Happy Birthday R3!

The R3 intermediate certificate signed by ISRG Root X1 has been busy signing certificates for a whole year now!




While it's true that R3 was 'born' a year ago (Happy Birthday R3), I don't think R3 has been signing certificates for an entire year yet :slight_smile: (It takes a while for a newborn cert to be ready for [production] signing)

More precisely, this is the first R3-issued certificate known to crt.sh:

crt.sh | 3725272169 (Precert)
crt.sh | 3725273335 (Leaf)

(Issued on Dec 2 00:40:20 2020 GMT, based on NotBefore + 1 hour backdating)


Certificates grow up so fast, though! :slight_smile:


And you forgot about ISRG Root X2 and intermediates E1/E2, all issued on the same day. :wink:


Good point. Can't leave them out!

:partying_face: :partying_face: :partying_face: :partying_face: :partying_face:

(Those last two are for the other two certificates: cross-signed ISRG Root X2 and R4.)


Are we celebrating birthdays for certificates or for public/private key pairs? If so, we'd need to celebrate September 3rd as the R3 key pair birthday, as that's when the key ceremony happened in 2020!


Very true, @Osiris. The certs were valid at midnight on September 4, but the key pairs were issued the day before.

1 Like

Think less in certificates, think more in key pairs!

(Although technically it's perfectly possible to issue two separate certs with the same Common Name, but with different key pairs.. That would be silly of course, but possible..)


I agree. Honestly, I just see intermediate and root certificates as a way of labeling their public keys. It's not like they have a CN or SAN set that contains anything otherwise meaningful. I suppose the URLs for revocation and such are tied in nicely as well. The certs serve as birth certificate, death certificate, personal ID, and work ID for the key pairs.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.