Reply
Highlighted
Member
Posts: 4
Registered: ‎05-12-2015

Help finding Certificate Chain Download files

I need help finding certificates to install on our web servers in regard to this blog post:
 
 
Trust Chain:
Common Name – Entrust Certification Authority – L1K
Issuer – Entrust Inc
Thumbprint  :  cc a2 7d 33 c7 35 a7 d0 6d 1f ec ad 98 0e 49 8d a6 81 c9 63
 
Trust Chain:
Common Name  - Entrust Root Certification Authority – G2
Issuer – Entrust Inc
Thumbprint  - 8c f4 27 fd 79 0c 3a d1 66 06 8d e8 1e 57 ef bb 93 22 72 d4
 
The G2 cert exists here:
 
 
The L1K cert does not exist anywhere on their site. I've looked for the thumbprint (cc a2 7d 33 c7 35 a7 d0 6d 1f ec ad 98 0e 49 8d a6 81 c9 63) on all the pages and not found it.
 
Furthermore, you list these certs as well and they do not exist for download on the respective geotrust or cybertrust sites. In fact, the cybertrust link is to an actual certificate (albeit one we already have installed).
 
Trust Chain:
Common Name -  Verizon Akamai SureServer CA G14-SHA2
Issuer -  Baltimore CyberTrust Root, Baltimore
Thumbprint  - 6a d2 b0 4e 21 96 e4 8b f6 85 75 28 90 e8 11 cd 2e d6 06 06
 
Trust Chain:
Common Name - GeoTrust SSL CA - G4
Issuer - GeoTrust Global CA, GeoTrust Inc
Thumbprint  - de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
 
So, if we need to install any of these certs listed on the support page please provide a download link to each because the generic links on the support page are not helpful in tracking down these certs. Only the "Common Name  - Entrust Root Certification Authority – G2" cert can be found.
 
Common Name - GeoTrust SSL CA - G4
Common Name -  Verizon Akamai SureServer CA G14-SHA2
Common Name – Entrust Certification Authority – L1K
 
According to this article, http://www.entrust.net/knowledge-base/technote.cfm?tn=8863, I need these 2 files as well:
 
L1Kchain.txt and L1KChainroot.txt
 
That article is useful, but it only contains a download link for one file, L1K-2048-Xcert_sha256.cer, which is actually the SHA1 chain

It references L1Kchain.txt and L1KChainroot.txt, but they are not linked. If you go to https://www.entrust.net/downloads/root_request.cfm you can view all chain certificates, but L1K is not listed. Only L1C and L1E

I have the G2, so I want the chain referenced below but I cannot find the file. Please send me a link to download L1Kchain.txt and L1KChainroot.txt

1. G2 Root ==> L1K Chain ==> Public Certificate
 
This chain could work too and I would add if I could find the files:
 
  1. L1K Root (EV Root) ==> L1K Chain Root/Cross  ==> L1K Chain ==> Public Certificate

 

Highlighted
Posts: 2,765
Topics: 57
Kudos: 245
Blog Posts: 67
Registered: ‎12-05-2011

Re: Help finding Certificate Chain Download files

Hello @itdoug

 

We've asked for more information about your questions and will post answers as soon as they are available.  

 

Richard

 

 

Highlighted
Posts: 2,765
Topics: 57
Kudos: 245
Blog Posts: 67
Registered: ‎12-05-2011

Re: Help finding Certificate Chain Download files

Hello @itdoug

 

Could you please list the root certificates you have in your server/solution?

 

Richard

Highlighted
Member
Posts: 4
Registered: ‎05-12-2015

Re: Help finding Certificate Chain Download files

I had to remove some client CA certs, but this is the trusted store.

