SWITCHaai Root CA Repository

This is the repository for the SWITCHaai Root CA, which is mainly a collection of reference material about this certification authority.

CP/CPS Documents

Archived CP/CPS versions

CA Hierarchy

Currently, the SWITCHaai Root CA has two subordinate CAs, as depicted below:

SWITCHaai Root CA hierarchy

CA Certificates

  • SWITCHaai Root CA certificate: DER format PEM format
    Validity:2008-05-15 to 2028-05-15
    SHA256 Fingerprint:37:DC:E4:D7:1C:24:42:32:6A:0F:85:B6:12:00:22:C7:54:AA:FF:B2:8C:BF:CF:69:EB:F3:F7:31:90:3C:09:5A
    SHA1 Fingerprint:3C:E2:5A:E0:9D:B4:BB:2B:FD:33:3C:22:80:39:F7:FC:4A:F9:2C:E9
  • SWITCHaai Metadata Signing CA 2020 certificate: DER format PEM format
    Validity:2020-06-01 to 2025-06-01
    Signing CA:SWITCHaai Root CA
    SHA256 Fingerprint:0F:79:36:01:D3:A6:6D:42:37:BA:52:38:16:29:94:CF:0D:30:84:46:EF:6A:EC:3F:F2:8B:B8:D8:8A:04:29:78
    SHA1 Fingerprint:93:6D:7A:C1:91:5C:16:7C:9D:77:3B:C1:58:3B:9E:C5:DF:D5:D8:12
  • SWITCHaai Interfederation Metadata Signing CA 2020 certificate: DER format PEM format
    Validity:2020-06-01 to 2025-06-01
    Signing CA:SWITCHaai Root CA
    SHA256 Fingerprint:E2:3E:47:5A:DE:DF:FD:86:68:BF:8F:78:6F:02:5D:CE:C0:1B:09:48:D5:93:19:FF:70:72:50:52:9A:B7:5F:9B
    SHA1 Fingerprint:A5:E5:DE:3E:34:B3:47:01:7A:CA:9E:19:07:DC:47:48:B9:0C:0E:A3

Metadata Signer Certificates

Note: Usually, the "SWITCHaai Root CA" certificate should be used to verify the metadata signatures. If a SAML implementation doesn't support this, the following certificates can be configured for metadata verification. In this case, deployers need to make sure to update the certificate when SWITCH starts using a new one.

  • SWITCHaai Metadata Signer 2020 certificate: DER format PEM format
    Validity:2020-06-01 to 2023-06-01
    Signing CA:SWITCHaai Metadata Signing CA 2020
    SHA256 Fingerprint:C5:51:37:61:18:E5:B1:AD:69:7B:9A:A0:7F:68:C8:05:5E:92:BF:40:E9:AE:DC:39:72:96:9F:F5:85:70:E0:EB
    SHA1 Fingerprint:9D:1F:D2:F9:93:E6:2C:18:20:9A:FF:35:20:5C:FB:4A:DB:80:44:8C
    Signed metadata files:metadata.switchaai.xml, metadata.switchaai+idp.xml, metadata.switchaai+sp.xml, metadata.aaitest.xml, metadata.aaitest+idp.xml, metadata.aaitest+sp.xml, metadata.eduid.xml, metadata.eduid-test.xml, metadata.edugain.xml
  • SWITCHaai Interfederation Metadata Signer 2020 certificate: DER format PEM format
    Validity:2020-06-01 to 2023-06-01
    Signing CA:SWITCHaai Interfederation Metadata Signing CA 2020
    SHA256 Fingerprint:03:6F:6A:6B:B5:05:09:A0:83:8A:B2:59:F9:2E:2F:6D:16:35:F6:55:FA:9D:9F:FF:FB:09:15:9A:BC:19:66:1C
    SHA1 Fingerprint:EC:AE:DD:58:26:25:01:35:E5:1B:87:FA:5D:76:E7:FA:43:57:3B:8A
    Signed metadata files:metadata.interfederation.xml, metadata.interfederation+idp.xml, metadata.interfederation+sp.xml
  • SWITCHaai Metadata Signer 2023 certificate: DER format PEM format
    Validity:2023-05-01 to 2025-06-01
    Signing CA:SWITCHaai Metadata Signing CA 2020
    SHA256 Fingerprint:CA:D2:FE:CE:B9:3D:83:0B:64:69:55:DD:4C:A0:85:9D:BB:B6:F1:C3:01:8B:5E:94:7F:2E:FB:AB:A2:79:61:43
    SHA1 Fingerprint:B6:23:7A:8E:D8:B0:55:0A:03:73:9B:C6:D7:4F:66:FC:23:4B:FD:43
    Signed metadata files:metadata.switchaai.xml, metadata.switchaai+idp.xml, metadata.switchaai+sp.xml, metadata.aaitest.xml, metadata.aaitest+idp.xml, metadata.aaitest+sp.xml, metadata.eduid.xml, metadata.eduid-test.xml, metadata.edugain.xml
  • SWITCHaai Interfederation Metadata Signer 2023 certificate: DER format PEM format
    Validity:2023-05-01 to 2025-06-01
    Signing CA:SWITCHaai Interfederation Metadata Signing CA 2020
    SHA256 Fingerprint:61:0B:7D:A3:CC:BC:FA:AF:CE:32:89:FC:7C:81:A2:61:F6:39:E8:3D:9D:B9:98:A3:77:7B:8A:55:A1:0C:5E:D5
    SHA1 Fingerprint:9D:CB:2D:F2:A0:E8:06:3B:07:6F:C6:BF:A4:27:5D:97:08:71:F8:59
    Signed metadata files:metadata.interfederation.xml, metadata.interfederation+idp.xml, metadata.interfederation+sp.xml

Certificate Revocation Lists (CRL)