertions

Audit:WebTrust EV, performed by Ernst and Young:Audit Report and Management's Assertions

StartCom Certification Authority

Link Download/Install
SHA13E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
Version3
Modulus (key length)4096
Valid From2006-09-17
Valid To2036-09-17
RevocationCRL,OCSP
TypeDV, OV, EV (policy OID 1.3.6.1.4.1.23223.2)
DocumentStartCom Certification Authority Policy and Practice Statements
DocumentStartCom Certification Authority Extended Validation Certificates Policy Appendix
DocumentIndex of Certs
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (362304), Inclusion (383722), EV (490492)
Inclusion Date2007-06-15
Commentsnone

S-TRUST

Deutscher Sparkassen Verlag GmbH is the world's largest smartcard provider and the central certification service provider for all German savings banks. This CA exists to enable up to 40 million German customers (end-users) to use their banking card as a certificate based signature, encryption and authentication device.

Audit:ETSI TS 101.456, performed by TÜV-IT:ETSI TS 101.456 Certificate

Audit:ETSI TS 102.042, performed by TÜV-IT:ETSI TS 102.042 Certificate

S-TRUST Authentication and Encryption Root CA 2005:PN

This root will provide all customers of the German Savings Bank Financial Group with client certificates for their signature-enabled debit cards (smartcards).
Link Download/Install
SHA1BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81
Version3
Modulus (key length)2048
Valid From2005-06-21
Valid To2030-06-21
RevocationCRL,OCSP
TypeIV
DocumentCertification Practice Statement for the S-TRUST Network
Requested Trust Bits
  • Email
BugsAuthorisation (370627), Inclusion (478573)
Commentsnone


SwissSign

SwissSign AG is a commercial CSP that provides certification services for individual and corporate customers. SwissSign operates the certificate authority for the Swiss Post and is mostly focused on Switzerland but Registration Services may be used internationally. The "Platinum G2" Root CA currently has 3 subordinate CAs, the "Gold G2" Root CA has 2 and the "Silver G2" Root CA has 3.

Audit:ETSI TS 101.456, performed by KPMG:Swiss Accreditation Service Certified Bodies List, SAS details for SwissSign

Audit:WebTrust EV, performed by KPMG:Confirmation Notice of WebTrust EV Audit

SwissSign Platinum CA - G2

The SwissSign Platinum CA - G2 root has three subordinate CAs. The SwissSign Qualified Platinum CA - G2 issues "qualified" certificates according to Swiss digital signature law (ZertES). The SwissSign Personal Platinum CA - G2 issues certificates for natural persons and organizations. The Swiss Post Platinum CA - G2 issues the "Postzertifikat", a product of the Swiss Post. (Note that each of the subordinate CAs has its own CP/CPS separate from the CP/CPS of the root.) The Platinum CAs require that keys be generated on Secure Signature Creation Devices (SSCDs); since such devices are not used with servers, this hierarchy is enabled for email and object signing uses only.
Link Download/Install
SHA156:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
Version3
Modulus (key length)4096
Valid From2006-10-25
Valid To2036-10-25
RevocationCRL,OCSP
TypeIV
DocumentSwissSign Platinum Root CP/CPS
DocumentSwissSign Qualified Platinum CP/CPS
DocumentSwissSign Personal Platinum CP/CPS
DocumentSwiss Post Platinum CP/CPS
Requested Trust Bits
  • Email
  • Code
BugsAuthorisation (343756), Inclusion (407396)
Commentsnone

SwissSign Gold CA - G2

The "Gold G2" root CA currently has two subordinate CAs: "Personal" issues certificates for natural persons and organizations, while "Server" issues certificates for systems. This root CA may also operate other customer-specific Issuing CAs if and only if they fully comply with all the stipulations of the "Gold G2" CP/CPS.
Link Download/Install
SHA1D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
Version3
Modulus (key length)4096
Valid From2006-10-25
Valid To2036-10-25
RevocationCRL,OCSP
TypeIV, OV, EV (policy OID 2.16.756.1.89.1.2.1.1)
DocumentSwissSign Gold CP/CPS R4
DocumentEnd User Agreement R4
DocumentSwissSign Document Repository
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (343756), Inclusion (407396), EV (492077)
Commentsnone

SwissSign Silver CA - G2

The "Silver G2" root CA currently has three subordinate CAs: "Personal" issues certificates for natural persons and organizations, "Server" issues certificates for systems, and "Switch" is operated for a customer that issues certificates for the academic community
Link Download/Install
SHA19B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
Version3
Modulus (key length)4096
Valid From2006-10-25
Valid To2036-10-25
RevocationCRL,OCSP
TypeIV
DocumentSwissSign Silver CP/CPS
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (343756), Inclusion (407396)
Commentsnone


TC TrustCenter

TC TrustCenter GmbH is a commercial company based in Germany, with customers in all major regions of the world. TC TrustCenter offers a variety of products and services including SSL Server certificates and Email certificates.

