VeriSign Root Package for all SSL and Code Signing products

Retail Products: Secure Site, Secure Site Pro, Secure Site with Extended Validation, Secure Site Pro with Extended Validation, Wildcard, OFX, WLAN, Code Signing.

Managed PKI for SSL: Standard SSL, Standard SSL with Extended Validation, Standard Intranet SSL, Premium SSL, Premium SSL with Extended Validation, Premium Intranet SSL, OFX, Code Signing.

Secure Site, Secure Site Pro, Secure Site EV, Secure Site Pro EV, Code Signing, Wildcard, OFX, WLAN

Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: 1/28/1996 to 8/2/2028 Serial Number: 3c 91 31 cb 1f f6 d0 1b 0e 9a b8 d0 44 bf 12 be

-----BEGIN CERTIFICATE----- MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i 2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ 2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ -----END CERTIFICATE----- Select

VeriSign is a major commercial CA with worldwide operations and customer base.

Audit:WebTrust CA and WebTrust EV, performed by KPMG: Audit Reports and Management's Assertions

VeriSign Universal Root Certification Authority

This CA will be used to sign certificates for SSL-enabled servers, and may in the future be used to sign certificates for digitally-signed executable code objects. VeriSign is not yet actively issuing certificates from this root, so they have not yet published a CRL.

Link	Download/Install
SHA1	36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54
Version	3
Modulus (key length)	2048
Valid From	2008-04-01
Valid To	2037-12-01
Revocation	CRL
Type	OV
Document	VeriSign Certification Practice Statement
Document	VeriSign Trust Network Certificate Policies
Document	CA Hierarchy Diagram
Requested Trust Bits	Websites Email Code
Bugs	Authorisation (484901), Inclusion (515470)
Comments	none

VeriSign Class 3 Public Primary Certificate Authority - G4

This CA will be used to sign certificates for SSL-enabled servers, and may in the future be used to sign certificates for digitally-signed executable code objects. VeriSign is not yet actively issuing certificates from this root, so they have not yet published a CRL. All subordinated CAs for this root will be internally operated.

Link	Download/Install
SHA1	22:D5:D8:Df:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A
Version	3
Modulus (key length)	SECG elliptic curve secp384r1 (aka NIST P-384)
Valid From	2007-4-11
Valid To	2038-01-18
Revocation	CRL
Type	OV
Document	VeriSign Certification Practice Statement
Document	VeriSign Trust Network Certificate Policies
Document	CA Hierarchy Diagram
Requested Trust Bits	Websites Email Code
Bugs	Authorisation (409235), Inclusion (515472)
Comments	none

VeriSign Class 3 Public Primary Certification Authority - G5

This CA issues a CA certificate to the subordinate CA "VeriSign Class 3 Extended Validation SSL SGC CA", which in turn issues Extended Validation certificates for SSL-enabled servers.

Link	Download/Install
SHA1	4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
Version	3
Modulus (key length)	2048
Valid From	2006-11-07
Valid To	2036-07-16
Revocation	CRL, OCSP
Type	EV (policy OID 2.16.840.1.113733.1.7.23.6)
Document	VeriSign Certification Practice Statement, Version 3.5
Document	VeriSign Trust Network Certificate Policies, Version 2.5
Requested Trust Bits	Websites
Bugs	Authorisation (402947), Inclusion (422918)
Comments	Note that for compatibility reasons VeriSign has implemented a cross-signing scheme involving this CA. In this scheme, if applications not supporting EV functionality (e.g., Firefox 2 and earlier) encounter VeriSign EV certificates then they will end up treating this CA as a subordinate CA under the existing VeriSign Class 3 Public Primary CA root.

VeriSign Class 1 Public Primary Certification Authority

This root CA (also known as PCA1-G1-SHA1) has Signature Algorithm SHA-1. This root will supersede the PCA1-G1 root that is already included in NSS, which has Signature Algorithm MD2.

Link	Download/Install
SHA1	CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1
Version	1
Modulus (key length)	1024
Valid From	1996-01-28
Valid To	2028-08-02
Revocation	CRL
Type	DV
Document	VeriSign Certification Practice Statement
Document	VeriSign Trust Network Certificate Policies
Document	CA Hierarchy Diagram
Requested Trust Bits	Email
Bugs	Authorisation (490895), Inclusion (515462)
Comments	none

VeriSign Class 3 Public Primary Certification Authority

This root CA (also known as PCA3-G1-SHA1) has Signature Algorithm SHA-1. This root will supersede the PCA3-G1 root that is already included in NSS, which has Signature Algorithm MD2.

Link	Download/Install
SHA1	A1:DB:63:93:91:6F:17:E4:18:55:09:40:04:15:C7:02:40:B0:AE:6B
Version	1
Modulus (key length)	1024
Valid From	1996-01-28
Valid To	2028-08-02
Revocation	CRL, OCSP
Type	OV
Document	VeriSign Certification Practice Statement
Document	VeriSign Trust Network Certificate Policies
Document	CA Hierarchy Diagram
Requested Trust Bits	Websites Email Code
Bugs	Authorisation (490895), Inclusion (515462)
Comments	The initial request was also to EV-enable this root. However, it was deteremined that EV-enablement was not necessary.