1 | Owner | Action #1 Policy Update Readiness | Action #2 Baseline Requirements Readiness | Action #3 Scan Certificate Database | Action #4 Stop including reserved IP address in SSL certificates | Action #5 URL to Test Website | Comments |
|---|---|---|---|---|---|---|---|
2 | A-Trust | A | A | B* | A** | Provided | * Certificates with key sizes smaller than 2048 will be revoked by the end of 2013. ** Stopped issuing such certs in January 2013. |
3 | Actalis | B | C* | A | A | Provided | * Appendix B, Appendix C, update CPS. March 2013. |
4 | AOL | A | A | A | B* | Provided | * September 2016 |
5 | AS Sertifitseerimiskeskuse (SK) | B | C* | B** | A | Provided | * We have analysed the issues and have a plan to fix the deficiencies. ** We have a plan to revoke all end-entity SSL certificates with RSA key sizes smaller than 2048 bits no later than December 2013. Certificates issued to natural persons with 1024-bit keys in SSCD will remain active after 2013. We have a roadmap in place to replace them. Certificates with sequential serial numbers are no longer being issued, will allow the previously issued certs to expire. |
6 | Autoridad de Certificacion Firmaprofesional | A | A | B* | A | Provided | * There are end entity certificates with keys smaller than 2048 that expire after December 2013 These certificates are issued to natural or legal persons in Secure Signature-Creation Devices (SSCD) and the SSCD can not manage bigger key-lengths. Problematic certificates will NOT be revoked since we consider that the use of SSCD provides an extra of security. We will start to issue EE certificate in SSCD with 2048 bit key-size when the use of such devices is generalised. |
7 | Buypass | B | A | A | A | Provided | |
8 | CA Disig a.s. | B | A | A | A | Provided | |
9 | Camerfirma | A | C* | B** | B*** | Provided | * Working on OCSP and OCSP stapling. ** Certificates with key sizes smaller than 2048 will be revoked by Dec 2013. *** End of 2013 |
10 | CATCert | A | A | B* | B** | Provided | * End-entity certs with 1024-bit keys will expire or be revoked by end of 2014. One of the subCAs issues certs with sequential serial numbers. This subCA will be upgraded to resolve this issue by end of 2013. ** 31/12/2016 |
11 | Certicámara S.A. | A | B* | A | A | Not Applicable | * No longer issuing SSL certs under this root. |
12 | Certigna (Dhimyotis) | A | A | A | A | Provided | |
13 | Certinomis | A | C* | A** | B*** | Provided | * OCSP, alignment of cert fields, internal server names. This year, before next audit. ** There are 15 personal certificates with 1024-bit keys that will be allowed to expire in 2014. *** November 2014 |
14 | certSIGN | A | A | A | A | Provided | |
15 | China Internet Network Information Center (CNNIC) | B* | A | B* | A | Provided | * Certs issued with sequential SN. Email received on January 16, 2014, stating that the serial numbers of all new end-entity certs now contain 20 bits of random data. |
16 | Chunghwa Telecom Corporation | A | C* | B** | B*** | Provided | * We have completed <add id-kp-serverAuth and id-kp-serverAuth in ExtKeyUsage Field as specified in the item F of Subscriber Certificate requirements in Appendix B of CA/Browser Forum's Baseline Requirements. ** Certs with 1024-bit keys will be revoked and replaced by end of 2013. *** Stop issuing by Jan 2014. Revoke remaining by end of 2015. |
17 | Comodo (AddTrust, Comodo, USERTRUST) | A | A | B* | B** | Provided | * Many certs with RSA key size smaller than 2048 were issued before December 2010. We do not have a fixed date in mind by which we will revoke these certificates – but we understand that browsers and platforms may cease to support <2048 bit RSA keys after 2013 and we are prepared for that event. ** November 2015. We are working to transition our customers away from this practice well before then in as many cases as possible. |
18 | ComSign (Comda) | A | A | A | B* | Provided | * Will stop issuing such certs November 2015. |
19 | DanID (TDC) | A* ** | B* ** | A*** | A | Provided | * The TDC OCES CA (not SSL) cannot sign intermediate certificates due to the national OCES Certificate Policy (OCES CP). We request Mozilla to remove the TDC OCES CA certificate by December 31 2013. ** TDC Internet Root CA -- no new certificates issued in this hierarchy since June 30, 2012. *** Have not scanned all the end user certs, but have requested that the TDC OCES CA be removed. |
20 | Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV) | C* | B | A | A | Not Applicable | We do not issue SSL certificates. Only the S/MIME trust bit is enabled for our root cert. * our root certificate has pathlength=0. In order to change this, we would have to create a new root certificate, have it included in Mozilla products, and allow for migration of thousands of client certificates (issued to smart cards) to the new hierarchy. Therefore, we request that either the fourth bullet point of item #6 be changed to not apply to client (S/MIME) certificates, or that we be granted a long-term exception to the fourth bullet point of item #6. For the same reason we can not operate this root offline as required indirectly by ETSI TS 102 042 V2.3.1 because it includes the "Network and CA system security requirements" of the CA/Browser Forum. Therefore, we also request to update the text regarding the ETSI criteria version and make ETSI TS 102 042 V 2.1.2 applicable to our type of root certificate |
21 | DigiCert | A | A | B* | B** | * End user certificates with 1024-bit keys will be revoked by end of 2013. ** November 2015 | |
22 | e-Guven Elektronik Bilgi Guvenligi A.S. | B | C* | A | B** | Provided | * Root certificate generation request due to SHA -1 hash algorithm in regulation given by Turkish Government on 30.01.2013. Planning to be done in 6 months. (30.07.2013) ** Will stop issuing such certs by January 31 2013. |
23 | e-tugra | B* | A | A | A | Provided | * intermediate certificates |
24 | EDICOM | A | A | A | A | Provided | |
