← All DigiCert certificates
Intermediate Certificate
DigiCert G6 TLS ECC P384 SHA384 2026 CA1
DigiCertCCADBCA Organization name as it appears in the CA's CP, CPS, CP/CPS and audit statements.
Browser Trust
AppleCCADBCertificate status in Apple: for root certificates, this status indicates the certificates inclusion status with this program. for intermediate certificates, this will be Not Trusted if it is revoked, expired, or otherwise does not meet program-specific criteria. Otherwise set to Trusted.
Not Trusted
CCADB status only
ChromeCCADBCertificate status in Google Chrome: for root certificates, this status indicates the certificates inclusion status with this program. for intermediate certificates, this will be Not Trusted if it is revoked, expired, or otherwise does not meet program-specific criteria. Otherwise set to Trusted.
Not Trusted
No direct match
MicrosoftCCADBCertificate status in Microsoft: for root certificates, this status indicates the certificates inclusion status with this program. for intermediate certificates, this will be Not Trusted if it is revoked, expired, or otherwise does not meet program-specific criteria. Otherwise set to Trusted.
Not Trusted
No direct match
MozillaCCADBCertificate status in Mozilla: for root certificates, this status indicates the certificates inclusion status with this program. for intermediate certificates, this will be Not Trusted if it is revoked, expired, or otherwise does not meet program-specific criteria. Otherwise set to Trusted.
Not Trusted
No direct match
Certificate Details
- Record TypeCCADBCCADB field: Certificate Record TypeOne of two values determined when certificate is added to the CCADB:
- Intermediate Certificate
- Root Certificate
- Intermediate Certificate
- Subject DNComputed locallyThe certificate's own distinguished name, parsed from its PEM. This identifies who the certificate was issued to.
- C=US, O=DigiCert, Inc., CN=DigiCert G6 TLS ECC P384 SHA384 2026 CA1
- Issuer DNComputed locallyThe distinguished name of the CA that signed this certificate, parsed from its PEM. This identifies who issued it.
- C=US, O=DigiCert, Inc., CN=DigiCert TLS ECC P384 Root G6 ↗
- SHA-256CCADBCCADB field: SHA-256 FingerprintA SHA-256 hash of the certificate generated by the CCADB when adding a certificate PEM.
- 6D738E71BCCEBA351BD4A1789A61A3C7FF66C0021E57C8A5D365E21A3EEABC8D
- Parent SHA-256CCADBCCADB field: Parent SHA-256 FingerprintA SHA-256 hash of the parent certificate, as generated by the CCADB when the parent certificate PEM was added.
- CCD72F5B8DC8743DB97FD0C2A24B6DF760088CC68F8EB8A1F817C74516612EF8
- Valid From (GMT)CCADBThe notBefore value extracted from the certificate PEM.
- 2026.07.07
- Valid To (GMT)CCADBThe notAfter value extracted from the certificate PEM.
- 2029.07.06
- AKICCADBCCADB field: Authority Key IdentifierThe authorityKeyIdentifier value extracted from the certificate PEM.
- xWXWH5rB227IatpQJpfnQ/lg7wQ=
- SKICCADBCCADB field: Subject Key IdentifierThe subjectKeyIdentifier value extracted from the certificate PEM.
- OwRkxSG8XV6P8IRcgTvkFAuuQbs=
- Operated ByCCADBCCADB field: Subordinate CA OwnerThis is the subordinate CA Owner's name as it appears in the provided audit statements. CA Owners MUST NOT leave this field blank unless both control of the private key and domain/IP control validation activities are performed by the organization listed in the audit statement of the parent certificate.
- —
- ConstrainedCCADBCCADB field: Technically ConstrainedA boolean value configured by the CCADB when the certificate PEM was added. Set to FALSE if the certificate does not contain an Extended Key Usage (EKU) extension. Set to TRUE if the EKU does not contain id-kp-serverAuth or anyExtendedKeyUsage. If the EKU contains id-kp-serverAuth, then set to TRUE if the certificate includes the Name Constraints X.509v3 extension with constraints on dNSName, iPAddress and DirectoryName. Otherwise set to FALSE.
- False
- RevocationCCADBCCADB field: Revocation StatusOnly applicable to the Intermediate Certificate record type, the revocation status for this certificate as configured by the CA Owner.