Audit:ETSI 102.042, performed by TÜV-IT Germany:ETSI TS 102.042 LCP Certificate

Audit:ETSI 102.042 V2.1.1 EV, performed by TÜV-IT Germany:ETSI TS 102 042 V2.1.1 EV Certificate

TC TrustCenter Universal CA III

This root will have an internally-operated subordinate CA for each registration strength; “Class 1”, “Class 2”, “Class 3” and “Class 4 EV”. This root currently has one Class 4 EV subordinate CA, “TC TrustCenter Class 4 Extended Validation CA I”, which will only issue EV certificates. This new root will co-exist with the “TC TrustCenter Universal CA I” root that is currently included in NSS. This new root will effectively replace the "TC Universal CA II" root which was not included in NSS. For this new root, TC TrustCenter generated a new key (supervised by their auditor) to be compliant with the CA/B Forum guidelines.
Link Download/Install
SHA196:56:cd:7b:57:96:98:95:d0:e1:41:46:68:06:fb:b8:c6:11:06:87
Version3
Modulus (key length)2048
Valid From2009-09-09
Valid To2029-12-31
RevocationCRL, OCSP
TypeOV, EV (policy OID 1.2.276.0.44.1.1.1.4)
DocumentCPS (English)
DocumentCPS (German)
DocumentCPD (English)
DocumentCPD (German)
DocumentEV CPD (English)
DocumentEV CPD (German)
DocumentAll TC TrustCenter root certs
Requested Trust Bits
  • Websites
  • Email
  • Code
Bugs Authorisation (436467), Inclusion (593063), EV (593067)
CommentsEnablement of EV is pending.

TC TrustCenter Class 2 CA II

This root has two internally-operated subordinate CAs which issue certificates for SSL, email, and code signing. This root also has an externally-operated subordinate CA which is used to issue device certificates and email certificates for internal use only. The device name and the email address belong to a company internal domain, so the ownership is guaranteed.
Link Download/Install
SHA1AE:50:83:ED:7C:F4:5C:BC:8F:61:C6:21:FE:68:5D:79:42:21:15:6E
Version3
Modulus (key length)2048
Valid From2006-01-12
Valid To2025-12-31
RevocationCRL, OCSP
TypeOV
DocumentHierarchy Diagram
DocumentTC TrustCenter GmbH Certification Practice Statement (CPS)
DocumentTC TrustCenter Certificate Policy Definitions (CPD)
DocumentTC TrustCenter CA Certificates
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (392024), Inclusion (486759)
Commentsnone

TC TrustCenter Class 3 CA II

This root has one internally-operated subordinate CA which issues certificates for SSL, email, and code signing.
Link Download/Install
SHA180:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5
Version3
Modulus (key length)2048
Valid From2006-01-12
Valid To2025-12-31
RevocationCRL, OCSP
TypeOV
DocumentHierarchy Diagram
DocumentTC TrustCenter GmbH Certification Practice Statement (CPS)
DocumentTC TrustCenter Certificate Policy Definitions (CPD)
DocumentTC TrustCenter CA Certificates
Requested Trust Bits
  • Websites
  • Email
  • Code
Bugs Authorisation (392024), Inclusion (486759)
Commentsnone

TC TrustCenter Universal CA I

This root has been introduced to reduce the number of root certificates in the trusted root stores. This root will have internally-operated subordinate CAs for each registration strength. “Class 1”, “Class 2”, “Class 3” and “Class 4” represent the registration strength. This root currently has one Class 3 subordinate CA. Over time this root will have more “TC Class x” subordinate CA certificates.
Link Download/Install
SHA16B:2F:34:AD:89:58:BE:62:FD:B0:6B:5C:CE:BB:9D:D9:4F:4E:39:F3
Version3
Modulus (key length)2048
Valid From2006-03-22
Valid To2025-12-31
RevocationCRL, OCSP
TypeOV
DocumentHierarchy Diagram
DocumentTC TrustCenter GmbH Certification Practice Statement (CPS)
DocumentTC TrustCenter Certificate Policy Definitions (CPD)
DocumentTC TrustCenter CA Certificates
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (392024), Inclusion (486759)
Commentsnone


thawte

thawte is a commercial CA with worldwide operations and customer base; it is a subsidiary of VeriSign, Inc.