25 | Entrust | B* | A | B** | B*** | Provided | * subCAs ** End user certificates with 1024-bit keys will expire by March 2014. End user certificates with sequential serial numbers. The majority of these certificates have 3-bytes of randomness in the valid to/from date fields. Entrust will be changing the issuance to have random data in the serial number. *** November 1, 2015 |
26 | GlobalSign | B | A | A | B* | Provided | * We plan to stop issuing SSL certificates containing Reserved IP Addresses or Internal Server Names by Nov 1st 2015 |
27 | GoDaddy (GoDaddy, Starfield, ValiCert) | A | A | B* | B** | Provided | * End-entity certs with 1024-bit keys were issued before the effective date of the Baseline Requirements, and will be allowed to expire after 12/31/2013. ** We plan to stop issuing SSL certificates containing Reserved IP Addresses or Internal Server Names by November 1, 2015, in accordance with the sunset timeline established in the CA/Browser Forum Baseline Requirements. We are also monitoring the work ICANN is doing with new gTLDs and will take any action prior to November 1, 2015 that is necessary to ensure that any existing or newly issued certificates are valid under newly-created public DNS namespaces. |
28 | Government of France (PM/SGDN, IGC/A) | C* | C* | A | A | Provided | * We need to add OCSP responders; add the Subject Alternative Name field in all SSL certificates; provide a web page with valid, revoked and expired certificates for each CA; retain audit logs and documentation for seven years instead of five years; conduct an annual risk assessment; and verify conformance with CPS four times a year. Furthemore, these requirements will be included in the next version of the French reference document called “référentiel général de sécurité” for all administrations in France. Modifying the current PKIs involves heavy government administrative procedures and additional budgets which have not been provisioned by the ministries for 2013. Therefore, the following schedule will be used: - May to October 2013: Formalize specifications to be fully compliant with requirements of Mozilla policy and CA/BrowserForum; - December 2013: Finalize budget plan for 2014 - January to May 2014: Set up a government contract to implement the changes - June 2014 to June 2015: Contract execution - July 2015 to December 2015: Issue new compliant certificates, replace and revoke non-compliant certificates. |
29 | Government of Hong Kong (SAR), Hongkong Post | C* | C** | B*** | B**** | Provided | * Only issue with Mozilla policy version 2.1 is in regards to BRs. ** Work in progress: subjectAlternateName (BR 9.2.1), 20 bits of entropy (BR 9.6), OCSP GET (BR 13.2.2), cert extensions (Appendix B). Need until mid 2015 to be in full compliance with the BRs because the work involves system and infrastructure upgrades. *** Internally-operated intermediate cert missing cRLDistributionPoint. Certs issued with sequential serial numbers. Software and infrastructure upgrades required, will complete by Q2 2014. **** May issue SSL certs with internal or private domain names, but plan to comply with BR #9.2.1. |
30 | Government of Japan, Ministry of Internal Affairs and Communications (GPKI) | C* | C** | B*** | A | Provided | * GPKI had already planned to create a new root certificate, so the new root certificate and hierarchy will be in full compliance with the BRs. ** Creating a new root certificate in 2013 to meet the BRs. This will need to be included in Mozilla products and certificates transitioned to the new hierarchy. *** As of January 11, 2013, new end-entity certificates are not issued with sequential serial numbers, and they contain at least 20 bits of random data. |
31 | Izenpe S.A. | A | A | A | B* | Provided | * Our SSL certs last for 3 years, so we´ll stop issuing them in October 2013. |
32 | Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) | A | A | A | A | Provided | |
33 | Government of Taiwan, Government Root Certification Authority (GRCA) | A | C* | B** | B*** | Provided | * add id-kp-serverAuth and id-kp-serverAuth in ExtKeyUsage Field as specified in the item F of Subscriber Certificate requirements in Appendix B of CA/Browser Forum's Baseline Requirements, and we verify that all of the information that is included in SSL certificates remains current and correct at time intervals of 36 months. We plan to have this completed by Dec 31, 2013. ** End-entity certs with 1024-bit keys expire or will be revoked by the end of 2013. *** Will stop issuing such certs by Jan 1, 2015. Will revoke such certs by Dec 31, 2015. |
34 | Government of The Netherlands, PKIoverheid (Staat der Nederlanden, Logius) | A | A | B* | B** | Provided | * Two CSPs have certificates with 1024-bit keys. The SSL certs with small key sizes will be revoked/replaced by end of 2013. The end user certs with small key sizes will be replaced by July 2014. ** November 2015 |
35 | Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) | A* | C** | A | A | Provided | * Mozilla’s CA Certificate Policy #9 will be available in our new root, which we will submit to Mozilla for inclusion in Q4, 2013. **We will have this done by July 2013. We are working on audit recently. |
36 | Hellenic Academic and Research Institutions Certification Authority (HARICA) | A | C* | A | A | Provided | * Work to comply with BRs has been completed. BR audit statement received by Mozilla on March 4, 2014. |
