New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 438 users
Status: Verified
Owner:
OOO/Conf/Meetings/Travel through 1/...
Closed: Jan 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Feature

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
Add ISRG / Let's Encrypt root certificate
Reported by j...@letsencrypt.org, Sep 14 2015 Back to list
See Mozilla bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1204656

CA Details
----------

CA Name: Internet Security Research Group (ISRG)

Website: https://letsencrypt.org/

One Paragraph Summary of CA:
Let’s Encrypt is a service provided by Internet Security Research Group (ISRG). ISRG is a California public benefit corporation, and is recognized by the IRS as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code. We will offer server authentication certificates to subscribers around the world. Let’s Encrypt subscribers are the general public.

Audit Type (WebTrust, ETSI etc.): Point in Time Readiness Assessments for WebTrust for CA 2.0, BR 2.0
Auditor: BrightLine
Auditor Website: https://www.brightline.com/
Audit Document URL(s): To be provided at a later date.

Certificate Details
-------------------

Certificate Name: ISRG Root X1
Summary Paragraph:
ISRG Root X1 is a Root CA with an RSA key with a 4096 bit long modulus.  It will be used to issue server authentication certificates via intermediates, as defined in our CP and CPS. Initially there will be two intermediates, “Let's Encrypt Authority X1” and “Let's Encrypt Authority X2”. For more information please see attached diagram.

Certificate download URL (on CA website): https://letsencrypt.org/certs/isrgrootx1.der
Version: X.509 v3
SHA1 Fingerprint: cabd2a79a1076a31f21d253635cb039d4329a5e8
Public key length (for RSA, modulus length) in bits: 4096
Valid From (YYYY-MM-DD): 2015-06-04
Valid To (YYYY-MM-DD): 2035-06-04

CRL HTTP URL: http://crl.root-x1.letsencrypt.org/
CRL issuing frequency for subordinate end-entity certificates: We will not issue CRLs for end-entity certificates.
CRL issuing frequency for subordinate CA certificates: At least once every six months.
OCSP URL: http://ocsp.root-x1.letsencrypt.org/

Class (domain-validated, identity/organizationally-validated or EV): DV
Certificate Policy URL: http://cp.root-x1.letsencrypt.org/
CPS URL: http://cps.root-x1.letsencrypt.org/
Requested Trust Indicators (email and/or SSL and/or code signing): SSL
URL of example website using certificate subordinate to this root (if applying for SSL): http://helloworld.letsencrypt.org/
 
isrg-keys.png
26.4 KB View Download
Labels: -Type-Bug Type-Feature M-47 Cr-Security OS-All
Labels: -M-47 Cr-Internals-Network-SSL
Owner: rsleevi@chromium.org
Status: Assigned
Acknowledging this request, but cannot provide a timeline for review at this time.
Comment 3 by palmer@chromium.org, Sep 14 2015
Cc: palmer@chromium.org
Cc: dylaness...@google.com
Please add them
Comment 6 by cloxy....@gmail.com, Sep 17 2015
Please add
Comment 7 by palmer@chromium.org, Sep 17 2015
Labels: Restrict-AddIssueComment-EditIssue
To indicate your interest in this bug, please star it using the Star button at the top.
Labels: -OS-All OS-Chrome
Labels: M-57
Status: Verified
Sign in to add a comment