 

Issued To Issued By Expiration Date Intended Purposes Friendly Name Status Certificate Template
AddTrust External CA Root AddTrust External CA Root 5/30/2020 <All> <None>
Aruba Aruba 7/9/2015 <All> <None> Root Certification Authority
Baltimore CyberTrust Root Baltimore CyberTrust Root 5/12/2025 Server Authentication, Secure Email, Client Authentication, Code Signing Baltimore CyberTrust Root
beta-ca beta-ca 4/17/2017 <All> <None> Root Certification Authority
Class 3 Public Primary Certification Authority Class 3 Public Primary Certification Authority 8/1/2028 Secure Email, Client Authentication, Code Signing, Server Authentication VeriSign Class 3 Public Primary CA
COMODO RSA Certification Authority COMODO RSA Certification Authority 1/18/2038 <All> <None>
Copyright (c) 1997 Microsoft Corp. Copyright (c) 1997 Microsoft Corp. 12/30/1999 Time Stamping Microsoft Timestamp Root
DigiCert Assured ID Root CA DigiCert Assured ID Root CA 11/9/2031 <All> <None>
DigiCert Global Root CA DigiCert Global Root CA 11/9/2031 <All> <None>
DigiCert High Assurance CA-3 DigiCert High Assurance EV Root CA 4/2/2022 <All> <None>
DigiCert High Assurance EV Root CA DigiCert High Assurance EV Root CA 11/9/2031 <All> <None>
Entrust Root Certification Authority Entrust Root Certification Authority 11/27/2026 <All> <None>
Entrust Root Certification Authority - G2 Entrust Root Certification Authority - G2 12/7/2030 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user Entrust.net
Entrust.net Certification Authority (2048) Entrust.net Certification Authority (2048) 7/24/2029 <All> <None>
Entrust.net Secure Server Certification Authority Entrust.net Secure Server Certification Authority 5/25/2019 <All> <None>
Equifax Secure Certificate Authority Equifax Secure Certificate Authority 8/22/2018 <All> <None>
GeoTrust Global CA GeoTrust Global CA 5/21/2022 <All> <None>
GeoTrust Primary Certification Authority GeoTrust Primary Certification Authority 7/16/2036 <All> <None>
GeoTrust SSL CA GeoTrust Global CA 2/18/2020 <All> <None>
GlobalSign Root CA GlobalSign Root CA 1/28/2028 <All> <None>
Go Daddy Class 2 Certification Authority Go Daddy Class 2 Certification Authority 6/29/2034 <All> <None>
Go Daddy Root Certificate Authority - G2 Go Daddy Root Certificate Authority - G2 12/31/2037 <All> <None>
GTE CyberTrust Global Root GTE CyberTrust Global Root 8/13/2018 Secure Email, Client Authentication, Server Authentication, Code Signing GTE CyberTrust Global Root
Internet Secure Server CA Internet Secure Server CA 7/20/2037 <All> <None>
Microsoft Authenticode(tm) Root Authority Microsoft Authenticode(tm) Root Authority 12/31/1999 Secure Email, Code Signing Microsoft Authenticode(tm) Root
Microsoft Root Authority Microsoft Root Authority 12/31/2020 <All> Microsoft Root Authority
Microsoft Root Certificate Authority Microsoft Root Certificate Authority 5/9/2021 <All> Microsoft Root Certificate Authority
Microsoft Root Certificate Authority 2010 Microsoft Root Certificate Authority 2010 6/23/2035 <All> Microsoft Root Certificate Authority 2010
Microsoft Root Certificate Authority 2011 Microsoft Root Certificate Authority 2011 3/22/2036 <All> Microsoft Root Certificate Authority 2011
Network Solutions DV Server CA AddTrust External CA Root 5/30/2020 <All> <None>
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 1/7/2004 Time Stamping VeriSign Time Stamping CA
NT2 NT2 2/7/2016 <All> <None> Root Certification Authority
PrismCA PrismCA 6/13/2107 <All> <None>
QuoVadis Root CA 2 QuoVadis Root CA 2 11/24/2031 <All> <None>
RCS-AD RCS-AD 5/7/2017 <All> <None> Root Certification Authority
rootca rootca 7/1/2018 <All> <None> Root Certification Authority
SecureTrust CA SecureTrust CA 12/31/2029 <All> <None> Root Certification Authority
Starfield Class 2 Certification Authority Starfield Class 2 Certification Authority 6/29/2034 <All> <None>
StartCom Certification Authority StartCom Certification Authority 9/17/2036 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping, Encrypting File System, IP security tunnel termination, IP security user StartCom Certification Authority
Thawte DV SSL CA thawte Primary Root CA 2/17/2020 <All> <None>
Thawte Personal Premium CA Thawte Personal Premium CA 1/1/2021 <All> <None>
Thawte Premium Server CA Thawte Premium Server CA 12/31/2020 Server Authentication, Code Signing thawte
thawte Primary Root CA Microsoft Code Verification Root 2/22/2021 <All> <None>
thawte Primary Root CA thawte Primary Root CA 7/16/2036 Server Authentication, Client Authentication, Secure Email, Code Signing thawte
thawte Primary Root CA - G2 thawte Primary Root CA - G2 1/18/2038 Server Authentication, Client Authentication, Secure Email, Code Signing, Time Stamping thawte Primary Root CA - G2
Thawte Server CA Thawte Server CA 12/31/2020 Server Authentication, Code Signing thawte
Thawte Timestamping CA Thawte Timestamping CA 12/31/2020 Time Stamping Thawte Timestamping CA
UTN - DATACorp SGC UTN - DATACorp SGC 6/24/2019 Server Authentication, 1.3.6.1.4.1.311.10.3.3, 2.16.840.1.113730.4.1 <None>
UTN-USERFirst-Hardware UTN-USERFirst-Hardware 7/9/2019 Server Authentication, IP security end system, IP security tunnel termination, IP security user <None>
UTN-USERFirst-Object UTN-USERFirst-Object 7/9/2019 Code Signing, Time Stamping, Encrypting File System <None>
VeriSign Class 3 Public Primary Certification Authority - G5 VeriSign Class 3 Public Primary Certification Authority - G5 7/16/2036 Server Authentication, Client Authentication, Secure Email, Code Signing VeriSign
VeriSign Trust Network VeriSign Trust Network 8/1/2028 <All> <None>

