This page contains information about end entity certificates issued by SunPKI Certification Authorities (CAs) hosted at and operated by VeriSign within the framework of VeriSign Trust Network (VTN). The page contains the complete list of end entity certificate types currently issued by VTN-SunPKI.

Unless explicitly stated otherwise, end entity certificates listed below can be issued either for production or for testing purposes, which is denoted in the certificate content as follows:

1. Production certificates:
   • Subject Distinguished Name (DN) contains (among others) the following component:   OU=Class B.
   • Certificate Policies extension contains the following User Notice:   Validated For Sun Business Operations.
2. Testing certificates:
   • Subject Distinguished Name (DN) contains (among others) the following component:   OU=Class C.
   • Certificate Policies extension contains the following User Notice:   Not Validated For Sun Business Operations.

In the list below, for each of the certificate types, the subject naming and content of certificates issued is defined using textual representations (hand edited, in openssl-like format), appended with additional information about the allowed dynamic (subscriber defined) fields, supported modulus sizes, and validity periods. Note: only the production (Class B) certificates are represented; the content of corresponding testing (Class C) certificates differs as described above.

1. SSL Server Cerificates

Issued to hosts with fully qualified domain names (FQDNs) that belong to the domains registered to Sun Microsystems or its subsidiaries. Typical use: webservers, application servers, endpoints of SSL tunnels, etc.

1. Trust anchor CA:  VeriSign's ;Class 3 Public Primary Certification Authority - G2
2. Issuing CA:  Sun Microsystems Inc SSL CA
3. Subject naming and content definitions:  corporate only.

2. People Cerificates

Issued to corporate and qualifying partner human subjects: certificate pairs (authentication/signature certificate and encryption certificate) to corporate users (Sun workers), and single certificates (authentication only) to qualifying partners. Typical use: certificate-based authentication (corporate and partner); secure email, data encryption/decryption (corporate only).

1. Trust anchor CA:  VeriSign's Class 2 Public Primary Certification Authority - G2
2. Issuing CA:   Sun's People CA
3. Subject naming and content definitions:  corporate authentication/signing, corporate encryption;  partner.

3. SSL Client Cerificates

Issued to corporate and qualifying partner applications (non-human subjects) that need to authenticate by presenting client certificates to SSL servers. Typical use: application systems, client-only endpoints of SSL tunnels, etc.

1. Trust anchor CA:  VeriSign's Class 2 Public Primary Certification Authority - G2
2. Issuing CA:   Sun's SSL Client CA
3. Subject naming and content definitions:  corporate;  partner.

4. Object Signing Cerificates

Issued to corporate and qualifying partner entities for the purpose of object signing. Typical use: code, jarfile, patch, document signing. Also issued for Solaris Cryptographic Framework and Solaris Signed Execution purposes, see below.

1. Trust anchor CA:  VeriSign's Class 2 Public Primary Certification Authority - G2
2. Issuing CA:   Sun's Object Signing CA
3. Subject naming and content definitions:
   • General purpose:  corporate;  partner.
   • Solaris Cryptographic Framework:  corporate;  partner.
   • Solaris Signed Execution:  corporate only.

5. IPsec/IKE Cerificates

Issued to hosts with fully qualified domain names (FQDNs) that belong to the domains registered to Sun Microsystems or its subsidiaries. Typical use: IPsec endpoint systems.

1. Trust anchor CA:  VeriSign's Class 2 Public Primary Certification Authority - G2
2. Issuing CA:   Sun's IPSec CA
3. Subject naming and content definitions:  corporate only.

VeriSign is a registered trademark of VeriSign, Inc. VeriSign Trust Network is a trademark of VeriSign, Inc.