SWITCHaai Root CA Repository

This is the repository for the SWITCHaai Root CA, which is mainly a collection of reference material about this certification authority.

CP/CPS Documents

Archived CP/CPS versions

CA Hierarchy

Currently, the SWITCHaai Root CA has two subordinate CAs, as depicted below:

SWITCHaai Root CA hierarchy

CA Certificates

  • SWITCHaai Root CA certificate: DER format PEM format
    Validity:2008-05-15 to 2028-05-15
    SHA256 Fingerprint:37:DC:E4:D7:1C:24:42:32:6A:0F:85:B6:12:00:22:C7:54:AA:FF:B2:8C:BF:CF:69:EB:F3:F7:31:90:3C:09:5A
    SHA1 Fingerprint:3C:E2:5A:E0:9D:B4:BB:2B:FD:33:3C:22:80:39:F7:FC:4A:F9:2C:E9
  • SWITCHaai Metadata Signing CA certificate: DER format PEM format
    Validity:2015-07-15 to 2020-07-15
    Signing CA:SWITCHaai Root CA
    SHA256 Fingerprint:66:0D:59:C0:B1:DE:F0:61:C5:8C:51:77:3F:18:B6:56:1D:F1:0D:7B:83:2F:8F:33:D4:06:BD:CB:5B:75:30:92
    SHA1 Fingerprint:C1:09:EA:FC:CE:CB:16:A6:3E:6D:B3:16:F5:C2:AC:AA:3B:F5:0D:BC
  • SWITCHaai Interfederation Metadata Signing CA certificate: DER format PEM format
    Validity:2015-07-15 to 2020-07-15
    Signing CA:SWITCHaai Root CA
    SHA256 Fingerprint:27:8C:B7:7A:F4:5B:46:FB:11:84:47:EE:93:DA:45:9D:19:F2:25:87:12:A3:F2:E3:6F:75:B1:A5:4A:DA:38:29
    SHA1 Fingerprint:B0:AE:DE:E0:45:09:59:34:4F:04:38:25:32:64:79:82:A4:3B:8B:19

Metadata Signer Certificates

Note: Usually, the "SWITCHaai Root CA" certificate should be used to verify the metadata signatures. If a SAML implementation doesn't support this, the following certificates can be configured for metadata verification. In this case, deployers need to make sure to update the certificate when SWITCH starts using a new one (scheduled for Q2 2018).

  • SWITCHaai Metadata Signer certificate: DER format PEM format
    Validity:2015-07-15 to 2018-07-15
    Signing CA:SWITCHaai Metadata Signing CA
    SHA256 Fingerprint:6D:13:50:66:AA:32:EB:67:2E:BF:3C:53:58:49:A4:AE:EC:FD:75:38:7D:A6:CA:4C:B9:25:F4:B2:1D:8A:19:C5
    SHA1 Fingerprint:A3:FA:A9:71:14:47:D9:1A:1D:DA:07:5B:07:F2:9A:96:FF:46:2D:9D
    Signed metadata files:metadata.switchaai.xml, metadata.aaitest.xml, metadata.edugain.xml
  • SWITCHaai Interfederation Metadata Signer certificate: DER format PEM format
    Validity:2015-07-15 to 2018-07-15
    Signing CA:SWITCHaai Interfederation Metadata Signing CA
    SHA256 Fingerprint:F9:08:52:8D:DE:7B:86:10:80:05:A4:5A:04:01:19:E1:CC:A5:D4:11:2F:DE:FA:2C:9D:AB:70:24:69:0C:97:26
    SHA1 Fingerprint:9E:D9:9A:D6:E8:91:7D:46:71:83:BC:D3:54:DE:16:CA:75:02:D6:0C
    Signed metadata files:metadata.interfederation.xml, metadata.idp+interfederation.xml, metadata.interfederation+sp.xml

Certificate Revocation Lists (CRL)