Sociedad Cameral de Certificación Digital - Certicámara S.A. is a
commercial CA primarily serving Colombia and Andean Region
Audit:
WebTrust, performed by
Deloitte and Touche
:
Audit Report and Management's Assertions AC Raíz Certicámara S.A.
This is a new root CA certificate authorized by Industry and
Commerce Department of Colombia, to replace the Certificado Empresarial Clase-A
certificate. It has one internally operated subordinate CA.
Dhimyotis services include Certigna ID and Certigna SSL. Certigna is a
French CA for the European market and expects to expand to serve other
countries (India, USA, South America ... ) soon.
Audit:
ETSI TS 102.042, performed by
LSTI - La Sécurité des Technologies de l'Information
:
Statement of Compliance with ETSI TS 102.042
Audit:
ETSI TS 102.042, performed by
LSTI - La Sécurité des Technologies de l'Information
:
2008 Statement of Compliance with ETSI TS 102.042 Certigna
The Certigna root has three internally operated subordinated CA’s:
Certigna SSL is for SSL-enabled servers, Certigna ID is for
authentication and digitally-signed email, and Certigna Chiffrement
is for encrypting email.
Comodo CA Ltd is a commercial CA based in the UK and
serving customers worldwide. Comodo has a total of 12 root CA
certs included in Mozilla, and altogether 124 subordinate CAs
signed by those root CAs. Some of them exist to differentiate
between different Comodo brands or products and some are used to
re-brand products for its partners. In each case Comodo retains
the private key for the subordinate CA within its
infrastructure.
Audit:
WebTrust, performed by
KPMG:
Audit Report and Management's Assertions
Audit:
WebTrust EV, performed by
KPMG:
Report in relation to the WebTrust for Certification Authorities Extended Validation Criteria COMODO Certification AuthorityRoot CA certificate with subordinate CAs issuing SSL
certificates, email certificates, and code signing
certificates. COMODO ECC Certification AuthorityRoot ECC certificate with internal subordinate CA issuing EV SSL
certificates, email certificates, and code signing certificates.
ComSign is a private company owned by Comda, Ltd., a company specializing
in information protection products and solutions. In 2003, ComSign was
appointed by the Justice Ministry as a certificate authority in Israel in
accordance with the Electronic Signature Law 5761-2001, and is currently
the only entity issuing legal authorized electronic signatures according to
the Israel law. ComSign has issued electronic signatures to thousands of
business people in Israel.
Audit:
Israel Electronic Signature Law, performed by
The State of Israel – Ministry of Justice:
Registered CA
Audit:
ETSI TS 101 456, performed by
Sharony-Shefler:
Audit Statement 2009 ComSign CA
This root has six internally-operated subordinate CAs that are used for
issuing digital IDs to individuals and corporations in accordance with
the Israeli Electronic Signature Law.
ComSign Secured CA
This root has two internally-operated subordinate CAs that are used
for issuing certificates for SSL and for code-signing.
DCSSI is part of the French Government. It issues certificates to French
Government websites which are used by the general public. Each department has a sub CA; there
are at least 20 at the moment, and potentially up to 60.
Audit:
Government -- WebTrust CA Equivalent, performed by
French Secretariat Général de la Défense Nationale:
Official decision for IGC/A homologation IGC/A
This is the root certificate of the French Government CA. The IGC/A root issues a
subordinate CA for each organization, which can be only a government or an
administrative organization. Each of these subordinate CAs may issue end-entity
certificates or additional subordinate CAs to be used for divisions within that
organization. Each organization is required to follow the CP and the Government
RGS/PRIS, and be audited.
DigiCert is a US-based commercial CA with headquarters in Lindon, UT. DigiCert
provides digital certification and identity assurance services internationally
to a variety of sectors including business, education, and government.
