← All SSL.com certificates
Intermediate Certificate

Blahaj Cloud TLS ECC CA 1

SSL.comCCADBCA Organization name as it appears in the CA's CP, CPS, CP/CPS and audit statements.
Browser Trust
Apple
AppleCCADBCertificate status in Apple: for root certificates, this status indicates the certificates inclusion status with this program. for intermediate certificates, this will be Not Trusted if it is revoked, expired, or otherwise does not meet program-specific criteria. Otherwise set to Trusted.
Trusted
CCADB status only
Chrome
ChromeCCADBCertificate status in Google Chrome: for root certificates, this status indicates the certificates inclusion status with this program. for intermediate certificates, this will be Not Trusted if it is revoked, expired, or otherwise does not meet program-specific criteria. Otherwise set to Trusted.
Trusted
Not directly listed
Microsoft
MicrosoftCCADBCertificate status in Microsoft: for root certificates, this status indicates the certificates inclusion status with this program. for intermediate certificates, this will be Not Trusted if it is revoked, expired, or otherwise does not meet program-specific criteria. Otherwise set to Trusted.
Trusted
Not directly listed
Mozilla
MozillaCCADBCertificate status in Mozilla: for root certificates, this status indicates the certificates inclusion status with this program. for intermediate certificates, this will be Not Trusted if it is revoked, expired, or otherwise does not meet program-specific criteria. Otherwise set to Trusted.
Trusted
Not directly listed
Trust Bit Detail
SourceTrust Bits
CCADB — Derived Trust BitsCCADBWhen related fields are updated on a intermediate certificate record, a trigger method launches an asynchronous process that updates this field (if needed) for every certificate within that record's CCADB hierarchy. Set to empty when the certificate is expired or revoked. Directly map to EKU values when the certificate's EKU is present and not empty. If the EKU is empty or not present, then set Derived Trust Bits to the union of the trust-bits/EKUs that are on the parent root certificate for each root store that it is included in. Check for same Subject+SPKI root certificates, and if found, update the union to add the trust-bits/EKUs that are on the parent root certificate for each root store that it is included in (if not already in the union). If this certificate has an intermediate certificate as its parent in the CCADB, then: Create List2 that consists of the parent certificate's Derived Trust Bits unioned with the Derived Trust Bits of all of the parent certificate's unexpired unrevoked same Subject+SPKI certificates. Remove anything from this certificate's Derived Trust Bits that is not in List2.
Server Authentication
Certificate Details
Record TypeCCADBCCADB field: Certificate Record TypeOne of two values determined when certificate is added to the CCADB:
  • Intermediate Certificate
  • Root Certificate
Intermediate Certificate
Subject DNComputed locallyThe certificate's own distinguished name, parsed from its PEM. This identifies who the certificate was issued to.
C=US, O=SSL Corp, CN=Blahaj Cloud TLS ECC CA 1
Issuer DNComputed locallyThe distinguished name of the CA that signed this certificate, parsed from its PEM. This identifies who issued it.
C=US, O=SSL Corporation, CN=SSL.com TLS Transit ECC CA R2 ↗
SHA-256CCADBCCADB field: SHA-256 FingerprintA SHA-256 hash of the certificate generated by the CCADB when adding a certificate PEM.
572BB5C7085007AFB7B17866278AEEE73DDD6D702DD52F35EA5108198D623BD5
Parent SHA-256CCADBCCADB field: Parent SHA-256 FingerprintA SHA-256 hash of the parent certificate, as generated by the CCADB when the parent certificate PEM was added.
5D1BC399274E649E1C72697DE91A54AD725088C5221CB61E17EE9C290BC42A92
Valid From (GMT)CCADBThe notBefore value extracted from the certificate PEM.
2026.07.09
Valid To (GMT)CCADBThe notAfter value extracted from the certificate PEM.
2036.07.06
AKICCADBCCADB field: Authority Key IdentifierThe authorityKeyIdentifier value extracted from the certificate PEM.
MqLH2FiL/3/APPJVaTPszswfvJc=
SKICCADBCCADB field: Subject Key IdentifierThe subjectKeyIdentifier value extracted from the certificate PEM.
DjiEvE7ubZLywKg8T7qAZcGcRK4=
Operated ByCCADBCCADB field: Subordinate CA OwnerThis is the subordinate CA Owner's name as it appears in the provided audit statements. CA Owners MUST NOT leave this field blank unless both control of the private key and domain/IP control validation activities are performed by the organization listed in the audit statement of the parent certificate.
ConstrainedCCADBCCADB field: Technically ConstrainedA boolean value configured by the CCADB when the certificate PEM was added. Set to FALSE if the certificate does not contain an Extended Key Usage (EKU) extension. Set to TRUE if the EKU does not contain id-kp-serverAuth or anyExtendedKeyUsage. If the EKU contains id-kp-serverAuth, then set to TRUE if the certificate includes the Name Constraints X.509v3 extension with constraints on dNSName, iPAddress and DirectoryName. Otherwise set to FALSE.