Highlighted
Member
Posts: 3
Registered: ‎10-06-2014

Re: Help finding Certificate Chain Download files

Hi @itdoug,

 

You may download L1K chain and L1k root/cross certificate from here : http://www.entrust.com/get-support/ssl-certificate-support/root-certificate-downloads/

 

L1K Chain Certificate

openssl x509 -fingerprint -noout -in entrust_l1k.cer
SHA1 Fingerprint=CC A2 7D 33 C7 35 A7 D0 6D 1F EC AD 98 0E 49 8D A6 81 C963

 

 Hi @RichardH,

 

Since it was suggested on your post that the Entrust L1K  root certificate should also be installed.

Any idea where to get the L1K Root (EV Root) certificate. G2 cert is already in our trusted store but can't seem to find L1K Root.

 

  1. L1K Root (EV Root) ==> L1K Chain Root/Cross  ==> L1K Chain ==> Public Certificate

 

Thanks

Highlighted
Member
Posts: 4
Registered: ‎05-12-2015

Re: Help finding Certificate Chain Download files

 I got what I needed from the link you provided. Thank you.

 

Also, it might interest you to know that the SSL certificate for http://community.developer.authorize.net/ his expired. I got a warning when logging in.

Highlighted
Member
Posts: 4
Registered: ‎05-12-2015

Re: Help finding Certificate Chain Download files

Highlighted
Posts: 2,765
Topics: 57
Kudos: 245
Blog Posts: 67
Registered: ‎12-05-2011

Re: Help finding Certificate Chain Download files

Thanks @itdoug

 

We've notified the appropate team to correct.

 

Richard