UMCPCA Server Signing Cert (OIT)

Internet Server Certificate

College Park Certificate Authority

About the Campus Server Certificate Signing Certificate

This URL is embedded into the Server Certificate Signing Certificate, which is part of the Certificate Chain for the Internet Server Certificate Authority at the University of Maryland at College Park.

This Server Certificate Signing Certificate was generated at the Keysigning Ceremony on Friday, June 6, 2003. It replaces the April 14, 2003 Server Signing certificate, which in turn replaced the March 5, 2003 Server Signing certificate, which in turn replaced the February 24, 2003 Server Signing certificate.

The February 24 certificate contained a critical Extended Key Usage extension that caused Netscape version 4.x browsers to fail in certificate validation with a “Certificate contains unknown critical extension” error. On March 5 it was replaced with a certificate containing a non-critical Extended Key Usage extension.

Later it was discovered that Internet Explorer imposes a strict nesting requirement on the expiration dates of the certificates in the chain. On April 14 new versions of the intermediate and server signing certificates, containing expiration dates that comport with Internet Explorer's requirements, were installed.

Later it was discovered that the Novell eDirectory server (a component of the new campus eMail system) cannot tolerate certificates using the new DC based naming scheme. On June 6 all certificates were rebuilt with Distinguished Name fields not containing DC or EMAIL components.

As with all Certificates, it can be listed using the x509 option of the OpenSSL program:

% openssl x509 -noout -text -in ssign.cert.pem

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Maryland, O=University of Maryland, OU=College Park Campus, CN=UMD College Park Intermediate v1
        Validity
            Not Before: Jun 23 18:38:16 2006 GMT
            Not After : Jun 23 18:38:16 2036 GMT
        Subject: C=US, ST=Maryland, O=University of Maryland, OU=College Park Campus, CN=UMD College Park Server Signing v1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:d6:e9:b8:43:ee:4f:f3:5b:83:92:dc:53:09:87:
                    fe:e9:39:be:f9:c0:b8:d4:75:f5:09:a9:24:1f:de:
                    47:55:73:de:c8:31:07:ac:f4:02:1d:3f:6b:50:d6:
                    df:ed:c7:da:12:17:15:8f:eb:9a:ae:20:09:55:e9:
                    1e:fe:cc:12:33:a2:d8:3e:a0:b7:f1:17:85:be:ab:
                    a1:c6:a0:e4:8f:3b:36:23:4f:45:a6:e7:62:e0:38:
                    7b:d3:f0:08:f2:03:07:9b:14:25:81:40:f8:56:f8:
                    ea:61:64:e2:6a:37:fe:f3:48:ae:7b:c7:f7:85:e6:
                    d2:f2:2c:a0:ba:72:26:b9:34:43:3c:26:64:cd:76:
                    07:3d:46:3d:c7:bd:6a:56:e4:b6:e7:c0:95:24:a4:
                    f4:78:93:b1:1c:c0:72:05:7f:c3:a8:71:24:84:e3:
                    7a:c6:81:5b:a1:0b:e7:70:0f:34:b6:8c:45:9f:4d:
                    1e:b8:a1:0f:f6:ff:0e:50:fb:6e:9d:1e:22:35:c4:
                    25:84:5c:92:90:be:af:d6:d7:e3:c4:bd:e7:3a:55:
                    7a:9a:c2:a5:8d:eb:ff:87:36:77:0d:5c:1b:d7:9a:
                    f3:52:7c:a5:ac:4b:7f:1c:72:57:16:e9:dd:dc:0b:
                    f3:0e:38:2a:44:29:ab:08:9f:fa:61:59:7d:e1:22:
                    9a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:umd.edu, email:certmaster@umd.edu
            X509v3 Issuer Alternative Name: 
                DNS:umd.edu, email:certmaster@umd.edu
            X509v3 Subject Key Identifier: 
                29:1E:19:23:3A:6A:67:60:BC:6E:5C:B0:FB:55:41:E3:23:28:3A:C5
            X509v3 Authority Key Identifier: 
                keyid:66:D1:EF:DA:4E:FB:C8:C9:F2:09:93:B0:B8:61:46:E6:41:99:DB:7D

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, TLS Web Server Authentication
            Netscape Cert Type: 
                SSL CA
            Netscape Comment: 
                See http://cert.umd.edu/ssign for details.
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.4305.1.2.1
                  CPS: http://cert.umd.edu/certpolicy

    Signature Algorithm: sha1WithRSAEncryption
        73:b5:8b:0e:1a:42:f5:da:85:ce:64:dc:03:9c:39:00:b5:4a:
        af:d2:71:a0:fe:c7:81:d6:dd:dc:df:69:a8:5f:18:dc:41:a1:
        f1:e1:13:02:01:c6:32:05:fd:3b:e9:71:42:18:cb:ca:de:0f:
        67:fc:c1:67:d1:42:e5:47:b2:83:79:ab:79:b2:7c:fc:f1:95:
        ac:23:1c:b1:fb:00:e4:33:d1:7f:c4:d6:a4:3c:1c:d9:cc:c6:
        fa:5c:25:26:f6:ca:b6:10:44:74:38:af:1c:a3:92:fd:39:7f:
        6f:ea:89:84:db:26:4b:27:ff:62:ed:d3:d3:ff:79:68:07:d3:
        fc:14:64:27:35:8b:a0:31:2f:ed:bf:5a:a5:6f:99:d2:2f:65:
        84:29:1d:62:69:b9:62:db:b2:63:e6:76:70:a5:da:ff:e7:25:
        ed:b1:ed:ff:2c:7e:c0:f6:30:b2:52:e3:cd:a9:41:e8:71:25:
        49:98:5c:d6:3c:66:5a:43:57:aa:04:20:13:bc:ee:3a:4e:ae:
        ff:2e:84:c5:6a:f9:64:2f:15:6c:11:af:7f:10:b7:93:2f:b4:
        a5:b3:0c:85:c5:99:54:f7:40:ae:61:a2:e5:6a:41:30:7e:bb:
        7b:cc:61:02:1f:db:f4:b5:c5:e2:7d:be:d1:71:16:aa:25:08:
        80:24:a4:9d

This 2048-bit certificate was signed by the the Campus Intermediate Certificate, and its purpose is marked by the X509v3 Basic Constraints and X509v3 Extended Key Usage fields as signing TLS Web Client and Server certificates. The X509v3 Extended Key Usage field is not marked as critical.

This certificate is installed in the Web Server software (e.g., Apache) which presents it to the Relying Party software in the client.

The server signing certificate in PEM text format: