Table of Contents
This article contains information on NMI's live services root certificate. For information on how to check and import certificates on Windows, please see the following article here.
Name: DigiCert Global Root G2
Serial Number: 03 3A F1 E6 A7 11 A9 A0 BB 28 64 B1 1D 09 FA E5
Download URL: https://www.digicert.com/CACerts/DigiCertGlobalRootG2.crt
Certificate Test URL: https://global-root-g2.chain-demos.digicert.com/
Note: Please ensure tests are done through Internet Explorer on Windows machines, as Chrome and Firefox both use their own certification validation process, and do not use the Windows Certificate Store.
What a user should see using the test URL above:
Certificate Authorities (CAs) are required to track any SSL Certificates they revoke. After the Certificate Authority (CA) revokes an SSL Certificate, the serial number of the certificate is added to a Certificate Revocation List (CRL).
Online Certificate Status Protocol (OCSP) has largely replaced the use of CRLs to check if a certificate has been revoked. Instead of downloading a file (CRL), a client will query the issuing CA's OCSP server using the certificate's serial number and the response will indicate whether the certificate has been revoked or not.
Please ensure your firewall is not blocking either the CRL or OCSP URLs above.