This page describes all of the historical and current Certification Authorities (CAs) operated by Shengzhao CA. A CA should be understood as a name and a key: a CA may be represented by multiple certificates, provided that the Subject and Public Key Information of all certificates are the same. In such cases, we also provide details for all certificates corresponding to the CA. If you need to query the Trust Anchor IDs for the following CAs, please refer to Object Identifiers.

Root Certification Authorities

Our root certificate keys are stored offline in a secure location, while end-entity certificates provided to subscribers are issued by the intermediate certificates introduced in the next section. The Country field in the Subject of all root certificates is C = CN.

Note that the validity period of root certificates differs from that of other certificates. As self-signed certificates, root certificates also have a notAfter expiration date, but various Root Programs and Trust Stores may choose to extend or terminate trust in a root certificate early. Therefore, the validity periods listed below are only estimates based on the current policies of various Root Programs.

• Shengzhao Public RSA Root CA
  • Subject: CN=Shengzhao Public RSA Root CA, O=Superzhao IT Consulting Studio
  • Key type: RSA 4096
  • Validity: 2025-11-11 to 2050-11-11
  • CRL URL: https://ca.thsz.jl.cn/certfile/rsa/root/szprrca.crl
  • Download: RSA Root Certificate
• Shengzhao Public ECC Root CA
  • Subject: CN=Shengzhao Public ECC Root CA, O=Superzhao IT Consulting Studio
  • Key type: ECDSA P-521
  • Validity: 2025-11-11 to 2050-11-11
  • CRL URL: https://ca.thsz.jl.cn/certfile/ecc/root/szperca.crl
  • Download: ECC Root Certificate

The above root certificates have not yet been included in any automated trusted certificate stores, and there are no plans (for now) to join trusted certificate stores in the future.

For details on the compatibility of our root certificates with various devices and certificate stores, please see the Certificate Compatibility page.

Intermediate Certification Authorities

Subscriber certificates containing ECDSA public keys are issued by one of the ECDSA intermediate certificates, while subscriber certificates containing RSA public keys are issued by one of the RSA intermediate certificates.

The Country field in the Subject of all intermediate certificates is C = CN.

• Shengzhao Signing Intermediate CA
  • Subject: CN=Shengzhao Signing Intermediate CA, O=Superzhao IT Consulting Studio
  • Key type: RSA 2048 ECDSA P-384
  • Valid until: 2035-12-31
  • Download: RSA Certificate ECC Certificate
  • CRL URL: https://ca.thsz.jl.cn/certfile/rsa/inter/signca.crl (RSA) https://ca.thsz.jl.cn/certfile/ecc/inter/signca.crl (ECC)
  • Certificate Chain:
    • UserCert �?UserCA �?Shengzhao Signing Intermediate CA �?Shengzhao Public RSA Root CA (RSA)
    • UserCert �?UserCA �?Shengzhao Signing Intermediate CA �?Shengzhao Public ECC Root CA (ECC)

Certificate Chains

Generally, a certificate chain consists of only the end-entity certificate and one intermediate certificate, but there can be multiple intermediate certificates. The intent of this design is that as long as this entire chain of certificates is provided to the website visitor’s browser, the browser can verify the digital signatures one by one along the chain until it finds a trusted root certificate, without needing to download any other intermediate certificates during the process.

A certificate may also vary multiple certificate chains. For example, when an intermediate certificate is cross-signed, choosing any one of them can form a certificate chain and eventually reach their respective root certificates. In this case, websites can choose to use different certificate chains as needed.

The currently active intermediate certificates listed above all indicate their default provided certificate chains.