Amazon-ECDSA-256-M04.cer: CN=Amazon ECDSA 256 M04,O=Amazon,C=US (Intermediate Certificate, Expiring 2030-08-23) detail info and audit record

Last Updated: 2023-05-06

Page content

CA Certificate Information and Audit Record

This certificate is intermediate certificate used for the issuance of other certificates.

Certificate Download URL: https://www.amazontrust.com/repository/Amazon-ECDSA-256-M04.cer (in DER format )
Serial Number : 166129406838330039647042838584494779438481994
SHA-1 Fingerprint : c3cd58443601721c4a838173fce8c11774de1a65
SHA-1 Fingerprint : c3:cd:58:44:36:01:72:1c:4a:83:81:73:fc:e8:c1:17:74:de:1a:65
SHA-256 Fingerprint : d241192cce57d438986723972dd6f18b5a3a3456a708e8f273d147223ab6fa5d
SHA-256 Fingerprint : d2:41:19:2c:ce:57:d4:38:98:67:23:97:2d:d6:f1:8b:5a:3a:34:56:a7:08:e8:f2:73:d1:47:22:3a:b6:fa:5d
Signature Hash Algorithm : sha256
Subject : CN=Amazon ECDSA 256 M04,O=Amazon,C=US
- Country Name: US (United States of America)
- Organization: Amazon
- Common Name: Amazon ECDSA 256 M04
Not Valid Before: 2022-08-23 22:34:28
Not Valid After: 2030-08-23 22:34:28
Issuer (Parent Certificate):
- Issuer Name: CN=Amazon Root CA 3,O=Amazon,C=US
- Issuer Certificate URL: NA
Audit Record:
- Revocation Status: Not Revoked
- Certificate Policy (CP) URL: https://www.digicert.com/content/dam/digicert/pdfs/legal/digicert-cp-v5-12-Final.pdf
- Certificate Practice Statement (CPS) URL: https://www.digicert.com/content/dam/digicert/pdfs/legal/digicert-cps-v5-12-Final.pdf
- Auditor: BDO International Limited
- Standard Audit URL: https://bugzilla.mozilla.org/attachment.cgi?id=9309728
- Standard Audit Period Start Date: 2021.10.01
- Standard Audit Period End Date: 2022.09.30
- Standard Audit Statement Date: 2022.12.22
- Standard Audit Type: WebTrust
- Full CRL Issued By This CA: http://crl.e2m04.amazontrust.com/e2m04.crl
- Check its issuer’s audit information: CN=Amazon Root CA 3,O=Amazon,C=US .

Download certificate through curl:

curl -sSL "https://www.amazontrust.com/repository/Amazon-ECDSA-256-M04.cer" --output cert.crt

Download certificate through wget:

wget -q "https://www.amazontrust.com/repository/Amazon-ECDSA-256-M04.cer" --output-document=cert.crt

CA Certificate Detail Information

Use openssl x509 to decode DER certificate to get detail information:

openssl x509 -in cert.crt -inform der -text -noout

Use openssl x509 to decode PEM certificate to get detail information:

openssl x509 -in cert.crt -inform pem -text -noout

Decoded detail certificate information:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:73:12:72:b7:52:ac:8a:dc:cb:0a:30:27:f7:df:ec:18:42:4a
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=US, O=Amazon, CN=Amazon Root CA 3
        Validity
            Not Before: Aug 23 22:34:28 2022 GMT
            Not After : Aug 23 22:34:28 2030 GMT
        Subject: C=US, O=Amazon, CN=Amazon ECDSA 256 M04
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:83:8e:e0:bd:fc:a8:52:b7:a0:33:b4:a6:0d:e9:
                    e7:ae:28:6b:cd:d0:02:a9:87:33:b2:37:2e:cf:28:
                    b7:fe:56:07:b2:06:4d:07:3d:68:32:df:d9:76:d3:
                    36:c6:07:b0:49:a6:64:8e:6c:13:b8:e5:3f:7c:20:
                    8e:a9:e2:b1:b5
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Key Identifier: 
                20:76:A0:E1:59:26:ED:45:B4:02:72:19:C2:4D:AE:77:37:B4:1B:49
            X509v3 Authority Key Identifier: 
                keyid:AB:B6:DB:D7:06:9E:37:AC:30:86:07:91:70:C7:9C:C4:19:B1:78:C0

            Authority Information Access: 
                OCSP - URI:http://ocsp.rootca3.amazontrust.com
                CA Issuers - URI:http://crt.rootca3.amazontrust.com/rootca3.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.rootca3.amazontrust.com/rootca3.crl

            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1

    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:5c:57:06:32:e6:e5:b9:72:a5:6b:d3:0e:9e:4a:
         3d:9d:99:7c:86:f9:2e:b5:28:c1:4d:a2:93:43:b6:91:1e:97:
         02:20:26:e0:34:37:ac:02:b5:23:2d:12:a3:f2:2c:d5:61:61:
         d3:be:b1:a3:5e:ca:8d:3b:a2:da:74:51:08:1e:c0:ad

CA Certificate in PEM Format

Use openssl x509 to convert certificate from DER format to PEM format:

openssl x509 -in cert.crt -inform der

Converted PEM format certificate:

Decode PEM Certificate online

Download PEM Certificate

Also see Top 1 Millions Domains CA Certificate List

CA Certificate Information and Audit Record

CA Certificate Detail Information

CA Certificate in PEM Format

Related Certificates