Audit:WebTrust/WebTrust EV, performed by KPMG:Audit Report and Management's Assertions

thawte Primary Root CA - G2

This CA will be used to sign certificates for SSL-enabled servers, and may in the future be used to sign certificates for digitally-signed executable code objects. thawte is not yet actively issuing certificates from this root, so they have not yet published a CRL. All subordinated CAs for this root will be internally operated.
Link Download/Install
SHA1AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
Version3
Modulus (key length)SECG elliptic curve secp384r1 (aka NIST P-384)
Valid From2007-11-04
Valid To2038-01-18
RevocationCRL
TypeDV, OV
DocumentThawte Document Repository (English)
DocumentThawte CPS (English)
Requested Trust Bits
  • Websites
  • Code
Bugs Authorisation (409237), Inclusion (521869)
Commentsnone

thawte Primary Root CA - G3

This CA will be used to sign certificates for SSL-enabled servers, and may in the future be used to sign certificates for digitally-signed executable code objects. thawte is not yet actively issuing certificates from this root, so they have not yet published a CRL. All subordinated CAs for this root will be internally operated.
Link Download/Install
SHA1F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
Version3
Modulus (key length)2048
Valid From2008-04-01
Valid To2037-12-01
RevocationCRL
TypeDV,OV
DocumentThawte Document Repository (English)
DocumentThawte CPS (English)
Requested Trust Bits
  • Websites
  • Code
Bugs Authorisation (484903), Inclusion (521869)
Commentsnone

thawte Primary Root CA

This CA issues a CA certificate to the subordinate CAs thawte Extended Validation SSL CA and thawte Extended Validation SSL SGC CA, which in turn issue Extended Validation certificates for SSL-enabled servers.
Link Download/Install
SHA191:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
Version3
Modulus (key length)2048
Valid From2006-11-17
Valid To2036-07-16
RevocationCRL, OCSP
TypeEV (policy OID 2.16.840.1.113733.1.7.48.1)
Documentthawte Certification Practice Statement, Version 3.5 (January 2008)
Requested Trust Bits
  • Websites
Bugs Authorisation (407163), Inclusion (424152), EV (424154)
CommentsNote that for compatibility reasons thawte has implemented a cross-signing scheme involving this CA. In this scheme, if applications not supporting EV functionality (e.g., Firefox 2 and earlier) encounter thawte EV certificates then they will end up treating this CA as a subordinate CA under the existing Thawte Premium Server CA root.


Trustwave

Trustwave is a commercial CA serving customers worldwide; it includes the former SecureTrust and XRamp CAs. At this time there are no subordinate CAs for any of these roots; instead end entity certificates are issued directly from the roots as noted below, with different classes of certificates under different certificate policies. Note that each root CA is not associated with a single CPS, rather end entity certs are associated with policies that link to the CPS that the certificate was issued under: an EV CPS, an OV CPS, etc.

Audit:WebTrust and WebTrust EV, performed by Boysen & Miller PLLC:Audit Reportand Management's Assertions

SecureTrust CA

Root CA certificate utilized for issuing SSL certificates (OV and EV) and code signing certificates.
Link Download/Install
SHA187:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
Version3
Modulus (key length)2048
Valid From2006-11-07
Valid To2029-12-31
RevocationCRL
TypeIV/OV, EV (policy OID 2.16.840.1.114404.1.1.2.4.1)
DocumentSecureTrust Corporation Certificate Practice Statement for Extended Validation Certificates, Version 1.0.1
DocumentSecureTrust Corporation Certificate Practice Statement for Organizationally Validated Standard Assurance Certificates, Version 1.5.1
DocumentSecureTrust Certification Practice Statement for Code Signing Certificates, Version 1.6.0
Requested Trust Bits
  • Websites
  • Code
BugsAuthorisation (409837), Inclusion (418907), EV (418910)
Commentsnone