Audit:
WebTrust, performed by
KPMG:
Audit
Report and Management's Assertions DigiCert Assured ID Root CADigiCert High Assurance EV Root CA
DigiNotar is a Dutch trusted third party, mainly
operating in the Netherlands. They issue certificates based on
notary verification of applicants. They service the business,
government and consumer markets.
Audit:
ETSI 101.456, performed by
Price Waterhouse Coopers:
ETSI Certificate, Statement of ETSI Compliance
Audit:
WebTrust EV, performed by
Price Waterhouse Coopers:
Assertion of Management and Audit Report DigiNotar Root CAThis is the top root, used only to issue CA
certificates for five application-specific subordinate CAs:
DigiNotar Public CA 2025 (non-qualified personal
certificates), DigiNotar Qualified CA (qualified personal
certificates), DigiNotar Services CA (SSL and object signing
certificates), DigiNotar Extended Validation CA (EV
certificates), and DigiNotar Private CA (CA certificates for
organizational CAs).
Entrust is a commercial CA serving the global market for
SSL web certificates. Entrust also issues certificates to
subordinate CAs for enterprise and commercial use.
Audit:
WebTrust, performed by
Deloitte and Touche LLP:
Audit Report and Management's Assertions
Audit:
WebTrust EV, performed by
Deloitte and Touche LLP:
Audit Report and Management's Assertions Entrust Root Certification AuthorityThis root was primarily created as the trust root for Entrust EV SSL
certificates. EV certificates are issued using the
Entrust Certification Authority - L1A subordinate CA.
GeoTrust is a commercial CA with worldwide operations and
customer base; it is a subsidiary of VeriSign, Inc.
Audit:
WebTrust/WebTrust EV, performed by
KPMG:
Audit
Report and Management's Assertions GeoTrust Primary Certification AuthorityThis CA issues a CA certificate to the subordinate CA
GeoTrust Extended Validation SSL CA, which in turn issues
Extended Validation certificates for SSL-enabled
servers. | Link |
Download/Install
| | SHA1 | 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96 | | Version | 3 | | Modulus (key length) | 2048 | | Valid From | 2006-11-26 | | Valid To | 2036-07-16 | | Revocation | CRL,
OCSP
| | Type | EV (policy OID 1.3.6.1.4.1.14370.1.6) | | Document | GeoTrust Certification Practice Statement, Version 1.0 (January 31, 2008) | | Document | Other documents | | Requested Trust Bits | | | Bugs |
Authorisation (407168),
Inclusion (424169),
EV (424171)
| | Comments | Note that for compatibility reasons GeoTrust has
implemented a cross-signing scheme involving this CA. In this
scheme, if applications not supporting EV functionality (e.g.,
Firefox 2 and earlier) encounter GeoTrust EV certificates then
they will end up treating this CA as a subordinate CA under
the existing Equifax Secure CA root. |
GlobalSign is a commercial CA based in Portsmouth NH and
serving customers worldwide.
Audit:
WebTrust, performed by
Deloitte (Denmark):
Audit Report
and Management's Assertions
Audit:
WebTrust, performed by
Ernst & Young:
Report of Independent Accountants and Assertion of Management
Audit:
WebTrust EV, performed by
Ernst & Young:
Report of Independent Accountants and Assertion of Management GlobalSign Root CA - R2Root CA with one subordinate CA. GlobalSign Root CARoot CA with two subordinate CAs.
Go Daddy operates a commercial CA based in the US and
serving customers worldwide.
