US Higher Education Root (USHER)
Certification Authority
CA1
Root Certificate Profile

Version 1.02 : May 29, 2007
Field Name Value Example Specified Explanation
Version
0x2
0x2
Y
A version 3 certificate is specified
Serial Number
an integer unique across all certificates issued by this CA
4
Y
 
Signature Algorithm
 SHA1/RSA
 
Y
 
Issuer
DN
Same as Subject - see below
Y
 
Validity
Time
not after 27 February 2026
Y
We plan to rekey after 10 years. Sooner if needed, perhaps later if possible.
Subject
DN

cn=USHER CA1 v1, ou=CA1, o=US Higher Education Root, c=US

Y
We will not use DC Naming to avoid potential interoperability problems.
Public Key
 
 
Y
A 2048 bit RSA key will be used
Certificate Extensions
Key Usage
  Certificate Signing(5), CRL Signing(6)
Y
This extension will be marked critical
Basic Constraints
CA=true
Subject Type = CA
Y
Critical; No Path Length will be specified.
Certificate Policy
id-usher-cp-LOA-FoundationAssurance OID 1.3.6.1.4.1.24726.2.2
 
Y Not critical; we will allocate a policy OID for the CA and include it in the certificate.
CPS Pointer URI https://www.usherca.org/practices/ca1/cps.pdf
Y
Not critical. A redacted version of the practices document will be made available on-line in PDF format
Authority Key Identifier KeyID See RFC-3280 for details Y Not critical. Only the keyIdentifier field will be populated.
Subject Key Identifier KeyID See RFC-3280 for details Y Not critical. Only the keyIdentifier field will be populated.