Digital Certificates for RDAP Pilot Client Authentication

This is DigiCert's contribution to the RDAP pilot project in an effort to implement TLS client authentication for RDAP.

hierarchy

Below is the full set of cryptographic material that could be configured on the server side and client side.

1. This is the Root CA certificate

DigiCert RDAP Pilot Root CA (for server)

SHA256 Fingerprint E4:11:A4:C6:98:D9:FB:32:79:F6:F9:95:C8:8D:27:0D 53:47:2F:0D:3D:1E:92:1B:84:C3:87:52:74:DF:B5:75

2. This is the Intermediate CA certificate

DigiCert RDAP Pilot Intermediate CA (for server)

SHA256 Fingerprint 5A:33:72:80:26:92:C9:0D:7F:45:1C:2C:29:3B:7D:5A 64:C0:3C:AA:55:57:10:52:F2:7D:DC:07:F5:4D:F2:A3

3. This is the valid client certificate with a private key in PKCS#12 format. Passphrase is "rdap". Needless to say, this client certificate and keypair is strictly for functionality test purposes only since the private key is posted to the public and is deemed compromised. This client certificate does not provide any level of assurance whatsoever.

DigiCert RDAP Pilot Client Certificate Valid (for client)

SHA256 Fingerprint 4E:CA:6E:4A:53:71:49:ED:92:47:1C:45:73:CD:2C:13 A1:BD:CD:2B:79:30:1A:CD:77:AE:E9:C7:9F:DD:EF:2B

4. This is the expired client certificate with a private key in PKCS#12 format. Passphrase is "rdap". Needless to say, this client certificate and keypair is strictly for functionality test purposes only since the private key is posted to the public and is deemed compromised. This client certificate does not provide any level of assurance whatsoever.

DigiCert RDAP Pilot Client Certificate Expired (for client)

SHA256 Fingerprint E0:08:87:9A:30:6A:01:E7:B1:45:70:69:51:F6:6D:F9 1C:F3:57:D7:A7:F2:84:8B:15:C4:73:8A:20:63:18:94

5. This is the revoked client certificate with a private key in PKCS#12 format. Passphrase is "rdap". Needless to say, this client certificate and keypair is strictly for functionality test purposes only since the private key is posted to the public and is deemed compromised. This client certificate does not provide any level of assurance whatsoever.

DigiCert RDAP Pilot Client Certificate Revoked (for client)

SHA256 Fingerprint BF:70:5D:DF:E3:91:F5:F1:DA:8E:00:AD:E1:71:74:2D 4B:0F:EF:BD:E8:D2:BC:1A:77:32:63:8C:2C:32:0B:D5

6. This is the Intermediate CA certificate Revoked

DigiCert RDAP Pilot Intermediate CA Revoked (for server)

SHA256 Fingerprint 0F:01:52:A7:76:42:9E:5A:F2:9F:4E:9B:C6:3D:17:EA 82:B6:15:AB:6C:60:61:87:AA:82:D5:5B:38:6D:5E:94

7. This is the valid client certificate with a private key in PKCS#12 format issued by the revoked Intermediate CA. The purpose of this valid client certificate is to verify the ARL is checked for the Intermediate CA. Passphrase is "rdap". Needless to say, this client certificate and keypair is strictly for functionality test purposes only since the private key is posted to the public and is deemed compromised. This client certificate does not provide any level of assurance whatsoever.

DigiCert RDAP Pilot Client Certificate Valid Under Revoked CA (for client)

SHA256 Fingerprint E0:8F:68:CD:A8:05:D6:0D:8E:2A:48:29:C0:38:EF:5D FA:EB:0D:EC:0F:5B:11:74:C1:5C:47:C4:D5:A1:E8:68

The cryptographic material below are only for reference. They do not need to be configured anywhere for this experiment. They are the Certificate Revocation Lists that are linked from the CRL Distribution Point in the certificate extension.

8. This is the Certificate Revocation List in DER format. It is the same file that is in the CRL Distribution Point of the pilot Intermediate CA certificate.

DigiCert RDAP Pilot ARL

9. This is the Certificate Revocation List in DER format issued by the valid Intermediate CA. It is the same file that is in the CRL Distribution Point of the pilot client certificate.

DigiCert RDAP Pilot CRL

10. This is the Certificate Revocation List in DER format issued by the revoked Intermediate CA. It is the same file that is in the CRL Distribution Point of the pilot client certificate.

DigiCert RDAP Pilot CRL2