Audit:
WebTrust and WebTrust EV, performed by
KPMG:
Independent Accountants' Report Valicert Class 2 Policy Validation AuthorityRoot CA certificate with a single subordinate CA
issuing SSL certificates (DV, OV and EV), email certificates,
and code signing certificates. | Link |
Download/Install
| | SHA1 | 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6 | | Version | 1 | | Modulus (key length) | 1024 | | Valid From | 1999-06-25 | | Valid To | 2019-06-25 | | Revocation | CRL,
OCSP
| | Type | DV, IV/OV, EV (policy OIDs 2.16.840.1.114413.1.7.23.3 and 2.16.840.1.114414.1.7.23.3) | | Document | Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) | | Requested Trust Bits | | | Bugs |
Authorisation (403437),
Inclusion (418958),
EV (403437)
| | Comments | Both of the CA certificates below are cross-signed to
the Valicert Class 2 Policy Validation Authority root for
legacy support, so this root is configured to enable EV with
both of the EV OIDs associated with the other certificates.
|
Go Daddy Class 2 CARoot CA certificate with a single subordinate CA
issuing SSL certificates (DV, OV and EV), email certificates,
and code signing certificates. Starfield Class 2 CARoot CA certificate with a single subordinate CA
issuing SSL certificates (DV, OV and EV), email certificates,
and code signing certificates.
IdenTrust is a for-profit corporation serving the private, commercial and government sectors.
Audit:
WebTrust, performed by
Ernst and Young:
Audit Report and Management's Assertions
Keynectis is a French company, created by merging 2 previous French
certification operators, Certplus and PK7.
Audit:
ETSI TS 101.456, performed by
LSTI - La Sécurité des Technologies de l'Information:
ETSI Certificate Certplus Class 2 Primary CA
Microsec Ltd. is a Hungarian certificate authority.
Audit:
Government, performed by
Hungarian Government National Communications Authority:
Authority statement Microsec e-Szigno Root CA
Network Solutions is a US-based commercial CA with
worldwide customer base.
Audit:
WebTrust for CAs, performed by
KPMG:
Audit
Report and Management's Assertions
Audit:
WebTrust EV, performed by
KPMG:
Report in relation to the WebTrust for Certification Authorities Extended Validation
Criteria Network Solutions Certificate AuthorityThis CA has a subordinate CA, Network Solutions EV SSL
CA, which issues Extended Validation certificates for
SSL-enabled servers. At present there are no other subordinate
CAs under this root; however in the future Network Solutions
may establish additional subordinate CAs to issue non-EV
certificates.. |
QuoVadis is a commercial CA, based in Bermuda and operating globally.
QuoVadis is a Qualified Certification Services Provider in Switzerland.
Audit:
WebTrust, performed by
Ernst & Young
(Technology and Security Risk Services):
Audit Report
and Management's Assertions
Audit:
ETSI TS 101.456, performed by
KPMG:
Swiss Accreditation Service statement
QuoVadis Root CA 2This root will be used for SSL/device certificates, including
standard "organisation validated" certificates as well as EV certificates. QuoVadis Root CA 3This root will operate under a similar CP/CPS to our existing "qualified" Root CA 1,
primarily used for end user certificates.
SECOM Trust Services Co., Ltd are a commercial CA based in Japan.
Audit:
WebTrust, performed by
PricewaterhouseCoopers Aarata:
Report of Independent Certified Public Accountant
Audit:
WebTrust EV, performed by
KPMG:
Audit Report and Management's Assertion
Security Communication EV RootCA1This
request is to add a newly constructed EV root to the NSS database. Note
that there is currently a non-EV CA called Security Communication
RootCA1 in the NSS database.
StartCom is a commercial corporation with customers worldwide, and is
the producer and vendor of the StartCom Linux operating systems, operates
the StartCom Certification Authority and MediaHost.
Audit:
WebTrust CA, performed by
Ernst and Young:
Audit Report and Management's Assertions
Audit:
WebTrust EV, performed by
Ernst and Young:
Audit Report and Management's Assertions
StartCom Certification Authority
Deutscher Sparkassen Verlag GmbH is the world's largest
smartcard provider and the central certification service
provider for all German savings banks. This CA exists to enable
up to 40 million German customers (end-users) to use their
banking card as a certificate based signature, encryption and
authentication device.
