Skip to content

Commit a568695

Browse files
aarongableaarongable
committed
Add documentation page for our OIDs
1 parent 8d9f131 commit a568695

File tree

34 files changed

+344
-0
lines changed

34 files changed

+344
-0
lines changed

content/base-l10n/docs/oids.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
date: 2025-09-08
5+
lastmod: 2025-09-08
6+
show_lastmod: false
7+
untranslated: 1
8+
---
9+

content/ca/docs/oids.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
date: 2025-09-08
5+
lastmod: 2025-09-08
6+
show_lastmod: false
7+
untranslated: 1
8+
---
9+

content/cs/docs/oids.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
date: 2025-09-08
5+
lastmod: 2025-09-08
6+
show_lastmod: false
7+
untranslated: 1
8+
---
9+

content/da/docs/oids.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
date: 2025-09-08
5+
lastmod: 2025-09-08
6+
show_lastmod: false
7+
untranslated: 1
8+
---
9+

content/de/docs/oids.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
date: 2025-09-08
5+
lastmod: 2025-09-08
6+
show_lastmod: false
7+
untranslated: 1
8+
---
9+

content/el/docs/oids.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
date: 2025-09-08
5+
lastmod: 2025-09-08
6+
show_lastmod: false
7+
untranslated: 1
8+
---
9+

content/en/certificates.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ Note that Root CAs don't have expiration dates in quite the same way that other
2424
* Certificate details (self-signed): [crt.sh](https://crt.sh/?id=9314791), [der](/certs/isrgrootx1.der), [pem](/certs/isrgrootx1.pem), [txt](/certs/isrgrootx1.txt)
2525
* Certificate details (cross-signed by DST Root CA X3): [crt.sh](https://crt.sh/?id=3958242236), [der](/certs/isrg-root-x1-cross-signed.der), [pem](/certs/isrg-root-x1-cross-signed.pem), [txt](/certs/isrg-root-x1-cross-signed.txt) (retired)
2626
* Test websites: [valid](https://valid-isrgrootx1.letsencrypt.org/), [revoked](https://revoked-isrgrootx1.letsencrypt.org/), [expired](https://expired-isrgrootx1.letsencrypt.org/)
27+
* OID: 1.3.6.1.4.1.44947.1.2.1
2728
* **ISRG Root X2**
2829
* Subject: `O = Internet Security Research Group, CN = ISRG Root X2`
2930
* Key type: `ECDSA P-384`
@@ -33,6 +34,7 @@ Note that Root CAs don't have expiration dates in quite the same way that other
3334
* Certificate details (cross-signed by ISRG Root X1): [crt.sh](https://crt.sh/?id=3334561878), [der](/certs/isrg-root-x2-cross-signed.der), [pem](/certs/isrg-root-x2-cross-signed.pem), [txt](/certs/isrg-root-x2-cross-signed.txt)
3435
* Certificate details (second cross-sign by ISRG Root X1): [der](/certs/gen-y/root-x2-by-x1.der), [pem](/certs/gen-y/root-x2-by-x1.pem), [txt](/certs/gen-y/root-x2-by-x1.txt)
3536
* Test websites: [valid](https://valid-isrgrootx2.letsencrypt.org/), [revoked](https://revoked-isrgrootx2.letsencrypt.org/), [expired](https://expired-isrgrootx2.letsencrypt.org/)
37+
* OID: 1.3.6.1.4.1.44947.1.2.2
3638

3739
These roots are not yet included in Root Program Trust Stores, but will be submitted for inclusion soon:
3840

@@ -43,13 +45,15 @@ These roots are not yet included in Root Program Trust Stores, but will be submi
4345
* Certificate details (self-signed): [der](/certs/gen-y/root-ye.der), [pem](/certs/gen-y/root-ye.pem), [txt](/certs/gen-y/root-ye.txt)
4446
* Certificate details (cross-signed by ISRG Root X2): [der](/certs/gen-y/root-ye-by-x2.der), [pem](/certs/gen-y/root-ye-by-x2.pem), [txt](/certs/gen-y/root-ye-by-x2.txt)
4547
* Test websites: Forthcoming
48+
* OID: 1.3.6.1.4.1.44947.1.2.3
4649
* **ISRG Root YR**
4750
* Subject: `O = ISRG, CN = Root YR`
4851
* Key type: `RSA 4096`
4952
* Trusted until: N/A (generated 2025-09-03)
5053
* Certificate details (self-signed): [der](/certs/gen-y/root-yr.der), [pem](/certs/gen-y/root-yr.pem), [txt](/certs/gen-y/root-yr.txt)
5154
* Certificate details (cross-signed by ISRG Root X1): [der](/certs/gen-y/root-yr-by-x1.der), [pem](/certs/gen-y/root-yr-by-x1.pem), [txt](/certs/gen-y/root-yr-by-x1.txt)
5255
* Test websites: Forthcoming
56+
* OID: 1.3.6.1.4.1.44947.1.2.4
5357

5458
For additional information on the compatibility of our root certificates with various devices and trust stores, see [Certificate Compatibility](/docs/cert-compat).
5559

