Table of Contents
Overview
This article contains information on NMI's live services root certificate. For information on how to check and import certificates on Windows, please see the following article here.
DigiCert Root Certificate Details
Name: DigiCert Global Root G2
Serial Number: 03 3A F1 E6 A7 11 A9 A0 BB 28 64 B1 1D 09 FA E5
Thumbprint: DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Download URL: https://www.digicert.com/CACerts/DigiCertGlobalRootG2.crt
Certificate Test URL: https://global-root-g2.chain-demos.digicert.com/
Note: Please ensure tests are done through Internet Explorer on Windows machines, as Chrome and Firefox both use their own certification validation process, and do not use the Windows Certificate Store.
What a user should see using the test URL above:
OCSP & CRL Revocation Checking
Certificate Authorities (CAs) are required to track any SSL Certificates they revoke. After the Certificate Authority (CA) revokes an SSL Certificate, the serial number of the certificate is added to a Certificate Revocation List (CRL).
Online Certificate Status Protocol (OCSP) has largely replaced the use of CRLs to check if a certificate has been revoked. Instead of downloading a file (CRL), a client will query the issuing CA's OCSP server using the certificate's serial number and the response will indicate whether the certificate has been revoked or not.
CRL URLs
- http://crl3.digicert.com/DigiCertGlobalRootG2.crl
- http://crl4.digicert.com/DigiCertGlobalRootG2.crl
- http://cdp.thawte.com/ThawteTLSRSACAG1.crl
OCSP URL
Please ensure your firewall is not blocking either the CRL or OCSP URLs above.