Audit:
ETSI TS 101.456, performed by
TÜV-IT:
ETSI TS 101.456 Certificate
Audit:
ETSI TS 102.042, performed by
TÜV-IT:
ETSI TS 102.042 Certificate S-TRUST Authentication and Encryption Root CA 2005:PNThis root will provide all customers of the German
Savings Bank Financial Group with client certificates for
their signature-enabled debit cards (smartcards).
SwissSign AG is a commercial CSP that provides certification services for
individual and corporate customers. SwissSign operates the certificate authority
for the Swiss Post and is mostly focused on Switzerland but Registration Services
may be used internationally.
The "Platinum G2" Root CA currently has 3 subordinate CAs,
the "Gold G2" Root CA has 2 and the "Silver G2" Root CA has 3.
Audit:
ETSI TS 101.456, performed by
KPMG:
Swiss Accreditation Service Certified Bodies List, SAS details for SwissSign
Audit:
WebTrust EV, performed by
KPMG:
Confirmation Notice of WebTrust EV Audit SwissSign Platinum CA - G2The SwissSign Platinum CA - G2 root has three
subordinate CAs. The SwissSign Qualified Platinum CA - G2 issues
"qualified" certificates according to Swiss digital signature law
(ZertES). The SwissSign Personal Platinum CA - G2 issues certificates
for natural persons and organizations. The Swiss Post Platinum CA - G2
issues the "Postzertifikat", a product of the Swiss Post. (Note that
each of the subordinate CAs has its own CP/CPS separate from the
CP/CPS of the root.) The Platinum CAs require that keys be generated
on Secure Signature Creation Devices (SSCDs); since such devices are
not used with servers, this hierarchy is enabled for email and object
signing uses only. SwissSign Gold CA - G2The "Gold G2" root CA currently has two subordinate
CAs: "Personal" issues certificates for natural persons and
organizations, while "Server" issues certificates for systems. This
root CA may also operate other customer-specific Issuing CAs if and
only if they fully comply with all the stipulations of the "Gold G2"
CP/CPS. SwissSign Silver CA - G2The "Silver G2" root CA currently has three subordinate
CAs: "Personal" issues certificates for natural persons and
organizations, "Server" issues certificates for systems, and "Switch"
is operated for a customer that issues certificates for the academic
community | Link |
Download/Install
| | SHA1 | 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB | | Version | 3 | | Modulus (key length) | 4096 | | Valid From | 2006-10-25 | | Valid To | 2036-10-25 | | Revocation | CRL,
OCSP
| | Type | IV | | Document | SwissSign Silver CP/CPS | | Requested Trust Bits | | | Bugs |
Authorisation (343756),
Inclusion (407396) | | Comments | none |
TC TrustCenter GmbH is a commercial company based in Germany,
with customers in all major regions of the world. TC TrustCenter
offers a variety of products and services including SSL Server
certificates and Email certificates.
Audit:
ETSI 102.042, performed by
TÜV-IT Germany:
ETSI TS 102.042 LCP Certificate TC TrustCenter Class 2 CA II
This root has two internally-operated subordinate CAs which issue
certificates for SSL, email, and code signing. This root also has an
externally-operated subordinate CA which is used to issue device
certificates and email certificates for internal use only. The device
name and the email address belong to a company internal domain, so the
ownership is guaranteed.
TC TrustCenter Class 3 CA II
This root has one internally-operated subordinate CA which issues
certificates for SSL, email, and code signing.
TC TrustCenter Universal CA I
This root has been introduced to reduce the number of root certificates
in the trusted root stores. This root will have internally-operated
subordinate CAs for each registration strength. “Class 1”, “Class 2”,
“Class 3” and “Class 4” represent the registration strength. This root
currently has one Class 3 subordinate CA. Over time this root will have
more “TC Class x” subordinate CA certificates.
thawte is a commercial CA with worldwide operations and
customer base; it is a subsidiary of VeriSign, Inc.