Secure Global CA

Root CA certificate utilized for issuing SSL certificates (OV and EV), S/MIME certificates, and (in future) code signing certificates.
Link Download/Install
SHA13A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B
Version3
Modulus (key length)2048
Valid From2006-11-07
Valid To2029-12-31
RevocationCRL
TypeIV/OV, EV (policy OID 2.16.840.1.114404.1.1.2.4.1)
DocumentSecureTrust Corporation Certificate Practice Statement for Extended Validation Certificates, Version 1.0.1
DocumentSecureTrust Corporation Certificate Practice Statement for Organizationally Validated Standard Assurance Certificates, Version 1.5.1
DocumentSecureTrust Certification Practice Statement for S/MIME Certificates, Version 1.6.0
DocumentSecureTrust Certification Practice Statement for Code Signing Certificates, Version 1.6.0
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (409838), Inclusion (418907), EV (418910)
Commentsnone

XRamp Global CA

Root CA certificate utilized for issuing SSL certificates (OV and EV), S/MIME certificates, and code signing certificates.
Link Download/Install
SHA1B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
Version3
Modulus (key length)2048
Valid From2004-11-01
Valid To2035-01-01
RevocationCRL
TypeIV/OV, EV (policy OID 2.16.840.1.114404.1.1.2.4.1)
DocumentSecureTrust Corporation Certificate Practice Statement for Extended Validation Certificates, Version 1.0.1
DocumentSecureTrust Corporation Certificate Practice Statement for Organizationally Validated Standard Assurance Certificates, Version 1.5.1
DocumentSecureTrust Certification Practice Statement for S/MIME Certificates, Version 1.6.0
DocumentSecureTrust Certification Practice Statement for Code Signing Certificates, Version 1.6.0
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (409840), EV (418902)
CommentsNote that this root CA certificate is already included in the Mozilla list. The present request is to enable this CA certificate for EV.


T-Systems

T-Systems is a wholly-owned subsidiary of Deutsche Telekom AG.

Audit:WebTrust, performed by Ernst and Young:Audit Report and Management's Assertions

Audit:ETSI 101.456, performed by T-Systems GEI:ETSI 101.456 Certificate of Compliance

Deutsche Telekom Root CA 2

Link Download/Install
SHA185:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
Version3
Modulus (key length)2048
Valid From1999-07-09
Valid To2019-07-10
RevocationCRL
TypeOV
DocumentCPS (German)
DocumentCP (German)
DocumentService Description (German)
DocumentCPS (English)
Document CP (English)
DocumentService Description (English)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (378882), Inclusion (487647)
Commentsnone

TURKTRUST

TÜRKTRUST is a Turkish CA issuing qualified certificates in Turkey.

Audit:ETSI TS 101.456, performed by Turkish Telecommunications Authority:Letter of Official CA Statement, List of accredited CAs, Audit statement on auditor website

TURKTRUST Certificate Services Provider Root 1

Root 1 is a "legacy" root included for compatibility with previously-issued certificates. The English version of the CPS applies to both roots.
Link Download/Install
SHA179:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9
Version3
Modulus (key length)2048
Valid From2005-05-13
Valid To2015-03-22
RevocationCRL, CRL, CRL,OCSP
TypeDV, IV
DocumentCPS v03 (English)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (380635), Inclusion (410821)
Commentsnone

TURKTRUST Certificate Services Provider Root 2

Root 2 is the new root that replaced Root 1; Root 2 is used for certificates currently being issued. The English version of the CPS applies to both roots.
Link Download/Install
SHA1B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7
Version3
Modulus (key length)2048
Valid From2005-07-11
Valid To2015-09-16
RevocationCRL, CRL, CRL,OCSP
TypeDV, IV
DocumentCPS v03 (English)
Requested Trust Bits
  • Websites
  • Email
  • Code
BugsAuthorisation (380635), Inclusion (410821)
Commentsnone


VeriSign

VeriSign is a major commercial CA with worldwide operations and customer base.

