| Superseded Root CA Certificates |
They are superseded by the same public key with different serial number and modified the DN from
OU = ePKI Root Certification Authority - G2
O = Chunghwa Telecom Co., Ltd.
C = TW
To
CN= ePKI Root Certification Authority - G2
O = Chunghwa Telecom Co., Ltd.
C = TW
as new rule for naming or Root CA certificate in Microsoft Root Certificate Program Technical Requirement in June, 2015 and eCA CPS Version 1.3 approved by ePKI Policy Management Committee. |
|
|
Abstract |
|
File
Format
|
| Superseded ePKI Root CA -G2 Certificate |
|
- 2nd generation of ePKI Root CA Certificate.
- RSA 4096 w/SHA-256, DER encoded X.509.
- Serial #: 12 8a d6 3d 6c f5 d6 ef a0 93 ff 22 f8 99 80 21
- Thumbprint: d9 9b 10 42 98 59 47 63 f0 b9 a9 27 b7 92 69 cb 47 dd 15 8b
- Valid Until: December, 31, 2037.
|
|
CER |
| Superseded ePKI Root CA -G2 Certificate |
|
- 2nd generation of ePKI Root CA Certificate.
- RSA 4096 w/SHA-256, Base 64 encoded.
- Serial #: 12 8a d6 3d 6c f5 d6 ef a0 93 ff 22 f8 99 80 21
- Thumbprint: d9 9b 10 42 98 59 47 63 f0 b9 a9 27 b7 92 69 cb 47 dd 15 8b
- Valid Until: December, 31, 2037.
|
|
CRT |
Revoked Self-issued Certificates |
Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations.
As eCA self-signed a new eCA –G2 self-signed certificates on Nov. 17, 2015 and Google suggested that the CAs using SHA-1 in cross-certs create new cross-certs signed with SHA-2 in March 2015 34th CA/Browser Forum F2F meeting. After the approving of ePKI Policy Management Committee, eCA revoked below two SHA-1 self-issued certificates on Nov. 17, 2015. eCA issued new self-issued certificates and published in repository. |
|
|
Abstract |
|
File
Format |
| ePKI Root CA Self-issued Certificate¡]old with new¡^ |
|
- This certificate is 1st generation of ePKI Root CA public key with other subject information signed by 2nd generation of ePKI Root CA private key.
- It is for constructing trust path of 1st generation & 2nd generation of ePKI Root CA key pairs.
- Serial #: 5e 2f 4c 95 0a 20 41 34 fa 1b fe ef 40 bf 38 3a
- Thumbprint: 34 7e f3 23 9c e8 d3 93 ae 9c b5 06 23 3d 20 f1 c6 1c c0 db
- Valid Period: December 11, 2014 to December 20, 2034.
|
|
CER |
| ePKI Root CA Self-issued Certificate¡]old with new¡^ |
|
- This certificate is 1st generation of ePKI Root CA public key with other subject information signed by 2nd generation of ePKI Root CA private key.
- It is for constructing trust path of 1st generation & 2nd generation of ePKI Root CA key pairs.
- Serial #: 5e 2f 4c 95 0a 20 41 34 fa 1b fe ef 40 bf 38 3a
- Thumbprint: 34 7e f3 23 9c e8 d3 93 ae 9c b5 06 23 3d 20 f1 c6 1c c0 db
- Valid Period: December 11, 2014 to December 20, 2034.
|
|
CRT |
| ePKI Root CA Self-issued Certificate¡]new with old¡^ |
|
- This certificate is 2nd generation of ePKI Root CA public key with other subject information signed by 1st generation of ePKI Root CA private key.
- It is for constructing trust path of 1st generation & 2nd generation of ePKI Root CA key pairs.
- Serial #: 00 c1 b5 ed d4 9b 5d 1b 12 4d 47 39 06 01 e6 8a 91
- Thumbprint: df 24 a7 96 4c 12 43 f8 b5 a9 9a a1 88 48 96 81 e3 fa 49 52
- Valid Period: December 11, 2014 to December 20, 2034.
|
|
CER |
| ePKI Root CA Self-issued Certificate¡]new with old¡^ |
|
- This certificate is 1st generation of ePKI Root CA public key with other subject information signed by 2nd generation of ePKI Root CA private key.
- It is for constructing trust path of 1st generation & 2nd generation of ePKI Root CA key pairs.
- Serial #: 00 c1 b5 ed d4 9b 5d 1b 12 4d 47 39 06 01 e6 8a 91
- Thumbprint: df 24 a7 96 4c 12 43 f8 b5 a9 9a a1 88 48 96 81 e3 fa 49 52
- Valid Period: December 11, 2014 to December 20, 2034.
|
|
CRT |
| CA Revocation List (SHA-256 with ePKI Root CA -G2) |
|
- 2nd generation of eCA issues CARL once a day, CARL offers the relying party to check the status of certificates of CA.
- RSA 4096 w/SHA-256.
|
|
CRL |