- –None–
- Not Revoked
- Revoked
- Parent Cert Revoked
- ✓ Not Revoked
- Salesforce IDCCADBCCADB field: Salesforce Record IDAn internal unique ID for this certificate in the CCADB. This value is assigned by the CCADB.
- 001TO00000o4VJrYAM
Capabilities
- EV OIDsCCADBCCADB field: EV OIDs for Root CertThis field is updated once daily by a batch program in the CCADB. It includes the union of all EV OIDs, as specified by Root Store Operators.
- —
- Status of RootCCADBCCADB field: Status of Root CertRoot Store inclusion status for the root certificate that this intermediate certificate chains up to in the CCADB. (Updated via hourly batch process)
- AppleNot IncludedGoogle ChromeNot IncludedMicrosoftNot IncludedMozillaNot Yet Included
TLSCCADBCCADB field: TLS CapableA boolean value configured by the CCADB:
- Set to TRUE for a root certificate record if 'Trust Bits For All Root Stores' contains Server Authentication.
- Set to TRUE for an intermediate certificate record if 'Derived Trust Bits' contains Server Authentication.
- Otherwise set to FALSE.
- Set to TRUE for a root certificate record if 'Apple EV Enabled' is set to TRUE, or 'ExtendedValidation.cpp OIDs is not null, or 'Microsoft EV_SSL_Enabled is set to TRUE, or 'Google Chrome EV Enabled' is set to TRUE.
- Set to TRUE for an intermediate certificate record if 'EV SSL Capable' is set to TRUE.
- Otherwise set to FALSE.
- Set to TRUE for a root certificate record if 'Trust Bits For All Root Stores' contains Code Signing.
- Set to TRUE for an intermediate certificate record if 'Derived Trust Bits' contains Code Signing.
- Otherwise set to FALSE.
- Set to TRUE for a root certificate record if 'Trust Bits For All Root Stores' contains Secure Email.
- Set to TRUE for an intermediate certificate record if 'Derived Trust Bits' contains Secure Email.
- Otherwise set to FALSE.
CAA IdentifiersCCADBCCADB field: AllCAAIdentifiersReportCSVV2A separate CCADB report, not part of the main certificate record (AllCertificateRecordsCSVFormatV5) used elsewhere on this page. CA Owners disclose the CAA issuer domain label(s) they use in DNS CAA records, tied to the specific intermediate certificate and Subject Key Identifier each declaration applies to.
Recognized CAA issuer identifiers published by CCADB for this CA certificate.
DigiCert G6 TLS ECC P384 SHA384 2026 CA1
SKI 3B0464C521BC5D5E8FF0845C813BE4140BAE41BB
Audit
- Audit FirmCCADBCCADB field: AuditorA picklist value for the name of the Audit Firm that issued the audit statements, as selected by the CA Owner.
- BDO International Limited
- Firm LocationCCADBCCADB field: Audit Firm LocationNot documented as a separate field in the CCADB data dictionary. Disclosed alongside Auditor.
- United States
- Same as ParentCCADBCCADB field: Audits Same as Parent?A boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if the current or next audit of the parent certificate includes this certificate. Otherwise set to FALSE, and all applicable audit fields must have values provided by the CA Owner.
- true
Policy & Documentation
- CP URLCCADBCCADB field: Certificate Policy (CP) URLThe URL to CP documentation specific to this certificate, as configured by the CA Owner. This value must be populated if 'CP Same as Parent' is set to FALSE.
- —
- CP Same as ParentCCADBA boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if this certificate has the same Certificate Policy (CP) information as the issuing certificate (or a subset). Otherwise set to FALSE.
- false
- CP EffectiveCCADBCCADB field: CP Effective DateThe date the CP documentation specific to this certificate became effective, as configured by the CA Owner. This value must be populated if 'CP Same as Parent' is set to FALSE.
- —
- CPS URLCCADBCCADB field: Certificate Practice Statement (CPS) URLThe URL to CPS documentation specific to this certificate, as configured by the CA Owner. This value must be populated if 'CPS Same as Parent' is set to FALSE.
- —
- CPS Same as ParentCCADBA boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if this certificate has the same Certification Practice Statement (CPS) information as the issuing certificate (or a subset). Otherwise set to FALSE.
- false
- CPS EffectiveCCADBCCADB field: CPS Effective DateThe date the CPS documentation specific to this certificate became effective, as configured by the CA Owner. This value must be populated if 'CPS Same as Parent' is set to FALSE.
