University of Strathclyde Digital Certificates

This page contains information about digital certificates and their respective issuing Certificate Authorities. It may be used to verify certificate information being offered by services.

If you note any discrepancies, either on this page, or with servers purporting to be related to the University but not covered by this information, or you have any other questions, then please let us know via certmaster@strath.ac.uk.

Local (Strathclyde) Certificate Authorities

Strathclyde Network Support Root CA 1

This root certificate has been used to issue local server certificates since January 2016.

It is the root certificate used to sign the eduroam 802.1X RADIUS server certificate.

• Subject (Issued to): /C=UK/ST=Scotland/O=The University Of Strathclyde/OU=Information Services/CN=University Of Strathclyde Network Support Root CA 1
• Issued By: /C=UK/ST=Scotland/O=The University Of Strathclyde/OU=Information Services/CN=University Of Strathclyde Network Support Root CA 1
• Valid not before: Jan 12 15:20:06 2016 GMT
• Valid not after: Jan 4 15:20:06 2046 GMT
• SHA1 fingerprint (thumbprint): CB:BF:F5:C0:AB:77:5F:83:B1:0F:D4:43:17:B6:04:17:B3:9D:0F:C8
• Download: [PEM]

Eduroam 802.1X certificates

eduroam.strath.ac.uk

From 10^th Jan 2021, the following certificate is in use for 802.1X authentication via eduroam:

• Subject (Issued to): /C=UK/ST=Scotland/L=Glasgow/O=The University Of Strathclyde/OU=Information Services/CN=eduroam.strath.ac.uk
• Issued By: /C=UK/ST=Scotland/O=The University Of Strathclyde/OU=Information Services/CN=University Of Strathclyde Network Support Root CA 1
• Serial: B4:43:69:B8:B7:76:8C:3E
• Valid not before: Jan 10 22:48:15 2021 GMT
• Valid not after: Aug 7 22:48:15 2026 GMT
• SHA1 fingerprint (thumbprint): 2B:91:C2:12:83:8A:10:92:27:8D:08:C7:AE:4C:40:66:D1:AD:33:D1
• SHA256 fingerprint (thumbprint): 14:AA:B3:10:BA:DF:C3:79:DA:5E:14:DD:94:DD:24:FA:68:0E:49:88:93:9B:F7:C0:83:B6:F2:F6:A4:EF:53:12
• Download: [PEM]

JISC Certificate Service Certificates - Sectigo

The JISC Certificate Service supplies TLS certificates via an arrangement with Sectigo via a GEANT framework. This agreement has been active since 13th November 2020.

Further information about the JISC Certificate Service is available at https://www.jisc.ac.uk/certificate-service.

The root and chaining (intermediate) certificates used for JCS certificates issued by Sectigo are available below.

Certificate chain:

• AAA Certificate Services
  • USERTrust RSA Certification Authority
    • GEANT OV RSA CA 4
      • Server certificate

AAA Certificate Services

This root certificate is used by Sectigo to sign the first intermediate certificate, and is signed by itself.

• Subject (Issued to): /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
• Issued By: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
• Serial: 01
• Valid not before: Jan 1 00:00:00 2004 GMT
• Valid not after: Dec 31 23:59:59 2028 GMT
• SHA1 fingerprint (thumbprint): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
• SHA256 fingerprint (thumbprint): D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4
• First line of PEM: MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
• Download: [PEM (local)] | [DER (from Sectigo (Comodo))] | [detailed cert info]

USERTrust RSA Certification Authority

This first intermediate certificate is used by Sectigo to sign the second intermediate certificate, and is itself signed by the root certificate.