37 | IdenTrust | C* | A** & C** | A & D*** | A | Provided | * Subordinate CA certificates. Under normal circumstances, we would be able to deliver in the allotted timeframe. However, the timing is challenging because all four of the current IdenTrust roots stored in the Mozilla browser (E1, E2, X3, and X6) will go through rollover during the 2014 calendar year. As a result, our current proposed plan is to update our CA operations to comply with the proposed version 2.1 of the Mozilla’s CA Certificate Policy by December 31, 2014. ** IdenTrust CA operations conform to the BRs. There is one particular subCA chaining up to the X3 root that needs more time to implement OCSP, policy updates, hostname in subjectAltNames. Plan is for this subCA to comply by March 31, 2013. *** One subCA chaining up to the X3 root found noncompliant certificates that have been revoked and replaced in January 2013. These revoked certificates had incorrectly enabled keyCertSign (within Key Usage). However, these certificates DID NOT have 'cA' enabled in basicConstraints. As such, we do not believe these certificates pose security risk as Mozilla based browser would require 'cA' enabled in basicConstraints to form a valid path back to a trusted anchor. In addition, the Sub CA that has issued the revoked certificates has a path length constraint set to 0. This provides an additional protection because in standard path validation any chain containing the revoked certificates would be rejected because the length of the chain formed using the revoked certificates would not satisfy the path length constraint set to 0. |
38 | Japan Certification Services, Inc. (JCSI) | * | ** | A | A | ** | * This root certification only has internally-operated subordinate CAs. ** New certificate issuance is currently suspended. A new issuing intermediate certificate will be created before new certificate issuance resumes. |
39 | KEYNECTIS (Certplus) | B | A | B* | A | Provided | * The 1024-bit subscriber certificates have been revoked, and the platform has been configured so the minimum acceptable key size is 2048 bits. There is one internal (employees) CA without a CRLDP extension, which will be revoked and replaced this year. A subCA has issued certs with sequential serial numbers; this subCA certificate is not signing new certs, and will be revoked soon. |
40 | Microsec e-Szignó CA | A | A | A | A | Provided | |
41 | NetLock Ltd. | A | A | B* | A | * End-entity certs with 1024-bit keys expire or will be revoked by end of 2013. | |
42 | QuoVadis | B | A | B* | B** | Provided | * End user certificates with 1024-bit keys, will be replaced by end of 2013. Two intermediate certs (for issuing end user certs, not SSL certs) with OCSP in AIA but they don't include a CRL URI. One already replaced, the other being replaced. ** November 2015 |
43 | RSA the Security Division of EMC (RSA, ValiCert) | B* | C** | A | A | Provided | * Subordinate CAs. RSA is still considering whether to technically constrain subordinate CA certificates or to publicly disclose them and will reach a decision by the specified dates. ** RSA Root CA does not issue SSL certificates to end users; Intermediate Customer CAs do issue SSL certificates, and in the process of verifying compliance. Target compliance for Intermediate CAs will be by end 2014. |
44 | SECOM Trust Systems Co. Ltd. (SECOM, ValiCert) | A | C* | B** | B*** | Provided | * 1024 bit certs, Appendix A. We plan to have this completed by the end of 2013. However, it might be still many certificates active after 2014. OCSP requirements for SubCAs are still working. It depends on the environments of devices/ software and economic outlay of the customers. We need to discuss and plan with our customers. ** SSL certificates smaller than 2048bits expire after 2014 and certificates have been issued with contiguous serial numbers. Problematic certificates will be revoked and replaced by the end of 2013. *** Stop issuing such certs by November 2015. |
45 | Start Commercial (StartCom) Ltd. | A | A | A | A | Provided | |
46 | Swisscom Solutions AG | A | A | A | A | Provided | |
47 | SwissSign AG | B | A | A | B* | Provided | * May 15, 2014 |
48 | Symantec / TC Trust Center | B | A | A | B* | Provided | * Will stop issuing such certs by November 2015. |
49 | Symantec / Thawte | B | A | B* | B** | Provided | * SSL end-entity certs with 1024-bit keys will expire or be revoked by the end of 2013. Non-SSL certs with 1024-bit keys will be allowed to expire, and customers will be upgraded to bigger key sizes when they renew their certificates. ** Will stop issuing such certs by November 2015. |
50 | Symantec / VeriSign | B | A | B* | B** | Provided | * SSL end-entity certs with 1024-bit keys will expire or be revoked by the end of 2013. Non-SSL certs with 1024-bit keys will be allowed to expire, and customers will be upgraded to bigger key sizes when they renew their certificates. ** Will stop issuing such certs by November 2015. |
51 | Symantec / GeoTrust (includes Equifax, USERTRUST) | B | A | B* | B** | Provided | * SSL end-entity certs with 1024-bit keys will expire or be revoked by the end of 2013. Non-SSL certs with 1024-bit keys will be allowed to expire, and customers will be upgraded to bigger key sizes when they renew their certificates. Certs are issued with sequential serial numbers, but there is unpredictable data in the cert. ** Will stop issuing such certs by November 2015. |
52 | Symantec / RapidSSL | B | A | B* | B** | Provided | * SSL end-entity certs with 1024-bit keys will expire or be revoked by the end of 2013. Non-SSL certs with 1024-bit keys will be allowed to expire, and customers will be upgraded to bigger key sizes when they renew their certificates. Certs are issued with sequential serial numbers, but there is unpredictable data in the cert. ** Will stop issuing such certs by November 2015. |
53 | T-Systems International GmbH (Deutsche Telekom) | B | A | B* | B** | Provided | * End-entity certificates with 1024-bit keys will be revoked/replaced by the end of 2013. ** Will stop issuing such certs in accordance with BR #9.2.1. |
54 | Taiwan-CA Inc. (TWCA) | A | A | A | A | Provided | |
55 | TeliaSonera | B | C* | B** | B*** | Provided | * The next TeliaSonera CA audit is starting in February 2014, and is expected to confirm full compliance with BRs. The first BR audit identified improvements needed in order to fully comply with BRs # 9.5, 10.3.1, 13.1.3, 15.3.2, 16.2. 16.3, and 16.4. ** Certificates with 1024-bit keys were previously used for older smart cards and older VPN connections managed by TeliaSonera. Those will be allowed to expire, and will be upgraded to bigger key sizes when they expire. Those will expire in 2013-2016. *** Will expire or be replaced by October 2016. |