- —
- CP/CPS StatementCCADBCCADB field: Certificate Practice & Policy StatementThe URL to the combined CP/CPS documentation specific to this certificate, as configured by the CA Owner. This value must be populated if 'CP/CPS Same as Parent' is set to FALSE.
- —
- CP/CPS Same as ParentCCADBA boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if this certificate has the same combined CP/CPS information as the issuing certificate (or a subset). Otherwise set to FALSE.
- true
- Inherited CP/CPS URLCCADBThis field is blank on this certificate because CP/CPS Same as Parent is TRUE. Shown here is the parent record's own combined CP/CPS URL.
- —
- Inherited CP/CPS EffectiveCCADBThis field is blank on this certificate because CP/CPS Same as Parent is TRUE. Shown here is the parent record's own CP/CPS effective date.
- —
- MD/AsciiDoc URLCCADBCCADB field: MD/AsciiDoc CP/CPS URLThe URL to the combined Markdown or AsciiDoc CP/CPS documentation specific to this certificate, as configured by the CA Owner. This value must be populated if 'MD/AsciiDoc CP/CPS Same as Parent' is set to FALSE.
- —
- MD/AsciiDoc Same as ParentCCADBCCADB field: MD/AsciiDoc CP/CPS Same as ParentA boolean value configured by the CA Owner for intermediate certificates: Set to TRUE if this certificate has the same combined Markdown or AsciiDoc CP/CPS information as the issuing certificate (or a subset). Otherwise set to FALSE.
- false
Infrastructure
- CRL (Full)CCADBCCADB field: JSON Array of All Full CRL URLsNot the exact documented field (the data dictionary describes an older single-URL "Full CRL Issued By This CA" field); this is its JSON-array successor in the current V5 report, holding the full CRL URL(s) for certificates issued by this CA, as configured by the CA Owner.
- —
- CRL (Parts)CCADBCCADB field: JSON Array of Partitioned CRLsWhen there is no full CRL for certificates issued by this CA, the CA Owner can provide a JSON array whose elements are URLs of partitioned, DER-encoded CRLs that when combined are the equivalent of a full CRL for certificates issued by this CA. The JSON array may omit obsolete partitioned CRLs whose scopes only include expired certificates.
- ACME DVCCADBCCADB field: DV ACME Directory URL(s)Not documented as a separate field in the CCADB data dictionary. This CA's ACME directory URL(s) for Domain Validated issuance, as configured by the CA Owner.
- —
- ACME OVCCADBCCADB field: OV ACME Directory URL(s)Not documented as a separate field in the CCADB data dictionary. This CA's ACME directory URL(s) for Organization Validated issuance, as configured by the CA Owner.
- —
- ACME EVCCADBCCADB field: EV ACME Directory URL(s)Not documented as a separate field in the CCADB data dictionary. This CA's ACME directory URL(s) for Extended Validation issuance, as configured by the CA Owner.
- —
- Test (Valid)CCADBCCADB field: Test Website URL - ValidThe URL to a website with a valid TLS certificate that chains up to the root certificate, as configured by the CA Owner.
- —
- Test (Expired)CCADBCCADB field: Test Website URL - ExpiredThe URL to a website with an expired TLS certificate that chains up to the root certificate, as configured by the CA Owner.
- —
- Test (Revoked)CCADBCCADB field: Test Website URL - RevokedThe URL to a website with a revoked TLS certificate that chains up to the root certificate, as configured by the CA Owner.
- —
Policy OIDs
Certificate
X.509 certificatePolicies
anyPolicy2.5.29.32.0
CCADB
EV OIDs for Root Cert · administrative declaration
Declared on root: DigiCert TLS ECC P384 Root G6
No EV OIDs declared on the root
Comparison
Certificate declares policy OIDs not found in CCADB
Chain Validation
Certificate Lint (zlint, live)
pkimetal
Certificate (PEM)
crt.sh via Matador
By SPKI SHA-256 →
All CT log entries sharing this public key, deduplicated — the broadest CT search for a CA
By SHA-256 →
Look up this exact certificate by its fingerprint
By SKI →
All certificates sharing this Subject Key Identifier
Issued Certificates →
Resolve crt.sh issuer CA ID, then paginate all certificates issued by this CA