• Subject (Issued to): /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
• Issued By: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
• Serial: 3972443AF922B751D7D36C10DD313595
• Valid not before: Mar 12 00:00:00 2019 GMT
• Valid not after: Dec 31 23:59:59 2028 GMT
• SHA1 fingerprint (thumbprint): D8:9E:3B:D4:3D:5D:90:9B:47:A1:89:77:AA:9D:5C:E3:6C:EE:18:4C
• SHA256 fingerprint (thumbprint): 68:B9:C7:61:21:9A:5B:1F:01:31:78:44:74:66:5D:B6:1B:BD:B1:09:E0:0F:05:CA:9F:74:24:4E:E5:F5:F5:2B
• First line of PEM: MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
• Download: [PEM (local)] | [DER (from Sectigo (Comodo))] | [detailed cert info]

GEANT OV RSA CA 4

This second intermediate certificate is used by Sectigo to sign the server certificate, and is itself signed by the first intermediate certificate.

• Subject (Issued to): subject= /C=NL/O=GEANT Vereniging/CN=GEANT OV RSA CA 4
• Issued By: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
• Serial: DA43BD139BD258BB4DD61CACC4F3DBE0
• Valid not before: Feb 18 00:00:00 2020 GMT
• Valid not after: May 1 23:59:59 2033 GMT
• SHA1 fingerprint (thumbprint): C2:82:6E:26:6D:74:05:D3:4E:F8:97:62:63:6A:E4:B3:6E:86:CB:5E
• SHA256 fingerprint (thumbprint): 37:83:4F:A5:EA:40:FB:F7:B6:11:96:95:59:62:E1:CA:05:58:87:24:35:E4:20:66:53:D3:F6:20:DD:8E:98:8E
• First line of PEM: MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
• Download: [PEM (local)] ] | [detailed cert info]

JISC Certificate Service Certificates - QuoVadis (legacy)

The JISC Certificate Service supplies TLS certificates via an arrangement with TERENA working with QuoVadis. This agreement has been active since 12^th May 2015 and issued its last certificates in Jan 2021.

Further information about the JISC Certificate Service is available at https://www.jisc.ac.uk/certificate-service.

The root and chaining (intermediate) certificates used for JCS certificates issued by QuoVadis are available below.

Further information about QuoVadis certificates is available at https://www.quovadisglobal.com/download-roots-crl/.

QuoVadis Root CA 2 G3

This root certificate is used by QuoVadis to sign the intermediate certificates.

• Subject (Issued to): /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3
• Issued By: /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3
• Serial: 44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28
• Valid not before: Jan 12 18:59:32 2012 GMT
• Valid not after: Jan 12 18:59:32 2042 GMT
• SHA1 fingerprint (thumbprint): 09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36
• SHA256 fingerprint (thumbprint): 8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40
• First line of PEM: MIIGqzCCBJOgAwIBAgIULSyAIBi3kHxNLXnff7G9hycnzJMwDQYJKoZIhvcNAQEL
• Download: [PEM (local)] | [PEM (from QV)] | [DER (local)] | [DER (from QV)]

QuoVadis Global SSL ICA G3 (second version)

This intermediate certificate is used by QuoVadis to sign server certificates.

Note that there was an earlier version of this certificate with the same Subject Name, which was revoked January 2021.

• Subject (Issued to): C=BM, O=QuoVadis Limited, CN=QuoVadis Global SSL ICA G3
• Issued By: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
• Serial: 2d:2c:80:20:18:b7:90:7c:4d:2d:79:df:7f:b1:bd:87:27:27:cc:93
• Valid not before: Sep 22 19:09:23 2020 GMT
• Valid not after: Nov 6 14:50:18 2022 GMT
• SHA1 fingerprint (thumbprint): D4:66:18:CA:00:5D:4F:F3:7F:3B:14:00:93:D5:81:E0:63:CA:5A:E4
• SHA256 fingerprint (thumbprint): 30:24:24:43:F6:89:5A:94:56:0E:48:E4:DF:F7:20:53:6E:AF:51:63:CB:42:F5:E8:77:40:2A:BD:E2:F8:62:7C
• First line of PEM: MIIGqzCCBJOgAwIBAgIULSyAIBi3kHxNLXnff7G9hycnzJMwDQYJKoZIhvcNAQEL
• Download: [PEM (local)] | [PEM (from QV)] | [DER (local)] | [DER (from QV)]

Legacy JISC Certificate Service and other authorities information

Information on previous iterations of the JISC Certificate Service is now available here.