UMCPCA Root Cert (OIT)

Root Authority Certificate

College Park Certificate Authority

About the Campus Root Certificate

This URL is embedded into the Root Certificate, which is logically the last entry in the Certificate Chain for all Certificate Authorities at the University of Maryland at College Park.

This Root certificate was generated at the Keysigning Ceremony on Friday, June 6, 2003. It replaces the February 24, 2003 Root certificate, which in turn replaced the August 25, 1998 Root Certificate.

Some time after February 24, when the original certificates were generated, it was discovered that the Novell eDirectory server (a component of the new campus eMail system) cannot tolerate certificates using the new DC based naming scheme. On June 6 all certificates were rebuilt with Distingished Name fields not containing DC or EMAIL components.

Relying Party software (e.g., web browsers such as Netscape Navigator or Internet Explorer) containing only the 1998 Root Certificate will display warning dialogs for web sites secured by this new root, and on August 24, 2003 will begin to display security warning dialogs for all web sites still secured by the old Root Certificate.

All campus Relying Party software should load the new Campus Root Certificate as soon as practical. The two Root Certificates can co-exist in any web browser, so in the interim it is recommended that both Root Ccertificates be loaded.

All campus Internet Servers that are secured by Campus local certificates, should request and install new Internet Server Certificates well before August 2003.

As with all Certificates, it can be listed using the x509 option of the OpenSSL program:

% openssl x509 -noout -text -in root.cert.pem

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Maryland, O=University of Maryland, OU=College Park Campus, CN=UMD College Park Root v1
        Validity
            Not Before: Jun 21 19:49:15 2006 GMT
            Not After : Jun 21 19:49:15 2036 GMT
        Subject: C=US, ST=Maryland, O=University of Maryland, OU=College Park Campus, CN=UMD College Park Root v1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:b6:67:74:32:41:41:d6:f7:f5:e4:65:28:f6:ca:
                    ae:dc:35:5a:31:91:2f:ef:d9:cf:80:6e:03:f6:55:
                    1a:8d:95:7a:2e:12:ea:81:79:cc:53:06:da:11:5c:
                    73:be:32:68:47:6c:df:07:02:fe:6d:ac:c3:ae:4a:
                    9b:b6:e2:04:89:02:ad:d1:72:02:85:8c:ef:55:f2:
                    33:da:56:ba:11:71:93:fe:ed:43:4a:e2:78:c5:74:
                    76:65:b6:34:fc:85:dc:2d:f1:16:70:61:36:ef:fc:
                    a9:c5:35:8b:9e:80:61:58:5c:9e:26:21:41:f7:96:
                    03:d7:e4:d0:0e:5f:70:e3:55:26:ae:2c:98:43:2f:
                    57:08:49:cb:7d:98:98:92:40:fd:05:f1:40:39:23:
                    ab:c2:41:76:a5:d3:32:e0:6c:f1:5b:32:56:d6:97:
                    50:20:9f:5d:4a:8f:36:1b:c2:a1:ff:86:97:cc:2c:
                    d5:74:b7:ff:ba:aa:c3:59:2f:12:26:31:60:5a:9c:
                    7d:ea:b6:93:ae:da:eb:e7:25:ec:c4:43:23:49:d3:
                    82:fa:cb:c5:91:67:c6:52:7e:94:a4:97:c5:f3:3c:
                    16:59:d7:c8:e1:76:ba:c0:c9:f9:af:f7:7b:13:8a:
                    49:25:1b:80:92:69:7b:f9:b3:b8:5c:ff:77:1f:56:
                    d6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:umd.edu, email:certmaster@umd.edu
            X509v3 Issuer Alternative Name: 
                DNS:umd.edu, email:certmaster@umd.edu
            X509v3 Subject Key Identifier: 
                04:F5:C3:23:20:78:07:60:B9:E1:17:CE:31:C8:7C:3E:96:49:2F:30
            X509v3 Authority Key Identifier: 
                keyid:04:F5:C3:23:20:78:07:60:B9:E1:17:CE:31:C8:7C:3E:96:49:2F:30

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            Netscape Cert Type: 
                SSL CA, S/MIME CA, Object Signing CA
            Netscape Comment: 
                See http://cert.umd.edu/root for details.
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.4305.1.2.1
                  CPS: http://cert.umd.edu/certpolicy

    Signature Algorithm: sha1WithRSAEncryption
        0b:d9:d6:f3:11:94:1c:93:58:96:c6:c3:72:52:6d:bf:e9:85:
        a2:87:29:47:ae:7c:4c:0b:70:c7:62:d7:84:1e:e1:47:ce:a7:
        1a:76:37:27:eb:93:30:3c:d8:f2:02:50:e5:66:fa:ac:91:70:
        96:cd:70:c2:78:76:ca:09:55:47:28:a6:c3:a2:71:7b:4b:c1:
        f2:83:8c:09:8e:c0:97:a3:18:a2:39:23:06:1e:5d:72:a6:3c:
        c8:9b:d3:cb:52:41:77:07:0b:38:b6:1f:b5:ec:d1:60:09:70:
        35:21:9f:e1:58:fe:c1:60:e5:95:cb:be:5c:0a:1c:cc:6e:4d:
        bd:65:0f:ac:f7:3d:43:fc:67:df:bd:59:fc:57:c9:a5:34:97:
        d3:86:f6:4b:94:98:33:0b:1c:5a:d3:ed:2c:04:b6:1d:87:7d:
        00:41:a0:e6:7e:14:32:15:22:be:26:ed:9e:ad:58:b4:e9:45:
        1a:80:b5:99:71:28:7d:0e:de:5a:f5:e5:3b:41:27:4f:3b:5d:
        7f:ce:1d:e9:35:aa:1d:b0:a6:ec:14:3d:a3:95:7b:90:4a:9b:
        ca:38:43:e9:c0:9a:a2:84:bd:1f:bb:b9:f4:02:84:ca:2e:6b:
        45:f7:3b:25:1c:69:11:e0:dd:6c:fd:96:e4:45:45:ab:e5:39:
        5c:1a:6c:69

This 2048-bit certificate is self-signed (that is, the Issuer and Subject are the same). Its purpose is marked by the X509v3 Basic Constraints and X509v3 Key Usage fields as signing other certificates and Certificate Revocation Lists (CRLs).

Any Relying Party should independantly load this root certificate into the software that will be used to verify Certificate Chains. In the case of SSL-based HTML Web Services, this will be the web browser (e.g., Netscape Navigator, Internet Explorer) that will play the client role in the secured web transactions.

The root certificate in PEM text format: