1. /
  2. Download Primary PCA Root Certificates

Licensing and Use of Root Certificates

You may download, use and distribute the Root Certificates only under the terms of the Root Certificate License Agreement (PDF). There is no charge for use under these terms and You are not required to sign the agreement to make use of the Root Certificates. If You require a signed agreement per your company policy, please provide the information requested in the agreement and email a signed copy to dl-tss-root@symantec.com. You will receive a counter-signed copy for your records.
DISCLAIMER: ROOT CERTIFICATES, AND ANY UPDATES, ARE PROVIDED “AS-IS” WITH NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS.

VeriSign Root Package
Download a root package for VeriSign Certificates (roots.zip file)

Root 1
VeriSign Class 3 Public Primary CA - G2
Description:
This root CA is the root currently used for Secure Site Certificates and Standard SSL Certificates. It is intended to be the primary root used for these products until Q4 2010 when VeriSign transitions to using a 2048 bit root. Vendors should not plan on removing support for this root until officially advised that the root is no longer needed to support certificates or CRL validation.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = Class 3 Public Primary Certification Authority - G2
Organizational Unit = (c) 1998 VeriSign, Inc. - For authorized use only
Organizational Unit = VeriSign Trust Network
Serial Number: 7d d9 fe 07 cf a8 1e b7 10 79 67 fb a7 89 34 c6
Valid From: Sunday, May 17, 1998 4:00:00 PM
Valid to: Tuesday, August 01, 2028 3:59:59 PM
Certificate SHA1 Fingerprint: 85 37 1c a6 e5 50 14 3d ce 28 03 47 1b de 3a 09 e8 f8 77 0f
Key Size: RSA(1024 Bits)
Signature Algorithm: sha1RSA
File name in Root package: Class 3 Public Primary Certification Authority - G2

Test Site: https://ssltest24.bbtest.net

Download Root Now (Right Click, Save As)

Root 2
VeriSign Class 3 Public Primary CA
Description:
Description: This root CA is the root used for Secure Site Pro Certificates , Premium SSL Certificates and Code Signing Certificates. It is intended to be the primary root used for these products until Q4 2010 when VeriSign transitions to using a 2048 bit root. After that transition this CA will be used as part of a cross certification to ensure legacy applications continue to trust VeriSign certificates and must continue to be included in root stores by vendors. This root is expected to be used in this way at least until 12/31/2013 and vendors should not plan on removing support for this root until officially advised that the root is no longer needed to support certificates or CRL validation.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = Class 3 Public Primary Certification Authority
Serial Number: 3c 91 31 cb 1f f6 d0 1b 0e 9a b8 d0 44 bf 12 be
Valid From: Sunday, January 28, 1996 4:00:00 PM
Valid to: Wednesday, August 02, 2028 3:59:59 PM
Certificate SHA1 Thumbprint: a1 db 63 93 91 6f 17 e4 18 55 09 40 04 15 c7 02 40 b0 ae 6b
Key Size: RSA(1024 Bits)
Signature Algorithm: sha1RSA
File name in Root package: Class 3 Public Primary Certification Authority

Test Site: https://ssltest23.bbtest.net

Download Root Now (Right Click, Save As)

Root 3
VeriSign Class 3 Primary CA - G5
Description:
This root CA is the root used for Symantec Extended Validation Certificates and should be included in root stores. During Q4 2010 this root will also be the primary root used for all Symantec SSL and Code Signing certificates.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = VeriSign Trust Network
Organizational Unit = (c) 2006 VeriSign, Inc. - For authorized use only
Common Name = VeriSign Class 3 Public Primary Certification Authority - G5
Serial Number: 18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a
Operational Period: Tue, November 07, 2006 to Wed, July 16, 2036
Certificate SHA1 Fingerprint: 4e b6 d5 78 49 9b 1c cf 5f 58 1e ad 56 be 3d 9b 67 44 a5 e5
Key Size: RSA(2048Bits)
Signature Algorithm: sha1RSA

Test Site: https://ssltest2.bbtest.net

Download Root Now (Right Click, Save As)

Root 4
VeriSign Class 3 Public Primary CA - G3
Description:
This root CA is not extensively used today. It is used mainly for high assurance client certificates, but may used in the future for SSL and Code Signing services for certain applications. This root should be included in root stores as it is a 2048 bit root that may be used in the future.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = VeriSign Trust Network
Organizational Unit = (c) 1999 VeriSign, Inc. - For authorized use only
Common Name = VeriSign Class 3 Public Primary Certification Authority - G3
Serial Number: 00 9b 7e 06 49 a3 3e 62 b9 d5 ee 90 48 71 29 ef 57
Valid From: Thursday, September 30, 1999 4:00:00 PM
Valid to: Wednesday, July 16, 2036 3:59:59 PM
Certificate SHA1 Fingerprint: 13 2d 0d 45 53 4b 69 97 cd b2 d5 c3 39 e2 55 76 60 9b 5c c6
File name in Root package: Class 3 Public Primary Certification Authority - G3

Test Site: https://ssltest3.bbtest.net

Download Root Now (Right Click, Save As)

Root 5
VeriSign Class 3 Public Primary CA - G4
Description:
While this root is not being used today for Symantec's commercial certificate offerings, it is an ECC (Eliptic Curve Cryptography) root that will be used in the future to as the root of Trust for Class1, 2 and 3 certificates ECC certificates and should be included in root stores.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = VeriSign Trust Network
Organizational Unit = (c) 2007 VeriSign, Inc. - For authorized use only
Common Name = VeriSign Class 3 Public Primary Certification Authority - G4
Serial Number: 2f 80 fe 23 8c 0e 22 0f 48 67 12 28 91 87 ac b3
Valid From: Sunday, November 04, 2007 4:00:00 PM
Valid to: Monday, January 18, 2038 3:59:59 PM
Certificate SHA1 Fingerprint: 22 d5 d8 df 8f 02 31 d1 8d f7 9d b7 cf 8a 2d 64 c9 3f 6c 3a
File name in root package: VeriSign Class 3 Public Primary Certification Authority - G4
Signature Algorithm: 1.2.840.10045.4.3.3 (ecdsaWithSHA384)

Download Root Now (Right Click, Save As)

Root 6
VeriSign Class 2 Public Primary CA - G3
Description:
This root CA is used today to sign Class 2 client certificates issued through Symantec's Managed PKI Service. This root should be included in root stores as it is a 2048 bit root that will continue to be used in the future.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = VeriSign Trust Network
Organizational Unit = (c) 1999 VeriSign, Inc. - For authorized use only
Common Name = VeriSign Class 2 Public Primary Certification Authority - G3
Serial Number: 61 70 cb 49 8c 5f 98 45 29 e7 b0 a6 d9 50 5b 7a
Valid From: Thursday, September 30, 1999 4:00:00 PM
Valid to: Wednesday, July 16, 2036 3:59:59 PM
Certificate SHA1 Fingerprint: 61 ef 43 d7 7f ca d4 61 51 bc 98 e0 c3 59 12 af 9f eb 63 11
File name in Root package: Class 2 Public Primary Certification Authority - G2

Download Root Now (Right Click, Save As)

Root 7
VeriSign Class 2 Public Primary CA - G2
Description:
This root CA is used today to sign Class 2 client certificates issued through Symantec's Managed PKI Service. This root may be used until 12/31/2013 when VeriSign completes its transition to using a 2048 bit root. This root should be included in root stores as it is a 2048 bit root that will continue to be used in the future. Vendors should not plan on removing support for this root until officially advised that the root is no longer needed to support certificates or CRL validation.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = VeriSign Trust Network
Organizational Unit = (c) 1999 VeriSign, Inc. - For authorized use only
Common Name = VeriSign Class 2 Public Primary Certification Authority - G2
Serial Number: 00 b9 2f 60 cc 88 9f a1 7a 46 09 b8 5b 70 6c 8a af
Valid From: Sunday, May 17, 1998 5:00:00 PM
Valid to: Tuesday, August 01, 2028 4:59:59 PM
Certificate SHA1 Fingerprint: b3 ea c4 47 76 c9 c8 1c ea f2 9d 95 b6 cc a0 08 1b 67 ec 9d
File name in Root package: Class 2 Public Primary Certification Authority - G2