56 | Trend Micro (AffirmTrust) | A | A | A | A* | Provided | * Reserve the right to issue this type of certificate, but would observe the expiry date limitation of November 2015. |
57 | Trustis | B | C* | A | B** | Provided | * Implement OCSP by May 2014, then add BR compliance statement to CPS. BR audit will be part of the 2014 audit. ** Stop issuing such certs by September 2013. |
58 | Trustwave (SecureTrust, Xramp) | B | C* | B* | B** | Provided | * End-entity certificates with 1024-bit keys will be revoked/replaced by the end of 2013. ** |
59 | TurkTrust | B | C* | B** | A*** | Provided | * BRs 9.2.1, 9.2.4, 9.2.6, 9.3.3, 9.5, and Appendix C. May 2013. ** End-user certificates with 1024-bit keys, will be allowed to expire. SSL certs with sequential serial numbers will be revoked/replaced by October 2013. (Relevant intermediate certs already distrusted in NSS.) *** This type of cert is no longer being issued; existing certs will be allowed to expire. |
60 | Unizeto Certum | A | C* | A | A | Provided | * OCSP requirements for end user certificates will be fulfilled by October 2013. |
61 | Verizon Business (Balitmore, Cybertrust, GTE) | C* | C** | B*** | A (Verizon), B**** | Provided | As we manage a number of subordinate CAs at major enterprises and their planning completes, we have been receiving estimates of OCSP response capability at our external subordinate CAs taking effect after the May 15, 2014 target. We are working with our customers to understand delays and bring as many subordinates into OCSP compliance as practical. In all other regards, including audit or technical constraint, we are making progress on target to our previous commitment. * Will not be able to assert full BR compliance in next audit (April 2013) because OCSP service will be completed later. The April 2014 audit is expected to confirm full compliance with the BRs. SubCAs also need to implement OCSP services, plan is to fully comply with Mozilla policy v2.1 by May 15, 2014. ** OCSP, absence of country in DN of some subordinate CAs, use of the id-any-policy in some subordinate CAs, customer ability to shut off mandatory CN copy to SAN in cases of interoperability failure, CP and CPS content, exam process for approvers, customer ability to set a fixed list of authorized requestors, and video taping of subordinate CA creation. We require additional planning and software engineering estimates before we can provide a compliance date for the BR, primarily driven by OCSP. *** Our managed services operations and the operations of our subordinated customers include 1024-bit end entity keys valid after 12/31/2013 which will be replaced before the end of 2013. The subordinated operations of a small fraction of our customers include sequential serial numbers which are partially mitigated by validity datetime randomness, and completely mitigated by applying patches to randomize serials. No other issues were reported or discovered in scans. **** Our customers intend to align to the prescribed timelines that all RFC 1918 reserved IP address certificates expire by October 2016 and that none are issued after November 2015. In almost all regards ... reserved IP addresses have nearly been cleared from our issued base and will be eliminated ahead of the targets. |
62 | Visa | A | A | * | A | ** | * We will scan our database, take the requested action, and reply to question 3 by March 31st 2013. ** Test websites will be available by March 31st 2013. |
63 | Web.com (Network Solutions) | A | A | A | B* | Provided | * Will stop issuing such certs by November 2015. We will be transiting our customers away from this practice well before then in as many cases as possible. |
64 | Wells Fargo Bank N.A. | A | A | A | B* | Provided | * November 2014 |
65 | WISeKey | A | A | A | B* | Provided | * October 2016 |
66 |
1 | Owner | Organization in Certificate Subject | Certificate Common Name or Certificate Name | Certificate Valid From | Certificate Valid To | Certificate Modulus | Certificate Signature Algorithm | URL to Test Website | Comments |
|---|---|---|---|---|---|---|---|---|---|
2 | A-Trust | A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH | A-Trust-nQual-03 | 2005 Aug 17 | 2015 Aug 17 | 2048 | SHA-1 | https://test1.a-trust.at/ | |
3 | Actalis | Actalis S.p.A./03358520967 | Actalis Authentication Root CA | 2011 Sep 22 | 2030 Sep 22 | 4096 | SHA-256 | https://portal-pte.actalis.it | |
4 | AOL | America Online Inc. | America Online Root Certification Authority 1 | 2002 May 28 | 2037 Nov 19 | 2048 | SHA-1 | https://www.gathr.com/ | |
5 | AOL | America Online Inc. | America Online Root Certification Authority 2 | 2002 May 28 | 2037 Sep 29 | 4096 | SHA-1 | This root cert does not currently issue certificates. It is AOL's disaster recovery plan. | |
6 | AS Sertifitseerimiskeskuse (SK) | AS Sertifitseerimiskeskus | EE Certification Centre Root CA | 2010 Oct 30 | 2030 Dec 17 | 2048 | SHA-1 | https://openxades.org | |
7 | AS Sertifitseerimiskeskuse (SK) | AS Sertifitseerimiskeskus | Juur-SK | 2001 Aug 30 | 2016 Aug 26 | 2048 | SHA-1 | https://www.sk.ee | |
8 | Autoridad de Certificacion Firmaprofesional | Autoridad de Certificacion Firmaprofesional CIF A62634068 | 2001 Oct 24 | 2013 Oct 24 | 2048 | SHA-1 | Expires October 2013 | ||
9 | Autoridad de Certificacion Firmaprofesional | Autoridad de Certificacion Firmaprofesional CIF A62634068 | 2009 May 20 | 2030 Dec 31 | 4096 | SHA-1 | https://www.firmaprofesional.com | ||
10 | Buypass | Buypass AS-983163327 | Buypass Class 2 CA 1 | 2006 Oct 13 | 2016 Oct 13 | 2048 | SHA-1 | https://valid.domainplus.ca12.ssl.buypass.no/ | |
11 | Buypass | Buypass AS-983163327 | Buypass Class 2 Root CA | 2010 Oct 26 | 2040 Oct 26 | 4096 | SHA-256 | https://valid.domainplus.ca22.ssl.buypass.no/ | |
