Certificate Authority details
This article provides the details of the root and subordinate Certificate Authorities (CAs) utilized by FNET. The minimum requirements for public key encryption and signature algorithms, links to certificate downloads and revocation lists, and information about key concepts are provided below the CA details tables. The host names for the URIs that should be added to your firewall allowlists are also provided.
Root and subordinate certificate authority chains
| Name | Public Key | Curve/Size | Signature | Serial Number (Thumbprint) |
|---|---|---|---|---|
| FNET Root X1 (opens in a new tab) | ECDSA | P-384 | ECDSA-SHA384 | 288350424837984883702673960244052805412 (0xd8ee459289721a1904e03394b198c724) |
| └ FNET Intermediate E1 (opens in a new tab) | ECDSA | P-256 | ECDSA-SHA384 | 324230060186302010717948291345560144500 (0xf3ec702c747253da5db14b925f048a74) |
| FNET Root X2 (opens in a new tab) | RSA | 4096 bit | SHA256-RSA | 335158278659031540323788760238085111293 (0xfc2522f186440d6af0edef5cefaffdfd) |
| └ FNET Intermediate R1 (opens in a new tab) | RSA | 2048 bit | SHA256-RSA | 142449904028477201440089410214615749307 (0x6b2ada83d94bc6b02dee034badf692bb) |
Certificate authority bundles
| Name | Included subordinates |
|---|---|
| FNET Root X1 (opens in a new tab) | FNET Intermediate E1 |
| FNET Root X2 (opens in a new tab) | FNET Intermediate R1 |
Certificate authority diagram
Public key encryption and signature algorithms
Support for the following algorithms, elliptical curves, and key sizes are required:
Signature algorithms:
- ES256
- ES384
- ES512
- RS256
- RS384
- RS512
Elliptical curves:
- P256
- P384
- P521
Key sizes:
- ECDSA 256
- ECDSA 384
- ECDSA 521
- RSA 2048
- RSA 3072
- RSA 4096
Certificate downloads and revocation lists
The following domains may need to be included in your firewall allowlists to optimize connectivity:
AIA:
pki.l3.msx1.i.l3.msx2.i.l3.ms
CRL:
e1.c.l3.msr1.c.l3.ms
OCSP:
Currently, FNET does not provide an OCSP responder.
Article change log
- January 1, 2023: Added one new root and one new subordinate Certificate Authorities
- March 24, 2024: Added one new root and one new subordinate Certificate Authorities