SWITCHaai Root CA Repository
This is the repository for the SWITCHaai Root CA, which is mainly a collection of reference material about this certification authority.
CP/CPS Documents
- SWITCHaai Root CA Certificate Policy and Certification Practice Statement, Version 1.1 (19 July 2011, OID 2.16.756.1.2.6.6.1.1)
- SWITCHaai Metadata Signing CA Certificate Policy and Certification Practice Statement, Version 1.2 (19 July 2011, OID 2.16.756.1.2.6.7.1.2)
- SWITCHaai Interfederation Metadata Signing CA Certificate Policy and Certification Practice Statement, Version 1.0 (19 July 2011, OID 2.16.756.1.2.6.8.1.0)
Archived CP/CPS versions
- SWITCHaai Root CA Certificate Policy and Certification Practice Statement, Version 1.0 (15 July 2008, OID 2.16.756.1.2.6.6.1.0)
- SWITCHaai Metadata Signing CA Certificate Policy and Certification Practice Statement, Version 1.1 (9 May 2011, OID 2.16.756.1.2.6.7.1.1)
- SWITCHaai Metadata Signing CA Certificate Policy and Certification Practice Statement, Version 1.0 (15 July 2008, OID 2.16.756.1.2.6.7.1.0)
CA Hierarchy
Currently, the SWITCHaai Root CA has two subordinate CAs, as depicted below:
CA Certificates
- SWITCHaai Root CA certificate: DER format PEM format
Validity: 2008-05-15 to 2028-05-15 SHA256 Fingerprint: 37:DC:E4:D7:1C:24:42:32:6A:0F:85:B6:12:00:22:C7:54:AA:FF:B2:8C:BF:CF:69:EB:F3:F7:31:90:3C:09:5A
SHA1 Fingerprint: 3C:E2:5A:E0:9D:B4:BB:2B:FD:33:3C:22:80:39:F7:FC:4A:F9:2C:E9
- SWITCHaai Metadata Signing CA 2020 certificate: DER format PEM format
Validity: 2020-06-01 to 2025-06-01 Signing CA: SWITCHaai Root CA SHA256 Fingerprint: 0F:79:36:01:D3:A6:6D:42:37:BA:52:38:16:29:94:CF:0D:30:84:46:EF:6A:EC:3F:F2:8B:B8:D8:8A:04:29:78
SHA1 Fingerprint: 93:6D:7A:C1:91:5C:16:7C:9D:77:3B:C1:58:3B:9E:C5:DF:D5:D8:12
- SWITCHaai Interfederation Metadata Signing CA 2020 certificate: DER format PEM format
Validity: 2020-06-01 to 2025-06-01 Signing CA: SWITCHaai Root CA SHA256 Fingerprint: E2:3E:47:5A:DE:DF:FD:86:68:BF:8F:78:6F:02:5D:CE:C0:1B:09:48:D5:93:19:FF:70:72:50:52:9A:B7:5F:9B
SHA1 Fingerprint: A5:E5:DE:3E:34:B3:47:01:7A:CA:9E:19:07:DC:47:48:B9:0C:0E:A3
Metadata Signer Certificates
Note: Usually, the "SWITCHaai Root CA" certificate should be used to verify the metadata signatures. If a SAML implementation doesn't support this, the following certificates can be configured for metadata verification. In this case, deployers need to make sure to update the certificate when SWITCH starts using a new one.
- SWITCHaai Metadata Signer 2020 certificate: DER format PEM format
Validity: 2020-06-01 to 2023-06-01 Signing CA: SWITCHaai Metadata Signing CA 2020 SHA256 Fingerprint: C5:51:37:61:18:E5:B1:AD:69:7B:9A:A0:7F:68:C8:05:5E:92:BF:40:E9:AE:DC:39:72:96:9F:F5:85:70:E0:EB
SHA1 Fingerprint: 9D:1F:D2:F9:93:E6:2C:18:20:9A:FF:35:20:5C:FB:4A:DB:80:44:8C
Signed metadata files: metadata.switchaai.xml
,metadata.switchaai+idp.xml
,metadata.switchaai+sp.xml
,metadata.aaitest.xml
,metadata.aaitest+idp.xml
,metadata.aaitest+sp.xml
,metadata.eduid.xml
,metadata.eduid-test.xml
,metadata.edugain.xml
- SWITCHaai Interfederation Metadata Signer 2020 certificate: DER format PEM format
Validity: 2020-06-01 to 2023-06-01 Signing CA: SWITCHaai Interfederation Metadata Signing CA 2020 SHA256 Fingerprint: 03:6F:6A:6B:B5:05:09:A0:83:8A:B2:59:F9:2E:2F:6D:16:35:F6:55:FA:9D:9F:FF:FB:09:15:9A:BC:19:66:1C
SHA1 Fingerprint: EC:AE:DD:58:26:25:01:35:E5:1B:87:FA:5D:76:E7:FA:43:57:3B:8A
Signed metadata files: metadata.interfederation.xml
,metadata.interfederation+idp.xml
,metadata.interfederation+sp.xml
- SWITCHaai Metadata Signer 2023 certificate: DER format PEM format
Validity: 2023-05-01 to 2025-06-01 Signing CA: SWITCHaai Metadata Signing CA 2020 SHA256 Fingerprint: CA:D2:FE:CE:B9:3D:83:0B:64:69:55:DD:4C:A0:85:9D:BB:B6:F1:C3:01:8B:5E:94:7F:2E:FB:AB:A2:79:61:43
SHA1 Fingerprint: B6:23:7A:8E:D8:B0:55:0A:03:73:9B:C6:D7:4F:66:FC:23:4B:FD:43
Signed metadata files: metadata.switchaai.xml
,metadata.switchaai+idp.xml
,metadata.switchaai+sp.xml
,metadata.aaitest.xml
,metadata.aaitest+idp.xml
,metadata.aaitest+sp.xml
,metadata.eduid.xml
,metadata.eduid-test.xml
,metadata.edugain.xml
- SWITCHaai Interfederation Metadata Signer 2023 certificate: DER format PEM format
Validity: 2023-05-01 to 2025-06-01 Signing CA: SWITCHaai Interfederation Metadata Signing CA 2020 SHA256 Fingerprint: 61:0B:7D:A3:CC:BC:FA:AF:CE:32:89:FC:7C:81:A2:61:F6:39:E8:3D:9D:B9:98:A3:77:7B:8A:55:A1:0C:5E:D5
SHA1 Fingerprint: 9D:CB:2D:F2:A0:E8:06:3B:07:6F:C6:BF:A4:27:5D:97:08:71:F8:59
Signed metadata files: metadata.interfederation.xml
,metadata.interfederation+idp.xml
,metadata.interfederation+sp.xml