12 | Buypass | Buypass AS-983163327 | Buypass Class 3 CA 1 | 2005 May 09 | 2015 May 09 | 2048 | SHA-1 | https://valid.evident.ca13.ssl.buypass.no/ | |
13 | Buypass | Buypass AS-983163327 | Buypass Class 3 Root CA | 2010 Oct 26 | 2040 Oct 26 | 4096 | SHA-256 | https://valid.evident.ca23.ssl.buypass.no/ | |
14 | CA Disig a.s. | Disig a.s. | CA Disig | 2006 Mar 22 | 2016 Mar 22 | 2048 | SHA-1 | https://testssl-valid.disig.sk/index.en.html | |
15 | Camerfirma | AC Camerfirma S.A. | Chambers of Commerce Root - 2008 | 2008 Aug 1 | 2038 Jul 31 | 4096 | SHA-1 | https://www.camerfirma.com | |
16 | Camerfirma | AC Camerfirma S.A. | Global Chambersign Root - 2008 | 2008 Aug 1 | 2038 Jul 31 | 4096 | SHA-1 | Not yet issuing SSL certificates in this hierarchy. | |
17 | Camerfirma | AC Camerfirma SA CIF A82743287 | Chambers of Commerce Root | 2003 Sep 30 | 2037 Sep 30 | 2048 | SHA-1 | https://server1.camerfirma.com/ | |
18 | Camerfirma | AC Camerfirma SA CIF A82743287 | Global Chambersign Root | 2003 Sep 30 | 2037 Sep 30 | 2048 | SHA-1 | Not yet issuing SSL certificates in this hierarchy. | |
19 | CATCert | Agencia Catalana de Certificacio | EC-ACC | 2003 Jan 07 | 2031 Jan 07 | 2048 | SHA-1 | https://www.catcert.cat/CATCERT/Regulacio | |
20 | Certicámara S.A. | Sociedad Cameral de Certificación Digital - Certicámara S.A. | AC Raíz Certicámara S.A. | 2006 Nov 27 | 2030 Apr 02 | 4096 | SHA-1 | Not applicable | No longer issuing SSL certs under this root. |
21 | Certigna | Dhimyotis | Certigna | 2007 Jun 29 | 2027 Jun 29 | 2048 | SHA-1 | https://www.certigna.fr | |
22 | Certinomis | Certinomis | Certinomis - Autorité Racine | 2008 Sep 17 | 2028 Sep 17 | 4096 | SHA-1 | https://w3-test.certinomis.fr/ | |
23 | certSIGN | certSIGN | certSIGN ROOT CA | 2006 Jul 04 | 2031 Jul 04 | 2048 | SHA-1 | https://www.certsign.ro | |
24 | China Internet Network Information Center (CNNIC) | CNNIC | CNNIC ROOT | 2007 Apr 16 | 2027 Apr 16 | 2048 | SHA-1 | https://dev.itown.163.com | |
25 | Chunghwa Telecom Corporation | Chunghwa Telecom Co., Ltd. | ePKI Root Certification Authority | 2004 Dec 20 | 2034 Dec 20 | 4096 | SHA-1 | https://publicca.hinet.net/ | |
26 | Comodo | AddTrust AB | AddTrust Class 1 CA Root | 2000 May 30 | 2020 May 30 | 2048 | SHA-1 | https://addtrustclass1caroot.comodoca.com/ | |
27 | Comodo | AddTrust AB | AddTrust External CA Root | 2000 May 30 | 2020 May 30 | 2048 | SHA-1 | https://addtrustexternalcaroot-ev.comodoca.com/ | |
28 | Comodo | AddTrust AB | AddTrust Public CA Root | 2000 May 30 | 2020 May 30 | 2048 | SHA-1 | https://addtrustpubliccaroot.comodoca.com/ | |
29 | Comodo | AddTrust AB | AddTrust Qualified CA Root | 2000 May 30 | 2020 May 30 | 2048 | SHA-1 | https://addtrustqualifiedcaroot.comodoca.com/ | |
30 | Comodo | Comodo CA Limited | AAA Certificate Services | 2004 Jan 01 | 2028 Dec 31 | 2048 | SHA-1 | https://aaacertificateservices.comodoca.com/ | |
31 | Comodo | COMODO CA Limited | COMODO Certification Authority | 2006 Dec 01 | 2029 Dec 31 | 2048 | SHA-1 | https://comodocertificationauthority-ev.comodoca.com/ | |
32 | Comodo | COMODO CA Limited | COMODO ECC Certification Authority | 2008 Mar 06 | 2038 Jan 18 | ECC | ECC | https://comodoecccertificationauthority-ev.comodoca.com/ | |
33 | Comodo | Comodo CA Limited | Secure Certificate Services | 2004 Jan 01 | 2028 Dec 31 | 2048 | SHA-1 | https://securecertificateservices.comodoca.com/ | |
34 | Comodo | Comodo CA Limited | Trusted Certificate Services | 2004 Jan 01 | 2028 Dec 31 | 2048 | SHA-1 | https://trustedcertificateservices.comodoca.com/ | |
35 | Comodo | The USERTRUST Network | UTN - DATACorp SGC | 1999 Jun 24 | 2019 Jun 24 | 2048 | SHA-1 | https://utndatacorpsgc-ev.comodoca.com/ | |
36 | Comodo | The USERTRUST Network | UTN-USERFirst-Client Authentication and Email | 1999 Jul 09 | 2019 Jul 09 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
37 | Comodo | The USERTRUST Network | UTN-USERFirst-Hardware | 1999 Jul 09 | 2019 Jul 09 | 2048 | SHA-1 | https://utnuserfirsthardware-ev.comodoca.com/ | |
38 | Comodo | The USERTRUST Network | UTN-USERFirst-Object | 1999 Jul 09 | 2019 Jul 09 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
39 | ComSign | ComSign | ComSign CA | 2004 Mar 24 | 2029 Mar 19 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
40 | ComSign | ComSign | ComSign Secured CA | 2004 Mar 24 | 2029 Mar 16 | 2048 | SHA-1 | https://comsign.co.il/main.asp?id=65 | |
41 | DanID | TDC | TDC OCES CA | 2003 Feb 11 | 2037 Feb 11 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
42 | DanID | TDC Internet | TDC Internet Root CA | 2001 Apr 05 | 2021 Apr 05 | 2048 | SHA-1 | https://www.certifikat.dk | No longer issuing SSL certs in this hierarchy. |
43 | Deutscher Sparkassen Verlag GmbH (S-TRUST) | Deutscher Sparkassen Verlag GmbH | S-TRUST Authentication and Encryption Root CA 2005:PNS | 2005 Jun 22 | 2030 Jun 21 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
44 | DigiCert | DigiCert Inc | DigiCert Assured ID Root CA | 2006 Nov 10 | 2031 Nov 10 | 2048 | SHA-1 | https://assured-id-root.digicert.com/testroot/ | |
45 | DigiCert | DigiCert Inc | DigiCert Global Root CA | 2006 Nov 10 | 2031 Nov 10 | 2048 | SHA-1 | https://global-root.digicert.com/testroot/ | |
46 | DigiCert | DigiCert Inc | DigiCert High Assurance EV Root CA | 2006 Nov 10 | 2031 Nov 10 | 2048 | SHA-1 | https://ev-root.digicert.com/testroot/ | |
47 | e-Guven Elektronik Bilgi Guvenligi A.S. | Elektronik Bilgi Guvenligi A.S. | e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi | 2007 Jan 04 | 2017 Jan 04 | 2048 | SHA-1 | https://www.imzalagonder.com | |
48 | e-tugra | EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. | EBG Elektronik Sertifika Hizmet Sağlayıcısı | 2006 Aug 17 | 2016 Aug 14 | 4096 | SHA-1 | https://ediskim.e-tugra.com.tr/ | |
49 | EDICOM | EDICOM | ACEDICOM Root | 2008 Apr 18 | 2028 Apr 13 | 4096 | SHA-1 | https://support.edicomgroup.com/ | |