Download Root Now (Right Click, Save As)

Root 8
VeriSign Class 1 Public Primary CA
Description:
This root CA is used today to sign all Class 1e-mail certificates. This root was replaced by the VeriSign Class 1 Primary certification Authority - G3 during 2010, but should be included in root stores at least until January 1, 2013 to continue support certificates issued off this root as well as CRLs.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = Class 1 Public Primary Certification Authority
Serial Number: 00 cd ba 7f 56 f0 df e4 bc 54 fe 22 ac b3 72 aa 55
Valid From: Sunday, January 28, 1996 5:00:00 PM
Valid to: Tuesday, Tuesday, August 01, 2028 4:59:59 PM
Certificate SHA1 Fingerprint: 90 ae a2 69 85 ff 14 80 4c 43 49 52 ec e9 60 84 77 af 55 6f
File name in Root package: Class 1 Public Primary Certification Authority

Download Root Now (Right Click, Save As)

Root 9
VeriSign Class 1 Public Primary CA - G3
Description:
This root CA will be used today to sign all Class 1e-mail certificates starting in Q4 2010 and must be included in root stores.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = Class 1 Public Primary Certification Authority - G3
Organizational Unit = (c) 1998 VeriSign, Inc. - For authorized use only
Organizational Unit = VeriSign Trust Network
Serial Number: 00 8b 5b 75 56 84 54 85 0b 00 cf af 38 48 ce b1 a4
Valid from: Thur September 30, 1999 5:00:00 PM
Valid to: Wed July 01, 2036 4:59:59 PM
Certificate SHA1 Fingerprint: 20 42 85 dc f7 eb 76 41 95 57 8e 13 6b d4 b7 d1 e9 8e 46 a5
File name in Root package: Class 1 Public Primary Certification Authority

Download Root Now (Right Click, Save As)

Root 10
VeriSign Universal Root CA
Description:
While this root is not being used today for Symantec's commercial certificate offerings, it is a SHA-256 root that will be used in the future to as the root of Trust for Class1, 2 and 3 certificates SHA-256 certificates and should be included in root stores.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = VeriSign Trust Network
Organizational Unit = (c) 2008 VeriSign, Inc. - For authorized use only
Common Name = VeriSign Universal Root Certification Authority
Serial Number: 40 1a c4 64 21 b3 13 21 03 0e bb e4 12 1a c5 1d
Valid From: Tuesday, April 01, 2008 4:00:00 PM
Valid to: Tuesday, December 01, 2037 3:59:59 PM
Certificate SHA1 Fingerprint: 36 79 ca 35 66 87 72 30 4d 30 a5 fb 87 3b 0f a7 7b b7 0d 54
File name in Root package: VeriSign Universal Root Certification Authority
Key Size: RSA(2048Bits)
Signature Algorithm: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)

Test Site: https://ssltest26.bbtest.net

Download Root Now (Right Click, Save As)

Root 11
VeriSign Class 4 Public Primary CA - G3
Description:
This root is not being used today. While Symantec has no immediate plans to use this root it is a SHA-1 2048 bit root and should be included in root stores.

Country = US
Organization = VeriSign, Inc.
Organizational Unit = VeriSign Trust Network
Organizational Unit = (c) 1999 VeriSign, Inc. - For authorized use only
Common Name = VeriSign Class 4 Public Primary Certification Authority - G3
Serial Number: 00 ec a0 a7 8b 6e 75 6a 01 cf c4 7c cc 2f 94 5e d7
Valid From: Thursday, September 30, 1999 4:00:00 PM
Valid to: Wednesday, July 16, 2036 3:59:59 PM
Certificate SHA1 Fingerprint: c8 ec 8c 87 92 69 cb 4b ab 39 e9 8d 7e 57 67 f3 14 95 73 9d
Key Size: RSA(1024 Bits)
Signature Algorithm: sha1RSA
File name in Root package: VeriSign Class 4 Public Primary Certification Authority - G3

Download Root Now (Right Click, Save As)

Root 12
Symantec Class 1 Public Primary Certification Authority - G6
Description:
This root is used for is the SHA2 version of the older VeriSign Class 1 Root. This root is now provided to meet NIST requirements.