Audit:WebTrust CA and WebTrust EV, performed by KPMG: Audit Reports and Management's Assertions

VeriSign Universal Root Certification Authority

This CA will be used to sign certificates for SSL-enabled servers, and may in the future be used to sign certificates for digitally-signed executable code objects. VeriSign is not yet actively issuing certificates from this root, so they have not yet published a CRL.
Link Download/Install
SHA136:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54
Version3
Modulus (key length)2048
Valid From2008-04-01
Valid To2037-12-01
RevocationCRL
TypeOV
DocumentVeriSign Certification Practice Statement
DocumentVeriSign Trust Network Certificate Policies
DocumentCA Hierarchy Diagram
Requested Trust Bits
  • Websites
  • Email
  • Code
Bugs Authorisation (484901), Inclusion (515470)
Commentsnone

VeriSign Class 3 Public Primary Certificate Authority - G4

This CA will be used to sign certificates for SSL-enabled servers, and may in the future be used to sign certificates for digitally-signed executable code objects. VeriSign is not yet actively issuing certificates from this root, so they have not yet published a CRL. All subordinated CAs for this root will be internally operated.
Link Download/Install
SHA122:D5:D8:Df:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A
Version3
Modulus (key length)SECG elliptic curve secp384r1 (aka NIST P-384)
Valid From2007-4-11
Valid To2038-01-18
RevocationCRL
TypeOV
DocumentVeriSign Certification Practice Statement
DocumentVeriSign Trust Network Certificate Policies
DocumentCA Hierarchy Diagram
Requested Trust Bits
  • Websites
  • Email
  • Code
Bugs Authorisation (409235), Inclusion (515472)
Commentsnone

VeriSign Class 3 Public Primary Certification Authority - G5

This CA issues a CA certificate to the subordinate CA "VeriSign Class 3 Extended Validation SSL SGC CA", which in turn issues Extended Validation certificates for SSL-enabled servers.
Link Download/Install
SHA14E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
Version3
Modulus (key length)2048
Valid From2006-11-07
Valid To2036-07-16
RevocationCRL, OCSP
TypeEV (policy OID 2.16.840.1.113733.1.7.23.6)
DocumentVeriSign Certification Practice Statement, Version 3.5
DocumentVeriSign Trust Network Certificate Policies, Version 2.5
Requested Trust Bits
  • Websites
BugsAuthorisation (402947), Inclusion (422918)
CommentsNote that for compatibility reasons VeriSign has implemented a cross-signing scheme involving this CA. In this scheme, if applications not supporting EV functionality (e.g., Firefox 2 and earlier) encounter VeriSign EV certificates then they will end up treating this CA as a subordinate CA under the existing VeriSign Class 3 Public Primary CA root.

VeriSign Class 1 Public Primary Certification Authority

This root CA (also known as PCA1-G1-SHA1) has Signature Algorithm SHA-1. This root will supersede the PCA1-G1 root that is already included in NSS, which has Signature Algorithm MD2.
Link Download/Install
SHA1CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1
Version1
Modulus (key length)1024
Valid From1996-01-28
Valid To2028-08-02
RevocationCRL
TypeDV
DocumentVeriSign Certification Practice Statement
DocumentVeriSign Trust Network Certificate Policies
DocumentCA Hierarchy Diagram
Requested Trust Bits
  • Email
BugsAuthorisation (490895), Inclusion (515462)
Commentsnone

VeriSign Class 3 Public Primary Certification Authority

This root CA (also known as PCA3-G1-SHA1) has Signature Algorithm SHA-1. This root will supersede the PCA3-G1 root that is already included in NSS, which has Signature Algorithm MD2.
Link Download/Install
SHA1A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B
Version1
Modulus (key length)1024
Valid From1996-01-28
Valid To2028-08-02
RevocationCRL, OCSP
TypeOV
DocumentVeriSign Certification Practice Statement
DocumentVeriSign Trust Network Certificate Policies
DocumentCA Hierarchy Diagram
Requested Trust Bits
  • Websites
  • Email
  • Code
Bugs Authorisation (490895), Inclusion (515462)
CommentsThe initial request was also to EV-enable this root. However, it was deteremined that EV-enablement was not necessary.


Verizon / Cybertrust

Verizon Business Security Solutions Powered by Cybertrust operates a commercial certificate authority service for businesses and governments internationally.

Audit:WebTrust CA, performed by Ernst and Young:Audit Report and Management's Assertions

Audit:WebTrust EV, performed by Ernst and Young:Audit Report and Management's Assertions

Cybertrust Global Root

This root was created to provide a service to customers desiring a root based outside the United States. Relying on the GTE CyberTrust Global Root for ubiquity through cross-certification, this root is used for issuance of EV SSL certificates. There is currently only one internally-operated subordinate CA called Cybertrust SureServer EV CA. The CPS allows for this root to have other subordinate CAs in the future. The sub-CAs are required to follow the CPS and to have regular audits.
Link Download/Install
SHA15f:43:e5:b1:bf:f8:78:8c:ac:1c:c7:ca:4a:9a:c6:22:2b:cc:34:c6
Version3
Modulus (key length)2048
Valid From2006-12-15
Valid To2021-12-15
RevocationCRL
TypeEV (policy OID 1.3.6.1.4.1.6334.1.100.1)
Document Cybertrust CA Certificate Policy
Document Certification Practice Statement
Requested Trust Bits
  • Websites
BugsAuthorisation (430700), Inclusion (493258), EV (493259)
Commentsnone