Audit:
WebTrust/WebTrust EV, performed by
KPMG:
Audit
Report and Management's Assertions thawte Primary Root CAThis CA issues a CA certificate to the subordinate CAs
thawte Extended Validation SSL CA and thawte Extended
Validation SSL SGC CA, which in turn issue Extended Validation
certificates for SSL-enabled servers. | Link |
Download/Install
| | SHA1 | 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81 | | Version | 3 | | Modulus (key length) | 2048 | | Valid From | 2006-11-17 | | Valid To | 2036-07-16 | | Revocation | CRL,
OCSP
| | Type | EV (policy OID 2.16.840.1.113733.1.7.48.1) | | Document | thawte Certification Practice Statement, Version 3.5 (January 2008) | | Requested Trust Bits | | | Bugs |
Authorisation (407163),
Inclusion (424152),
EV (424154)
| | Comments | Note that for compatibility reasons thawte has
implemented a cross-signing scheme involving this CA. In this
scheme, if applications not supporting EV functionality (e.g.,
Firefox 2 and earlier) encounter thawte EV certificates then
they will end up treating this CA as a subordinate CA under
the existing Thawte Premium Server CA root. |
Trustwave is a commercial CA serving customers worldwide;
it includes the former SecureTrust and XRamp CAs. At this time
there are no subordinate CAs for any of these roots; instead end
entity certificates are issued directly from the roots as noted
below, with different classes of certificates under different
certificate policies. Note that each root CA is not associated
with a single CPS, rather end entity certs are associated with
policies that link to the CPS that the certificate was issued
under: an EV CPS, an OV CPS, etc.
Audit:
WebTrust and WebTrust EV, performed by
Boysen & Miller PLLC:
Audit Report
and Management's Assertions SecureTrust CARoot CA certificate utilized for issuing SSL
certificates (OV and EV) and code signing certificates.
Secure Global CARoot CA certificate utilized for issuing SSL
certificates (OV and EV), S/MIME certificates, and (in future)
code signing certificates.
XRamp Global CARoot CA certificate utilized for issuing SSL
certificates (OV and EV), S/MIME certificates, and code
signing certificates.
T-Systems is a wholly-owned subsidiary of Deutsche Telekom AG.
Audit:
WebTrust, performed by
Ernst and Young:
Audit Report and Management's Assertions
Audit:
ETSI 101.456, performed by
T-Systems GEI:
ETSI 101.456 Certificate of Compliance Deutsche Telekom Root CA 2
TÜRKTRUST is a Turkish CA issuing qualified certificates in Turkey.
Audit:
ETSI TS 101.456, performed by
Turkish Telecommunications Authority:
Letter of Official CA Statement, List of accredited CAs, Audit statement on auditor website TURKTRUST Certificate Services Provider Root 1Root 1 is a "legacy" root included for compatibility
with previously-issued certificates. The English version of the
CPS applies to both roots. | Link |
Download/Install
| | SHA1 | 79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9 | | Version | 3 | | Modulus (key length) | 2048 | | Valid From | 2005-05-13 | | Valid To | 2015-03-22 | | Revocation | CRL, CRL, CRL,
OCSP
| | Type | DV, IV | | Document | CPS v03 (English) | | Requested Trust Bits | | | Bugs |
Authorisation (380635),
Inclusion (410821) | | Comments | none |
TURKTRUST Certificate Services Provider Root 2Root 2 is the new root that replaced Root 1; Root 2 is
used for certificates currently being issued. The English
version of the CPS applies to both roots. | Link |
Download/Install
| | SHA1 | B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7 | | Version | 3 | | Modulus (key length) | 2048 | | Valid From | 2005-07-11 | | Valid To | 2015-09-16 | | Revocation | CRL, CRL, CRL,
OCSP
| | Type | DV, IV | | Document | CPS v03 (English) | | Requested Trust Bits | | | Bugs |
Authorisation (380635),
Inclusion (410821) | | Comments | none |
VeriSign is a major commercial CA with worldwide
operations and customer base.