50 | Entrust | Entrust, Inc. | Entrust Root Certification Authority | 2006 Nov 27 | 2026 Nov 27 | 2048 | SHA-1 | https://ssltest.entrust.net | |
51 | Entrust | Entrust.net | Entrust.net Certification Authority (2048) | 1999 Dec 24 | 2019 Dec 24 | 2048 | SHA-1 | https://2048test.entrust.net | |
52 | Entrust | Entrust.net | Entrust.net Secure Server Certification Authority | 1999 May 25 | 2019 May 25 | 1024 | SHA-1 | https://validev.entrust.net | |
53 | GlobalSign | GlobalSign | GlobalSign | 2006 Dec 15 | 2021 Dec 15 | 2048 | SHA-1 | https://2021.globalsign.com/ | |
54 | GlobalSign | GlobalSign | GlobalSign | 2009 Mar 18 | 2029 Mar 18 | 2048 | SHA-256 | https://2029.globalsign.com/ | |
55 | GlobalSign | GlobalSign nv-sa | GlobalSign Root CA | 1998 Sep 01 | 2028 Jan 28 | 2048 | SHA-1 | https://2028.globalsign.com/ | |
56 | GoDaddy | GoDaddy.com, Inc. | Go Daddy Root Certificate Authority - G2 | 2009 Sep 01 | 2037 Dec 31 | 2048 | SHA-256 | https://valid.gdig2.catest.godaddy.com/ | |
57 | GoDaddy | Starfield Technologies, Inc. | Starfield Class 2 CA | 2004 Jun 29 | 2034 Jun 29 | 2048 | SHA-1 | https://valid.sfi.catest.starfieldtech.com/ | |
58 | GoDaddy | Starfield Technologies, Inc. | Starfield Root Certificate Authority - G2 | 2009 Sep 01 | 2037 Dec 31 | 2048 | SHA-256 | https://valid.sfig2.catest.starfieldtech.com/ | |
59 | GoDaddy | Starfield Technologies, Inc. | Starfield Services Root Certificate Authority - G2 | 2009 Sep 01 | 2037 Dec 31 | 2048 | SHA-256 | https://valid.sfsg2.catest.starfieldtech.com/ | |
60 | GoDaddy | The Go Daddy Group, Inc. | Go Daddy Class 2 CA | 2004 Jun 29 | 2034 Jun 29 | 2048 | SHA-1 | https://valid.gdi.catest.godaddy.com/ | |
61 | GoDaddy | ValiCert, Inc. | http://www.valicert.com/ | 1999 Jun 26 | 2019 Jun 26 | 1024 | SHA-1 | No longer issuing certificates in this hierarchy. | |
62 | Government of France | PM/SGDN | IGC/A | 2002 Dec 13 | 2020 Oct 17 | 2048 | SHA-1 | https://e-formation.institut.minefi.gouv.fr/Login.asp | |
63 | Government of Hong Kong (SAR), Hongkong Post | Hongkong Post | Hongkong Post Root CA 1 | 2003 May 15 | 2023 May 15 | 2048 | SHA-1 | https://www.hongkongpost.gov.hk/ | |
64 | Government of Japan, Ministry of Internal Affairs and Communications | Japanese Government | ApplicationCA - Japanese Government | 2007 Dec 12 | 2017 Dec 12 | 2048 | SHA-1 | https://www.gpki.go.jp/apca/index.html | |
65 | Izenpe S.A. | IZENPE S.A. | Izenpe.com | 2007 Dec 13 | 2037 Dec 13 | 4096 | SHA-256 | https://servicios.izenpe.com/ | |
66 | Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) | Generalitat Valenciana | Root CA Generalitat Valenciana | 2001 Jul 6 | 2021 Jul 01 | 2048 | SHA-1 | https://genera.accv.es/apsc/frontal/index.html | ACCVRAIZ1 (pending inclusion, bug #811352) -- https://ulik2.accv.es/ |
67 | Government of Taiwan, Government Root Certification Authority (GRCA) | Government Root Certification Authority | Taiwan GRCA | 2002 Dec 05 | 2032 Dec 05 | 4096 | SHA-1 | https://www.cp.gov.tw/portal/Clogin.aspx?ReturnHost=www.gov.tw&ReturnUrl=%2fdefault.aspx | |
68 | Government of The Netherlands, PKIoverheid | Staat der Nederlanden | Staat der Nederlanden Root CA | 2002 Dec 17 | 2015 Dec 16 | 2048 | SHA-1 | https://www.elkk.amsterdam.nl/ | This root is being phased out. |
69 | Government of The Netherlands, PKIoverheid | Staat der Nederlanden | Staat der Nederlanden Root CA - G2 | 2008 Mar 26 | 2020 Mar 25 | 4096 | SHA-256 | https://www.digid.nl/ | |
70 | Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) | Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK | TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 | 2007 Aug 24 | 2017 Aug 21 | 2048 | SHA-1 | https://nesbireysel.kamusm.gov.tr/nb.go | |
71 | HARICA | Hellenic Academic and Research Institutions Cert. Authority | Hellenic Academic and Research Institutions RootCA 2011 | 2011 Dec 06 | 2031 Dec 01 | 2048 | SHA-1 | https://www2.harica.gr | |
72 | IdenTrust | Digital Signature Trust | DST ACES CA X6 | 2003 Nov 20 | 2017 Nov 20 | 2048 | SHA-1 | https://sslacesvalid.identrust.com | |
73 | IdenTrust | Digital Signature Trust Co. | Digital Signature Trust Co. Global CA 1 | 1998 Dec 10 | 2018 Dec 10 | 1024 | SHA-1 | SSL certs are no longer being issued in this hierarchy. | |
74 | IdenTrust | Digital Signature Trust Co. | Digital Signature Trust Co. Global CA 3 | 1998 Dec 09 | 2018 Dec 09 | 1024 | SHA-1 | SSL certs are no longer being issued in this hierarchy. | |
75 | IdenTrust | Digital Signature Trust Co. | DST Root CA X3 | 2000 Sep 30 | 2021 Sep 30 | 2048 | SHA-1 | https://www.identrustssl.com | |
76 | Japan Certification Services, Inc. (JCSI) | Japan Certification Services, Inc. | SecureSign RootCA11 | 2009 Apr 08 | 2029 Apr 08 | 2048 | SHA-1 | ||
77 | KEYNECTIS | Certplus | Class 2 Primary CA | 1999 Jul 07 | 2019 Jul 06 | 2048 | SHA-1 | https://www.keynectis.com/en/ | |
78 | Microsec e-Szignó CA | Microsec Ltd. | Microsec e-Szigno Root CA | 2005 Apr 06 | 2017 Apr 06 | 2048 | SHA-1 | https://srv.e-szigno.hu/ | |
79 | Microsec e-Szignó CA | Microsec Ltd. | Microsec e-Szigno Root CA 2009 | 2009 Jun 16 | 2029 Dec 30 | 2048 | SHA-256 | https://pca.e-szigno.hu/ | |
80 | NetLock Ltd. | NetLock Halozatbiztonsagi Kft. | NetLock Expressz (Class C) Tanusitvanykiado | 1999 Feb 25 | 2019 Feb 20 | 1024 | MD5 | ||
81 | NetLock Ltd. | NetLock Halozatbiztonsagi Kft. | NetLock Kozjegyzoi (Class A) Tanusitvanykiado | 1999 Feb 24 | 2019 Feb 19 | 2048 | MD5 | ||
82 | NetLock Ltd. | NetLock Halozatbiztonsagi Kft. | NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado | 2003 Mar 30 | 2022 Dec 15 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
83 | NetLock Ltd. | NetLock Halozatbiztonsagi Kft. | NetLock Uzleti (Class B) Tanusitvanykiado | 1999 Feb 25 | 2019 Feb 20 | 1024 | MD5 | ||
84 | NetLock Ltd. | NetLock Kft. | NetLock Arany (Class Gold) Főtanúsítvány | 2008 Dec 11 | 2028 Dec 6 | 2048 | SHA-256 | ||
85 | QuoVadis | QuoVadis Limited | QuoVadis Root CA 2 | 2006 Nov 24 | 2031 Nov 24 | 4096 | SHA-1 | https://evsslrca2-v.quovadisglobal.com | http://www.quovadisglobal.com/QVRepository/TestCertificates.aspx |