Wells Fargo

Wells Fargo is a public CA based in San Francisco, California, and serving customers worldwide. This EV CA was created for the purpose of creating an online/intermediate EV SSL issuing authority which will be managed internally, and follow the WellsSecure CPS.

Audit:WebTrust EV pre-audit, performed by KPMG:Audit Report and Management's Assertions

Audit:WebTrust CA, performed by KPMG:Audit Reportand Management's Assertions

WellsSecure Public Root Certificate Authority

Root CA with one internal subordinate CA issuing EV SSL certificates.
Link Download/Install
SHA1e7:b4:f6:9d:61:ec:90:69:db:7e:90:a7:40:1a:3c:f4:7d:4f:e8:ee
Version3
Modulus (key length)2048
Valid From2007-12-13
Valid To2022-12-13
RevocationCRL,OCSP
TypeEV (policy OID 2.16.840.1.114171.500.9)
Document WellsSecure PKI Certificate Policy
Requested Trust Bits
  • Websites
BugsAuthorisation (428390), Inclusion (449393), EV (449394)
Commentsnone


WISeKey

WISeKey operates the CertifyID Trust Service, which supports customer-specific CAs under a CA hierarchy rooted at the WISeKey Global Root GA CA and containing Policy CAs (subordinate to the root) and Issuing CAs (subordinate to the Policy CAs). Note that all end-entity certificates are issued by the Issuing CAs under policies set by WISeKey.

Audit:WebTrust, performed by WTE y E. Álvarez Auditores, S.L.:Audit Report and Management's Assertions

Audit:WebTrust, performed by WTE y E. Álvarez Auditores, S.L.:2008 Audit Report and Management's Assertions

OISTE WISeKey Global Root GA CA

As noted above, the Global Root GA CA is the one and only root for the entire CertifyID system. It issues CA certificates to Policy CAs, which in turn issue CA certificates to Issuing CAs. There are three types of Policy CAs (Standard, Advanced, and Qualified) and three types of Issuing CAs corresponding to these, each issuing a different class of certificates; verification requirements for applicants vary by class.
Link Download/Install
SHA159:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9
Version3
Modulus (key length)2048
Valid From2005-12-11
Valid To2037-12-11
RevocationCRL
TypeIV
DocumentOISTE WISeKey Root CPS 1.01
DocumentCertifyID Identity Validation Overview, Version 1.0
DocumentTechnical Security Controls WD0011 - Version 1.0.1
DocumentTable comparing the three different classes of end-entity certificates issued by Issuing CAs.
Requested Trust Bits
  • Websites
  • Email
BugsAuthorisation (371362), Inclusion (467138)
Commentsnone


 Certum Trusted Root Certificates
Comodo Trusted Root Certificates
DigiCert Trusted Root Certificates
GeoTrust Trusted Root Certificates
GlobalSign Trusted Root Certificates
NetworkSolutions Trusted Root Certificates
Thawte Trusted Root Certificates
TrustWave Trusted Root Certificates
VeriSign Trusted Root Certificates

All root certificates
Copyright © 2008-2011 WebTrust ®

\"".TITLE." SSL сертифікати VeriSign GeoTrust Thawte GlobalSign DigiCert TrustWave Certum Comodo Networksolutions SSL та Codesign купити SSL сертифікат
издатель: Сертифікат SSL сертифікати Веб Траст Україна WebTrust - Ukraine тематика: Trusted Root certificates, Корневые сертификаты, Кореневі сертифікати, Підтвердження в інтернет легітимності компанії і автентичності сайту, Захищене зєднання з сервером для он-лайн продажів, Цифрові SSL сертифікати , trustedrootcertificates.com Кореневі сертифікати trustedrootcertificates.com. wildcard ssl сертифікати, цифрові сертифікати, SAN SSL сертифікати, купити ssl в Україні, ssl сертифікати,
Інформація про сертифікат для підпису коду | VeriSign SSL центр в Україні | Digital id