Organization = Symantec Corporation
Organizational Unit = Class Symantec Trust Network
Serial Number: 24 32 75 f2 1d 2f d2 09 33 f7 b4 6a ca d0 f3 98
Valid From: Monday, October 17, 2011 5:00:00 PM
Valid to: Tuesday, December 01, 2037 4:59:59 PM
Certificate SHA1 Thumbprint: 51 7f 61 1e 29 91 6b 53 82 fb 72 e7 44 d9 8d c3 cc 53 6d 64
Key Size: RSA(2048 Bits)
Signature Algorithm: sha2RSA
File name in Root package: Class 1 Public Primary Certification Authority – G6


Download Root Now (Right Click, Save As)

Root 13
Symantec Class 2 Public Primary Certification Authority - G6
Description:
This root is used for is the SHA2 version of the older VeriSign Class 2 Root. This root is now provided to meet NIST requirements.

Organization = Symantec Corporation
Organizational Unit = Class Symantec Trust Network
Serial Number: 64 82 9e fc 37 1e 74 5d fc 97 ff 97 c8 b1 ff 41
Valid From: Monday, October 17, 2011 5:00:00 PM
Valid to: Tuesday, December 01, 2037 4:59:59 PM
Certificate SHA1 Thumbprint: 40 b3 31 a0 e9 bf e8 55 bc 39 93 ca 70 4f 4e c2 51 d4 1d 8f
Key Size: RSA(2048 Bits)
Signature Algorithm: sha2RSA
File name in Root package: Class 2 Public Primary Certification Authority – G6


Download Root Now (Right Click, Save As)

Retired Roots
The following roots have been retired and need no longer be distributed by vendors

VeriSign Class 1 Public Primary CA - G2
Country = US
Organization = VeriSign, Inc.
Organizational Unit = Class 1 Public Primary Certification Authority - G2
Organizational Unit = (c) 1998 VeriSign, Inc. - For authorized use only
Organizational Unit = VeriSign Trust Network
Serial Number: 4c c7 ea aa 98 3e 71 d3 93 10 f8 3d 3a 89 91 92
Operational Period: Mon May 18, 1998 to Tue August 01, 2028
Certificate SHA1 Fingerprint: 273e e124 57fd c4f9 0c55 e82b 5616 7f62 f532 e547

VeriSign Class 2 Public Primary CA
Country = US
Organization = VeriSign, Inc.
Organizational Unit = Class 2 Public Primary Certification Authority
Serial Number: 2d 1b fc 4a 17 8d a3 91 eb e7 ff f5 8b 45 be 0b
Operational Period: Mon Jan 29, 1996 to Tue Aug 01, 2028
Certificate SHA1 Fingerprint: 6782 aae0 edee e21a 5839 d3c0 cd14 680a 4f60 142a

VeriSign Class 4 Public Primary CA - G2
Country = US
Organization = VeriSign, Inc.
Organizational Unit = Class 4 Public Primary Certification Authority - G2
Organizational Unit = (c) 1998 VeriSign, Inc. - For authorized use only
Organizational Unit = VeriSign Trust Network
Serial Number: 32 88 8e 9a d2 f5 eb 13 47 f8 7f c4 20 37 25 f8
Operational Period: Sun May 17, 1998 to Tue Aug 1, 2028
Certificate SHA1 Fingerprint: 0b 77 be bb cb 7a a2 47 05 de cc 0f bd 6a 02 fc 7a bd 9b 52

RSA Secure Server Certification Authority
Country = US
Organization = RSA Data Security, Inc.
Organizational Unit = Secure Server Certification Authority
Serial Number: 02 ad 66 7e 4e 45 fe 5e 57 6f 3c 98 19 5e dd c0
Operational Period: Wed Nov 9, 1994 to Thu Jan 7, 2010
Certificate SHA1 Fingerprint: 4463 c531 d7cc c100 6794 612b b656 d3bf 8257 846f