86 | QuoVadis | QuoVadis Limited | QuoVadis Root CA 3 | 2006 Nov 24 | 2031 Nov 24 | 4096 | SHA-1 | https://qvsslrca3-v.quovadisglobal.com | |
87 | QuoVadis | QuoVadis Limited | QuoVadis Root Certification Authority | 2001 Mar 19 | 2021 Mar 17 | 2048 | SHA-1 | https://qvsslrca-v.quovadisglobal.com | |
88 | RSA the Security Division of EMC | RSA Security Inc | RSA Security 2048 v3 | 2001 Feb 22 | 2026 Feb 22 | 2048 | SHA-1 | https://knowledge.rsasecurity.com | |
89 | RSA the Security Division of EMC | ValiCert, Inc. | http://www.valicert.com/ | 1999 Jun 26 | 2019 Jun 26 | 1024 | SHA-1 | No longer issuing SSL certs under this root. | |
90 | SECOM Trust Systems Co. Ltd. | SECOM Trust Systems CO.,LTD. | Security Communication EV RootCA1 | 2007 Jun 06 | 2037 Jun 06 | 2048 | SHA-1 | https://repo2.secomtrust.net/ev.gif | |
91 | SECOM Trust Systems Co. Ltd. | SECOM Trust Systems CO.,LTD. | Security Communication RootCA2 | 2009 May 29 | 2029 May 29 | 2048 | SHA-256 | https://scrootca2test.secomtrust.net/ | |
92 | SECOM Trust Systems Co. Ltd. | SECOM Trust.net | Security Communication Root CA | 2003 Sep 30 | 2023 Sep 30 | 2048 | SHA-1 | https://testrepository.secomtrust.net/secom/ssl.html | |
93 | SECOM Trust Systems Co. Ltd. | ValiCert, Inc. | http://www.valicert.com/ | 1999 Jun 25 | 2019 Jun 25 | 1024 | SHA-1 | No longer issuing SSL certs under this root. | |
94 | Start Commercial (StartCom) Ltd. | StartCom Ltd. | StartCom Certification Authority | 2006 Sep 17 | 2036 Sep 17 | 4096 | SHA-1 | ||
95 | Start Commercial (StartCom) Ltd. | StartCom Ltd. | StartCom Certification Authority | 2006 Sep 17 | 2036 Sep 17 | 4096 | SHA-256 | https://www.startcom.org/ | |
96 | Start Commercial (StartCom) Ltd. | StartCom Ltd. | StartCom Certification Authority G2 | 2010 Jan 01 | 2039 Dec 31 | 4096 | SHA-256 | https://g2.startcom.org/ | |
97 | Swisscom Solutions AG | Swisscom | Swisscom Root CA 1 | 2005 Aug 18 | 2025 Aug 18 | 4096 | SHA-1 | https://test-emerald-ca-1.pre.swissdigicert.ch/ | |
98 | SwissSign AG | SwissSign AG | SwissSign Gold CA - G2 | 2006 Oct 25 | 2036 Oct 25 | 4096 | SHA-1 | https://testevg2.swisssign.net | |
99 | SwissSign AG | SwissSign AG | SwissSign Platinum CA - G2 | 2006 Oct 25 | 2036 Oct 25 | 4096 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
100 | SwissSign AG | SwissSign AG | SwissSign Silver CA - G2 | 2006 Oct 25 | 2036 Oct 25 | 4096 | SHA-1 | https://testsilverg2.swisssign.net | |
101 | T-Systems International GmbH | Deutsche Telekom AG | Deutsche Telekom Root CA 2 | 1999 Jul 09 | 2019 Jul 09 | 2048 | SHA-1 | https://root-ca2.test.telesec.de | |
102 | T-Systems International GmbH | T-Systems Enterprise Services GmbH | T-TeleSec GlobalRoot Class 3 | 2008 Oct 01 | 2033 Oct 01 | 2048 | SHA-256 | https://root-class3.test.telesec.de | |
103 | Taiwan-CA Inc. (TWCA) | TAIWAN-CA | TWCA Root Certification Authority | 2008 Aug 28 | 2030 Dec 31 | 2048 | SHA-1 | https://evssldemo.twca.com.tw/index.html | |
104 | TeliaSonera | Sonera | Sonera Class1 CA | 2001 Apr 06 | 2021 Apr 06 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
105 | TeliaSonera | Sonera | Sonera Class2 CA | 2001 Apr 06 | 2021 Apr 06 | 2048 | SHA-1 | https://Juolukka.cover.sonera.net:10443 | |
106 | Trend Micro | AffirmTrust | AffirmTrust Commercial | 2010 Jan 29 | 2030 Dec 31 | 2048 | SHA-256 | https://commercial.affirmtrust.com/ | |
107 | Trend Micro | AffirmTrust | AffirmTrust Networking | 2010 Jan 29 | 2030 Dec 31 | 2048 | SHA-1 | https://networking.affirmtrust.com:4431 | |
108 | Trend Micro | AffirmTrust | AffirmTrust Premium | 2010 Jan 29 | 2040 Dec 31 | 4096 | SHA-384 | https://premium.affirmtrust.com:4432/ | |
109 | Trend Micro | AffirmTrust | AffirmTrust Premium ECC | 2010 Jan 29 | 2040 Dec 31 | ECC | ECC | https://premiumecc.affirmtrust.com:4433/ | |
110 | TrustCenter (owned by Symantec) | TC TrustCenter GmbH | TC TrustCenter Class 2 CA II | 2006 Jan 12 | 2025 Dec 31 | 2048 | SHA-1 | https://testserver.class2-ii.trustcenter.de | |
111 | TrustCenter (owned by Symantec) | TC TrustCenter GmbH | TC TrustCenter Class 3 CA II | 2006 Jan 12 | 2025 Dec 31 | 2048 | SHA-1 | https://testserver.class3-ii.trustcenter.de | |
112 | TrustCenter (owned by Symantec) | TC TrustCenter GmbH | TC TrustCenter Universal CA I | 2006 Mar 22 | 2025 Dec 31 | 2048 | SHA-1 | https://www.trustcenter.de | |
113 | TrustCenter (owned by Symantec) | TC TrustCenter GmbH | TC TrustCenter Universal CA III | 2009 Sep 09 | 2029 Dec 31 | 2048 | SHA-1 | No SSL certs have been issued under this root, and none planned. | |
114 | Trustis | Trustis Limited | Trustis FPS Root CA | 2003 Dec 23 | 2024 Jan 21 | 2048 | SHA-1 | https://www.trustis.com | |
115 | Trustwave | SecureTrust Corporation | Secure Global CA | 2006 Nov 07 | 2029 Dec 31 | 2048 | SHA-1 | https://sgcatest.trustwave.com | |
116 | Trustwave | SecureTrust Corporation | SecureTrust CA | 2006 Nov 07 | 2029 Dec 31 | 2048 | SHA-1 | https://stcatest.trustwave.com | |
117 | Trustwave | XRamp Security Services Inc | XRamp Global Certification Authority | 2004 Nov 01 | 2035 Jan 01 | 2048 | SHA-1 | https://xgcatest.trustwave.com | |
118 | TurkTrust | (c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. | TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı | 2005 May 13 | 2015 Mar 22 | 2048 | SHA-1 | To be provided in February 2013. | |
119 | TurkTrust | TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 | TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı | 2005 Nov 07 | 2015 Sep 16 | 2048 | SHA-1 | https://www.turktrust.com.tr/ | |
120 | Unizeto Certum | Unizeto Sp. z o.o. | Certum CA | 2002 Jun 11 | 2027 Jun 11 | 2048 | SHA-1 | https://certum-ca.certum.pl | |
121 | Unizeto Certum | Unizeto Technologies S.A. | Certum Trusted Network CA | 2008 Oct 22 | 2029 Dec 31 | 2048 | SHA-1 | https://certum-ctnca-ev.certum.pl | |
122 | VeriSign (owned by Symantec) | Equifax | Equifax Secure CA | 1998 Aug 22 | 2018 Aug 22 | 1024 | SHA-1 | https://ssltest15.bbtest.net/ | |