Audit:
WebTrust, performed by
KPMG:
Audit
Report and Management's Assertions
Audit:
WebTrust EV, performed by
KPMG:
CA-supplied
auditor's letter re WebTrust EV audit VeriSign Class 3 Public Primary Certification Authority - G5This CA issues a CA certificate to the subordinate CA
"VeriSign Class 3 Extended Validation SSL SGC CA", which in
turn issues Extended Validation certificates for SSL-enabled
servers. | Link |
Download/Install
| | SHA1 | 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5 | | Version | 3 | | Modulus (key length) | 2048 | | Valid From | 2006-11-07 | | Valid To | 2036-07-16 | | Revocation | CRL,
OCSP
| | Type | EV (policy OID 2.16.840.1.113733.1.7.23.6) | | Document | VeriSign
Certification Practice Statement, Version 3.5 | | Document | VeriSign
Trust Network Certificate Policies, Version 2.5 | | Requested Trust Bits | | | Bugs |
Authorisation (402947),
Inclusion (422918) | | Comments | Note that for compatibility reasons VeriSign has
implemented a cross-signing scheme involving this CA. In this
scheme, if applications not supporting EV functionality (e.g.,
Firefox 2 and earlier) encounter VeriSign EV certificates then
they will end up treating this CA as a subordinate CA under
the existing VeriSign Class 3 Public Primary CA
root. |
Verizon Business Security Solutions Powered by Cybertrust
operates a commercial certificate authority service for
businesses and governments internationally.
Audit:
WebTrust CA, performed by
Ernst and Young:
Audit Report and Management's Assertions
Audit:
WebTrust EV, performed by
Ernst and Young:
Audit Report and Management's Assertions Cybertrust Global Root
This root was created to provide a service to customers
desiring a root based outside the United States. Relying on
the GTE CyberTrust Global Root for ubiquity through
cross-certification, this root is used for issuance of EV SSL
certificates. There is currently only one internally-operated
subordinate CA called Cybertrust SureServer EV CA. The CPS
allows for this root to have other subordinate CAs in the
future. The sub-CAs are required to follow the CPS and to have
regular audits.
Wells Fargo is a public CA based in San Francisco, California, and
serving customers worldwide. This EV CA was created for the purpose of
creating an online/intermediate EV SSL issuing authority which will be
managed internally, and follow the WellsSecure CPS.
Audit:
WebTrust EV pre-audit, performed by
KPMG:
Audit Report
and Management's Assertions
Audit:
WebTrust CA, performed by
KPMG:
Audit Report
and Management's Assertions WellsSecure Public Root Certificate Authority
Root CA with one internal subordinate CA issuing EV SSL certificates.
WISeKey operates the CertifyID Trust Service, which
supports customer-specific CAs under a CA hierarchy rooted at
the WISeKey Global Root GA CA and containing Policy CAs
(subordinate to the root) and Issuing CAs (subordinate to the
Policy CAs). Note that all end-entity certificates are issued by
the Issuing CAs under policies set by WISeKey.
Audit:
WebTrust, performed by
WTE y E. Álvarez Auditores, S.L.:
Audit Report
and Management's Assertions
Audit:
WebTrust, performed by
WTE y E. Álvarez Auditores, S.L.:
2008 Audit Report and Management's Assertions OISTE WISeKey Global Root GA CAAs noted above, the Global Root GA CA is the one and
only root for the entire CertifyID system. It issues CA
certificates to Policy CAs, which in turn issue CA
certificates to Issuing CAs. There are three types of Policy
CAs (Standard, Advanced, and Qualified) and three types of
Issuing CAs corresponding to these, each issuing a different
class of certificates; verification requirements for
applicants vary by class.
Note that the CPS for the root CA addresses only
procedures related to issuance of certificates for its
subordinate CAs. Issues related to issuance of end entity
certificates are addressed in the other two documents
references, in particular the CPS for the Advanced Services
Issuing CA.
|