False
RevocationCCADBCCADB field: Revocation StatusOnly applicable to the Intermediate Certificate record type, the revocation status for this certificate as configured by the CA Owner.
  • –None–
  • Not Revoked
  • Revoked
  • Parent Cert Revoked
✓ Not Revoked
Salesforce IDCCADBCCADB field: Salesforce Record IDAn internal unique ID for this certificate in the CCADB. This value is assigned by the CCADB.
001TO00000o3dfxYAA
Capabilities
EV OIDsCCADBCCADB field: EV OIDs for Root CertThis field is updated once daily by a batch program in the CCADB. It includes the union of all EV OIDs, as specified by Root Store Operators.
Status of RootCCADBCCADB field: Status of Root CertRoot Store inclusion status for the root certificate that this intermediate certificate chains up to in the CCADB. (Updated via hourly batch process)
Apple
Included
Google Chrome
Included
Microsoft
Included
Mozilla
Included
TLSCCADBCCADB field: TLS CapableA boolean value configured by the CCADB:
  • Set to TRUE for a root certificate record if 'Trust Bits For All Root Stores' contains Server Authentication.
  • Set to TRUE for an intermediate certificate record if 'Derived Trust Bits' contains Server Authentication.
  • Otherwise set to FALSE.
TLS EVCCADBCCADB field: TLS EV CapableA boolean value configured by the CCADB:
  • Set to TRUE for a root certificate record if 'Apple EV Enabled' is set to TRUE, or 'ExtendedValidation.cpp OIDs is not null, or 'Microsoft EV_SSL_Enabled is set to TRUE, or 'Google Chrome EV Enabled' is set to TRUE.
  • Set to TRUE for an intermediate certificate record if 'EV SSL Capable' is set to TRUE.
  • Otherwise set to FALSE.
Code SigningCCADBCCADB field: Code Signing CapableA boolean value configured by the CCADB:
  • Set to TRUE for a root certificate record if 'Trust Bits For All Root Stores' contains Code Signing.
  • Set to TRUE for an intermediate certificate record if 'Derived Trust Bits' contains Code Signing.
  • Otherwise set to FALSE.
S/MIMECCADBCCADB field: S/MIME CapableA boolean value configured by the CCADB:
  • Set to TRUE for a root certificate record if 'Trust Bits For All Root Stores' contains Secure Email.
  • Set to TRUE for an intermediate certificate record if 'Derived Trust Bits' contains Secure Email.
  • Otherwise set to FALSE.
VMCCCADBCCADB field: VMC CapableNot documented as a separate field in the CCADB data dictionary. Computed by CCADB using the same Trust Bits / Derived Trust Bits mechanism as the other capability flags, for Verified Mark Certificates.Document SigningCCADBCCADB field: Document Signing CapableNot documented as a separate field in the CCADB data dictionary. Computed by CCADB using the same Trust Bits / Derived Trust Bits mechanism as the other capability flags, for document signing EKU.
CAA IdentifiersCCADBCCADB field: AllCAAIdentifiersReportCSVV2A separate CCADB report, not part of the main certificate record (AllCertificateRecordsCSVFormatV5) used elsewhere on this page. CA Owners disclose the CAA issuer domain label(s) they use in DNS CAA records, tied to the specific intermediate certificate and Subject Key Identifier each declaration applies to.
Recognized CAA issuer identifiers published by CCADB for this CA certificate.
Blahaj Cloud TLS ECC CA 1
SKI 0E3884BC4EEE6D92F2C0A83C4FBA8065C19C44AE
ssl.com
Audit
Audit FirmCCADBCCADB field: AuditorA picklist value for the name of the Audit Firm that issued the audit statements, as selected by the CA Owner.
Firm LocationCCADBCCADB field: Audit Firm LocationNot documented as a separate field in the CCADB data dictionary. Disclosed alongside Auditor.
Same as ParentCCADBCCADB field: Audits Same as Parent?A boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if the current or next audit of the parent certificate includes this certificate. Otherwise set to FALSE, and all applicable audit fields must have values provided by the CA Owner.
true
Policy & Documentation
CP URLCCADBCCADB field: Certificate Policy (CP) URLThe URL to CP documentation specific to this certificate, as configured by the CA Owner. This value must be populated if 'CP Same as Parent' is set to FALSE.
CP Same as ParentCCADBA boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if this certificate has the same Certificate Policy (CP) information as the issuing certificate (or a subset). Otherwise set to FALSE.
false
CP EffectiveCCADBCCADB field: CP Effective DateThe date the CP documentation specific to this certificate became effective, as configured by the CA Owner. This value must be populated if 'CP Same as Parent' is set to FALSE.
