SSL/TLS certificate chains for Akamai-managed certificates

Document created by Rajiv Aaron Manglani Employee on Oct 20, 2015Last modified by Rajiv Aaron Manglani Employee on Nov 22, 2017
Version 11Show Document
  • View in full screen mode

Akamai currently obtains SSL/TLS certificates on behalf of our customers from three Certificate Authorities:

  • GeoTrust (a Symantec/DigiCert brand)
  • Let's Encrypt
  • Symantec (a DigiCert brand)

 

In the past, we have also obtained certificates from:

  • Comodo
  • Verizon Cybertrust

 

Below is a list of certificate chains customers can expect to see for Akamai-managed certificates. In each example, the end-entity certificate is listed first, and is signed by the next certificate in each list. That intermediate is then signed by another intermediate or a root certificate.

 

This list is provided for informational purposes only. Akamai does not recommend that customers pin, or hard-code, any part of the SSL/TLS certificates or their trust chains in applications or client software. If your application does need to pin certificates, please ensure that you enable Change Management in our Certificate Provisioning System. Our selection of root certificates does not change often, however intermediate certificates in each trust chain are subject to change without notice.

 

 

Comodo Extended Validation (EV) Single and SAN certificates

SHA-2 RSA certificates issued after September 2014

End-entity certificate

C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Extended Validation Secure Server CA 2

C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority

C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

 

GeoTrust Organization Validated (OV) Single, SAN, and Wildcard certificates

SHA-2 RSA certificates issued between June 16, 2015 and December 2017

End-entity certificate

C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA - G3

C=US/O=GeoTrust Inc./CN=GeoTrust Global CA

 

SHA-2 RSA certificates issued after December 2017

End-entity certificate

C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust RSA CA 2018

C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

 

Let's Encrypt Domain Validated (DV) SAN certificates

SHA-2 RSA certificates issued on or after March 25, 2016, certificates may be issued with either chain

End-entity certificate

C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

O=Digital Signature Trust Co./CN=DST Root CA X3

 

End-entity certificate

C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X4

O=Digital Signature Trust Co./CN=DST Root CA X3

 

Symantec Secure Site Pro Organization Validated (OV) Single, SAN, Wildcard, and Wildcard SAN certificates

SHA-2 RSA certificates issued between April 2016 and December 2017 with the “Default” trust chain selected

End-entity certificate

C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4

C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5

 

SHA-2 RSA certificates issued after December 2017 with the “Default” trust chain selected

End-entity certificate

C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA

C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

 

SHA-2 RSA certificates issued between April 2016 and December 2017 with the “Cross-signed 1k root” chain selected

End-entity certificate

C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4

C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5

C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority

 

ECDSA certificates issued between October 2016 and December 2017

End-entity certificate

C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 ECC 256 bit SSL CA - G2

C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5

 

ECDSA certificates issued after December 2017

End-entity certificate

C=US/O=DigiCert Inc/CN=DigiCert ECC Secure Server CA

C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

 

Symantec Secure Site Pro Extended Validated (EV) Single and SAN certificates

SHA-2 RSA certificates issued between May 2016 and December 2017

End-entity certificate

C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3

C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5

 

SHA-2 RSA certificates issued after December 2017

End-entity certificate

C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA

C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

 

ECDSA certificates issued between October 2016 and December 2017

End-entity certificate

C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 ECC 256 bit EV CA - G2

C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5

 

ECDSA certificates issued after December 2017

End-entity certificate

C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert ECC Extended Validation Server CA

C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

 

Verizon Cybertrust Organization Validated (OV) Single, SAN, Wildcard, and Wildcard SAN certificates

SHA-2 certificates issued after June 2014

End-entity certificate

C=NL/L=Amsterdam/O=Verizon Enterprise Solutions/OU=Cybertrust/CN=Verizon Akamai SureServer CA G14-SHA2

C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root

C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root

Attachments

    Outcomes