US Higher Education Root (USHER)
Certification Authority
CA1
Root Certificate Profile

Version 1.02 : May 29, 2007

Field Name Value Example Specified Explanation

Version 0x2 0x2 Y A version 3 certificate is specified

Serial Number an integer unique across all certificates issued by this CA 4 Y

Signature Algorithm SHA1/RSA Y

Issuer DN Same as Subject - see below Y

Validity Time not after 27 February 2026 Y We plan to rekey after 10 years. Sooner if needed, perhaps later if possible.

Subject DN
cn=USHER CA1 v1, ou=CA1, o=US Higher Education Root, c=US
Y We will not use DC Naming to avoid potential interoperability problems.

Public Key Y A 2048 bit RSA key will be used

Certificate Extensions

Key Usage Certificate Signing(5), CRL Signing(6) Y This extension will be marked critical

Basic Constraints CA=true Subject Type = CA Y Critical; No Path Length will be specified.

Certificate Policy id-usher-cp-LOA-FoundationAssurance OID 1.3.6.1.4.1.24726.2.2 Y Not critical; we will allocate a policy OID for the CA and include it in the certificate.

CPS Pointer URI https://www.usherca.org/practices/ca1/cps.pdf Y Not critical. A redacted version of the practices document will be made available on-line in PDF format

Authority Key Identifier KeyID See RFC-3280 for details Y Not critical. Only the keyIdentifier field will be populated.

Subject Key Identifier KeyID See RFC-3280 for details Y Not critical. Only the keyIdentifier field will be populated.

Field Name	Value	Example	Specified	Explanation
Version	0x2	0x2	Y	A version 3 certificate is specified
Serial Number	an integer unique across all certificates issued by this CA	4	Y
Signature Algorithm	SHA1/RSA		Y
Issuer	DN	Same as Subject - see below	Y
Validity	Time	not after 27 February 2026	Y	We plan to rekey after 10 years. Sooner if needed, perhaps later if possible.
Subject	DN	cn=USHER CA1 v1, ou=CA1, o=US Higher Education Root, c=US	Y	We will not use DC Naming to avoid potential interoperability problems.
Public Key			Y	A 2048 bit RSA key will be used
Certificate Extensions
Key Usage		Certificate Signing(5), CRL Signing(6)	Y	This extension will be marked critical
Basic Constraints	CA=true	Subject Type = CA	Y	Critical; No Path Length will be specified.
Certificate Policy	id-usher-cp-LOA-FoundationAssurance OID 1.3.6.1.4.1.24726.2.2		Y	Not critical; we will allocate a policy OID for the CA and include it in the certificate.
CPS Pointer	URI	https://www.usherca.org/practices/ca1/cps.pdf	Y	Not critical. A redacted version of the practices document will be made available on-line in PDF format
Authority Key Identifier	KeyID	See RFC-3280 for details	Y	Not critical. Only the keyIdentifier field will be populated.
Subject Key Identifier	KeyID	See RFC-3280 for details	Y	Not critical. Only the keyIdentifier field will be populated.

Specified column legend

Y	The profile specifies the use of this field as documented.
N	The profile does not specify the usage but may recommend a way to use the field.
italics	Example of an optional element.

US Higher Education Root (USHER) Certification Authority CA1 Root Certificate Profile

US Higher Education Root (USHER)
Certification Authority
CA1
Root Certificate Profile