123 | VeriSign (owned by Symantec) | Equifax Secure | Equifax Secure eBusiness CA 2 | 1999 Jun 23 | 2019 Jun 23 | 1024 | SHA-1 | Root never used. Bug #841968 requests removal | |
124 | VeriSign (owned by Symantec) | Equifax Secure Inc. | Equifax Secure eBusiness CA-1 | 1999 Jun 21 | 2020 Jun 21 | 1024 | MD5 | https://ssltest17.bbtest.net/ | |
125 | VeriSign (owned by Symantec) | Equifax Secure Inc. | Equifax Secure Global eBusiness CA-1 | 1999 Jun 21 | 2020 Jun 21 | 1024 | MD5 | https://ssltest16.bbtest.net/ | |
126 | VeriSign (owned by Symantec) | GeoTrust Inc. | GeoTrust Global CA | 2002 May 21 | 2022 May 21 | 2048 | SHA-1 | https://ssltest14.bbtest.net/ | |
127 | VeriSign (owned by Symantec) | GeoTrust Inc. | GeoTrust Global CA 2 | 2004 Mar 04 | 2019 Mar 04 | 2048 | SHA-1 | https://ssltest19.bbtest.net/ | |
128 | VeriSign (owned by Symantec) | GeoTrust Inc. | GeoTrust Primary Certification Authority | 2006 Nov 27 | 2036 Jul 16 | 2048 | SHA-1 | https://ssltest22.bbtest.net/ | |
129 | VeriSign (owned by Symantec) | GeoTrust Inc. | GeoTrust Primary Certification Authority - G2 | 2007 Nov 05 | 2038 Jan 18 | ECC | ECC | https://ssltest42.ssl.symclab.com | |
130 | VeriSign (owned by Symantec) | GeoTrust Inc. | GeoTrust Primary Certification Authority - G3 | 2008 Apr 02 | 2037 Dec 01 | 2048 | SHA-256 | https://ssltest21.bbtest.net | |
131 | VeriSign (owned by Symantec) | GeoTrust Inc. | GeoTrust Universal CA | 2004 Mar 04 | 2029 Mar 03 | 4096 | SHA-1 | https://ssltest20.bbtest.net | |
132 | VeriSign (owned by Symantec) | GeoTrust Inc. | GeoTrust Universal CA 2 | 2004 Mar 04 | 2029 Mar 03 | 4096 | SHA-1 | https://ssltest34.bbtest.net | |
133 | VeriSign (owned by Symantec) | Thawte Consulting cc | Thawte Premium Server CA | 1996 Aug 01 | 2020 Dec 31 | 1024 | MD5 | https://ssltest10.bbtest.net/ | |
134 | VeriSign (owned by Symantec) | Thawte Consulting cc | Thawte Server CA | 1996 Aug 01 | 2020 Dec 31 | 1024 | MD5 | https://ssltest29.bbtest.net/ | |
135 | VeriSign (owned by Symantec) | thawte, Inc. | thawte Primary Root CA | 2006 Nov 17 | 2036 Jul 16 | 2048 | SHA-1 | https://ssltest6.bbtest.net/ | |
136 | VeriSign (owned by Symantec) | thawte, Inc. | thawte Primary Root CA - G2 | 2007 Nov 05 | 2038 Jan 18 | ECC | ECC | https://ssltest40.ssl.symclab.com | |
137 | VeriSign (owned by Symantec) | thawte, Inc. | thawte Primary Root CA - G3 | 2008 Apr 02 | 2037 Dec 01 | 2048 | SHA-256 | https://ssltest8.bbtest.net | |
138 | VeriSign (owned by Symantec) | The USERTRUST Network | UTN-USERFirst-Network Applications | 1999 Jul 09 | 2019 Jul 09 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
139 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 1 Public PCA | 1996 Jan 29 | 2028 Aug 02 | 1024 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
140 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 1 Public PCA - G3 | 1999 Oct 01 | 2036 Jul 16 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
141 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 2 Public PCA - G3 | 1999 Oct 01 | 2036 Jul 16 | 2048 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
142 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 2 Public PCA – G2 | 1998 May 18 | 2028 Aug 01 | 1024 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. |
143 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 3 Public PCA | 1996 Jan 29 | 2028 Aug 01 | 1024 | MD2 | https://ssltest23.bbtest.net/ | |
144 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 3 Public PCA | 1996 Jan 29 | 2028 Aug 02 | 1024 | SHA-1 | https://ssltest23.bbtest.net/ | |
145 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 3 Public PCA - G3 | 1999 Oct 01 | 2036 Jul 16 | 2048 | SHA-1 | https://ssltest3.bbtest.net/ | |
146 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 3 Public PCA - G4 | 2007 Nov 05 | 2038 Jan 18 | ECC | ECC | https://ssltest48.ssl.symclab.com | |
147 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 3 Public PCA - G5 | 2006 Nov 08 | 2036 Jul 16 | 2048 | SHA-1 | https://ssltest1.bbtest.net/ | |
148 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 3 Public PCA – G2 | 1998 May 18 | 2028 Aug 01 | 1024 | SHA-1 | https://ssltest24.bbtest.net/ | |
149 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Class 4 Public PCA - G3 | 1999 Oct 02 | 2036 Jul 16 | 2048 | SHA-1 | ||
150 | VeriSign (owned by Symantec) | VeriSign, Inc. | VeriSign Universal Root Certification Authority | 2008 Apr 01 | 2037 Dec 01 | 2048 | SHA-256 | https://ssltest26.bbtest.net/ | |
151 | VeriSign (owned by Symantec) | VeriSign Class 1 Public PCA – G2 | 1998 May 17 | 2028 Aug 01 | 1024 | SHA-1 | Not applicable | The websites trust bit is not enabled for this root cert. | |
152 | Verizon Business | Baltimore | Baltimore CyberTrust Root | 2000 May 12 | 2025 May 12 | 2048 | SHA-1 | https://baltimore.omniroot.com | |
153 | Verizon Business | Cybertrust, Inc | Cybertrust Global Root | 2006 Dec 15 | 2021 Dec 15 | 2048 | SHA-1 | https://ev.omniroot.com | |
154 | Verizon Business | GTE Corporation | GTE CyberTrust Global Root | 1998 Aug 13 | 2018 Aug 13 | 1024 | MD5 | https://secure.omniroot.com | |
155 | Visa | VISA | Visa eCommerce Root | 2002 Jun 26 | 2022 Jun 24 | 2048 | SHA-1 | Will be provided by March 31, 2013. | |
156 | Web.com | Network Solutions L.L.C. | Network Solutions Certificate Authority | 2006 Dec 01 | 2029 Dec 31 | 2048 | SHA-1 | https://www.networksolutions.com/ | |
157 | Wells Fargo Bank N.A. | Wells Fargo | Wells Fargo Root Certificate Authority | 2000 Oct 11 | 2021 Jan 14 | 2048 | SHA-1 | https://nerys-m3.wellsfargo.com/test.html | |
158 | Wells Fargo Bank N.A. | Wells Fargo WellsSecure | WellsSecure Public Root Certificate Authority | 2007 Dec 13 | 2022 Dec 14 | 2048 | SHA-1 | https://nerys-m1.wellsfargo.com/test.html | |
159 | WISeKey | WISeKey | OISTE WISeKey Global Root GA CA | 2005 Dec 11 | 2037 Dec 11 | 2048 | SHA-1 | https://secure.certifyid.com | |
160 |