Resources
PKI Disclosure
Licenses & Approvals
E-Sign
Publications
Home > Repository

VeriSign CAs and RAs within the VeriSign Trust Network (VTN)
Revised May 21, 2009

The following table summarizes the functions of the subscriber certificate-issuing Certification Authorities operated by VeriSign within the VTN. This document also lists the entities responsible for the Registration Authority function for such Certification Authorities.

Type CA Name CA Description Registration
Authorities
VTN Root CAs Generation 1 (G1)
VeriSign Class 1 PCA
VeriSign Class 2 PCA
VeriSign Class 3 PCA
VeriSign Class 4 PCA 		First generation of VeriSign Root certification authorities which issue certificates to Subordinate CAs within the VTN. VeriSign, Inc.
Generation 2 (G2)
VeriSign Class 1 PCA - G2
VeriSign Class 2 PCA – G2
VeriSign Class 3 PCA – G2
VeriSign Class 4 PCA – G2 		Second generation of VeriSign Root certification authorities which issue certificates to Subordinate CAs within the VTN. VeriSign, Inc.
Generation 3 (G3)
VeriSign Class 1 PCA – G3
VeriSign Class 2 PCA – G3
VeriSign Class 3 PCA – G3
VeriSign Class 4 PCA – G3 		Third generation of VeriSign Root certification authorities which issue certificates to Subordinate CAs within the VTN. VeriSign, Inc.
Generation 4 (G4)
VeriSign Class 3 PCA – G4
 Fourth generation of VeriSign Root certification authorities which issue certificates to Subordinate CAs within the VTN. VeriSign, Inc.
Generation 5 (G5)
VeriSign Class 3 PCA – G5
 Fifth generation of VeriSign Root certification authorities which issue certificates to Subordinate CAs within the VTN. VeriSign, Inc.
Universal Root
VeriSign Universal Root CA
 Sixth generation of VeriSign Root certification authorities which issue certificates to Subordinate CAs within the VTN. VeriSign, Inc.
Class 3
Organizational
CAs		 VeriSign Class 3 Extended Validation SSL CA Issues EV SSL certificates. VeriSign, Inc., Managed PKI for SSL Customers and VTN Affiliates
VeriSign Class 3 Extended Validation 1024-bit SSL SGC CA Issues EV SSL certificates. VeriSign, Inc. and VTN Affiliates
VeriSign Class 3 Extended Validation SSL SGC CA Issues EV SSL SGC certificates. VeriSign, Inc., Managed PKI for SSL (Premium Edition) Customers and VTN Affiliates
VeriSign International Server CA – Class 3 Issues Global Server SGC certificates. VeriSign, Inc., Managed PKI for SSL (Premium Edition) Customers and VTN Affiliates
VeriSign Class 3 Secure Server 1024-bit CA – G2 Issues Secure Server certificates. VeriSign, Inc. and VTN Affiliates
VeriSign Class 3 Secure Server CA - G2 Issues Secure Server certificates. VeriSign, Inc., Managed PKI for SSL Customers and VTN Affiliates
VeriSign Class 3 Secure OFX CA - G3 Issues OFX certificates. VeriSign, Inc.
VeriSign Class 3 WLAN Secure Server CA Issues wireless secure server certs supporting the PEAP protocol. VeriSign, Inc.
VeriSign Class 3 Secure Intranet Server CA Signs certificates to be used on secure intranet servers. VeriSign, Inc.
VeriSign Class 3 Organizational CA Issues S/MIME certs VeriSign, Inc.
VeriSign Class 3 SSP CA Issues Non Federal SSP CAs VeriSign, Inc.
VeriSign Class 3 Code Signing 2009-2 CA Issues code signing and object signing certificates for use with Netscape browsers, Microsoft Internet Explorer browsers, Microsoft Office, Sun Java Signing, Macromedia, and Marimba. VeriSign, Inc.
Class 2 Enterprise CAs VeriSign Class 2 MPKI Individual Subscriber CA - G2 Issues certificates to the subscribers of Managed PKI Lite customers. Managed PKI Customer
VeriSign Class 2 SSP CA Issues Non Federal SSP CAs VeriSign, Inc.
Managed PKI Full Public Customer-Specific CAs Customer-specific CAs that chain to the VeriSign Class 2 PCA. Managed PKI Customer
Class 1 Enterprise CAs VeriSign Class 1 Individual Subscriber CA - G2 Issues Class 1 certificates to individuals. VeriSign, Inc.
VeriSign Class 1 SSP CA Issues Non Federal SSP CAs VeriSign, Inc.
Legacy CAs RSA Secure Server CA Legacy issuer of Secure Server certificates; also a Root CA. VeriSign, Inc., Managed PKI for SSL Customers and VTN Affiliates
VeriSign Class 3 Secure Server CA Legacy issuer of Secure Server certificates. VeriSign, Inc., Managed PKI for SSL Customers and VTN Affiliates
VeriSign Class 3 Secure Server 1024-bit CA Legacy issuer of Secure Server certificates. VeriSign, Inc. and VTN Affiliates
VeriSign Class 3 Code Signing 2001 CA Legacy issuer of Code Signing certificates. VeriSign, Inc.
VeriSign Class 3 Code Signing 2004 CA Legacy issuer of Code Signing certificates. VeriSign, Inc.
Class 3 Open Financial Exchange CA - G2 Legacy issuer OFX certificates. VeriSign, Inc.
VeriSign Class 1 CA Individual Subscriber-Personal Not Validated Legacy issuer of Class 1 certificates to individuals. VeriSign, Inc.
VeriSign Class 2 OnSite Individual CA Legacy issuer of certificates to the subscribers of Managed PKI Lite customers. Managed PKI Customer

Although VeriSign’s Authenticated Code Signing (ACS) products do not utilize CAs that chain up to VTN root CAs, they are included among the various types of infrastructure CAs covered in VeriSign’s Certification Practices Statement (CPS). There are two types of ACS CAs operated by VeriSign, as described in the table below.

Type CA Name CA Description Registration
Authorities
Authenticated Code Signing (ACS) CAs Authenticated Code Signing Root CAs Customer-specific root CAs, operated by VeriSign, which issue certificates to Subordinate ACS CAs. VeriSign, Inc.
Authenticated Code Signing Subordinate CAs Customer-specific CAs, operated by VeriSign, which issue ACS end-entity certificates to organizations. VeriSign, Inc.