CPS URLCCADBCCADB field: Certificate Practice Statement (CPS) URLThe URL to CPS documentation specific to this certificate, as configured by the CA Owner. This value must be populated if 'CPS Same as Parent' is set to FALSE.
CPS Same as ParentCCADBA boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if this certificate has the same Certification Practice Statement (CPS) information as the issuing certificate (or a subset). Otherwise set to FALSE.
false
CPS EffectiveCCADBCCADB field: CPS Effective DateThe date the CPS documentation specific to this certificate became effective, as configured by the CA Owner. This value must be populated if 'CPS Same as Parent' is set to FALSE.
CP/CPS StatementCCADBCCADB field: Certificate Practice & Policy StatementThe URL to the combined CP/CPS documentation specific to this certificate, as configured by the CA Owner. This value must be populated if 'CP/CPS Same as Parent' is set to FALSE.
CP/CPS Same as ParentCCADBA boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if this certificate has the same combined CP/CPS information as the issuing certificate (or a subset). Otherwise set to FALSE.
true
Inherited CP/CPS URLCCADBThis field is blank on this certificate because CP/CPS Same as Parent is TRUE. Shown here is the parent record's own combined CP/CPS URL.
Inherited CP/CPS EffectiveCCADBThis field is blank on this certificate because CP/CPS Same as Parent is TRUE. Shown here is the parent record's own CP/CPS effective date.
MD/AsciiDoc URLCCADBCCADB field: MD/AsciiDoc CP/CPS URLThe URL to the combined Markdown or AsciiDoc CP/CPS documentation specific to this certificate, as configured by the CA Owner. This value must be populated if 'MD/AsciiDoc CP/CPS Same as Parent' is set to FALSE.
MD/AsciiDoc Same as ParentCCADBCCADB field: MD/AsciiDoc CP/CPS Same as ParentA boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if this certificate has the same combined Markdown or AsciiDoc CP/CPS information as the issuing certificate (or a subset). Otherwise set to FALSE.
false
Infrastructure
CRL (Full)CCADBCCADB field: JSON Array of All Full CRL URLsNot the exact documented field (the data dictionary describes an older single-URL "Full CRL Issued By This CA" field); this is its JSON-array successor in the current V5 report, holding the full CRL URL(s) for certificates issued by this CA, as configured by the CA Owner.
CRL (Parts)CCADBCCADB field: JSON Array of Partitioned CRLsWhen there is no full CRL for certificates issued by this CA, the CA Owner can provide a JSON array whose elements are URLs of partitioned, DER-encoded CRLs that when combined are the equivalent of a full CRL for certificates issued by this CA. The JSON array may omit obsolete partitioned CRLs whose scopes only include expired certificates.
ACME DVCCADBCCADB field: DV ACME Directory URL(s)Not documented as a separate field in the CCADB data dictionary. This CA's ACME directory URL(s) for Domain Validated issuance, as configured by the CA Owner.
ACME OVCCADBCCADB field: OV ACME Directory URL(s)Not documented as a separate field in the CCADB data dictionary. This CA's ACME directory URL(s) for Organization Validated issuance, as configured by the CA Owner.
ACME EVCCADBCCADB field: EV ACME Directory URL(s)Not documented as a separate field in the CCADB data dictionary. This CA's ACME directory URL(s) for Extended Validation issuance, as configured by the CA Owner.
Test (Valid)CCADBCCADB field: Test Website URL - ValidThe URL to a website with a valid TLS certificate that chains up to the root certificate, as configured by the CA Owner.
Test (Expired)CCADBCCADB field: Test Website URL - ExpiredThe URL to a website with an expired TLS certificate that chains up to the root certificate, as configured by the CA Owner.
Test (Revoked)CCADBCCADB field: Test Website URL - RevokedThe URL to a website with a revoked TLS certificate that chains up to the root certificate, as configured by the CA Owner.
Policy OIDs
Certificate X.509 certificatePolicies
anyPolicy2.5.29.32.0
CCADB EV OIDs for Root Cert · administrative declaration
Declared on root: SSL.com TLS ECC Root CA 2022
CA/B EV TLS2.23.140.1.1
Comparison
CCADB OID(s) not found in certificate: 2.23.140.1.1
Chain Validation
Certificate Lint (zlint, live)
pkimetal
Certificate (PEM)
crt.sh via Matador
By SPKI SHA-256 → All CT log entries sharing this public key, deduplicated — the broadest CT search for a CA
By SHA-256 → Look up this exact certificate by its fingerprint
By SKI → All certificates sharing this Subject Key Identifier
Issued Certificates → Resolve crt.sh issuer CA ID, then paginate all certificates issued by this CA

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action