@@ -66,25 +70,29 @@ All intermediate certificate Subjects have a Country field of `C = US`.
6670
* CA details: [crt.sh](https://crt.sh/?caid=295813), [issued certs](https://crt.sh/?Identity=%25&iCAID=295813)
6771
* Certificate details (signed by ISRG Root X2): [der](/certs/2024/e7.der), [pem](/certs/2024/e7.pem), [txt](/certs/2024/e7.txt)
6872
* Certificate details (cross-signed by ISRG Root X1): [der](/certs/2024/e7-cross.der), [pem](/certs/2024/e7-cross.pem), [txt](/certs/2024/e7-cross.txt)
73+
* OID: 1.3.6.1.4.1.44947.1.2.2.5
6974
* **Let's Encrypt E8**
7075
* Subject: `O = Let's Encrypt, CN = E8`
7176
* Key type: `ECDSA P-384`
7277
* Valid until: 2027-03-12
7378
* CA details: [crt.sh](https://crt.sh/?caid=295809), [issued certs](https://crt.sh/?Identity=%25&iCAID=295809)
7479
* Certificate details (signed by ISRG Root X2): [der](/certs/2024/e8.der), [pem](/certs/2024/e8.pem), [txt](/certs/2024/e8.txt)
7580
* Certificate details (cross-signed by ISRG Root X1): [der](/certs/2024/e8-cross.der), [pem](/certs/2024/e8-cross.pem), [txt](/certs/2024/e8-cross.txt)
81+
* OID: 1.3.6.1.4.1.44947.1.2.2.6
7682
* **Let's Encrypt R12**
7783
* Subject: `O = Let's Encrypt, CN = R12`
7884
* Key type: `RSA 2048`
7985
* Valid until: 2027-03-12
8086
* CA details: [crt.sh](https://crt.sh/?caid=295816), [issued certs](https://crt.sh/?Identity=%25&iCAID=295816)
8187
* Certificate details (signed by ISRG Root X1): [der](/certs/2024/r12.der), [pem](/certs/2024/r12.pem), [txt](/certs/2024/r12.txt)
88+
* OID: 1.3.6.1.4.1.44947.1.2.1.5
8289
* **Let's Encrypt R13**
8390
* Subject: `O = Let's Encrypt, CN = R13`
8491
* Key type: `RSA 2048`
8592
* Valid until: 2027-03-12
8693
* CA details: [crt.sh](https://crt.sh/?caid=295817), [issued certs](https://crt.sh/?Identity=%25&iCAID=295817)
8794
* Certificate details (signed by ISRG Root X1): [der](/certs/2024/r13.der), [pem](/certs/2024/r13.pem), [txt](/certs/2024/r13.txt)
95+
* OID: 1.3.6.1.4.1.44947.1.2.1.6
8896

8997
Click below for details on additional intermediates which are not part of the active issuance hierarchy:
9098

@@ -100,12 +108,14 @@ These intermediate CAs have currently-valid certificates, but are not being issu
100108
* CA details: [crt.sh](https://crt.sh/?caid=295812), [issued certs](https://crt.sh/?Identity=%25&iCAID=295812)
101109
* Certificate details (signed by ISRG Root X2): [der](/certs/2024/e9.der), [pem](/certs/2024/e9.pem), [txt](/certs/2024/e9.txt)
102110
* Certificate details (cross-signed by ISRG Root X1): [der](/certs/2024/e9-cross.der), [pem](/certs/2024/e9-cross.pem), [txt](/certs/2024/e9-cross.txt)
111+
* OID: 1.3.6.1.4.1.44947.1.2.2.7
103112
* **Let's Encrypt R14**
104113
* Subject: `O = Let's Encrypt, CN = R14`
105114
* Key type: `RSA 2048`
106115
* Valid until: 2027-03-12
107116
* CA details: [crt.sh](https://crt.sh/?caid=295818), [issued certs](https://crt.sh/?Identity=%25&iCAID=295818)
108117
* Certificate details (signed by ISRG Root X1): [der](/certs/2024/r14.der), [pem](/certs/2024/r14.pem), [txt](/certs/2024/r14.txt)
118+
* OID: 1.3.6.1.4.1.44947.1.2.1.7
109119

110120
</details>
111121

@@ -119,31 +129,37 @@ These intermediate CAs were issued in 2025, and we expect to begin issuing from
119129
* Key type: `ECDSA P-384`
120130
* Valid until: 2028-09-02
121131
* Certificate details: [der](/certs/gen-y/int-ye1.der), [pem](/certs/gen-y/int-ye1.pem), [txt](/certs/gen-y/int-ye1.txt)
132+
* OID: 1.3.6.1.4.1.44947.1.2.3.1
122133
* **Let's Encrypt YE2**
123134
* Subject: `O = Let's Encrypt, CN = YE2`
124135
* Key type: `ECDSA P-384`
125136
* Valid until: 2028-09-02
126137
* Certificate details: [der](/certs/gen-y/int-ye2.der), [pem](/certs/gen-y/int-ye2.pem), [txt](/certs/gen-y/int-ye2.txt)
138+
* OID: 1.3.6.1.4.1.44947.1.2.3.2
127139
* **Let's Encrypt YE3**
128140
* Subject: `O = Let's Encrypt, CN = YE3`
129141
* Key type: `ECDSA P-384`
130142
* Valid until: 2028-09-02
131143
* Certificate details: [der](/certs/gen-y/int-ye3.der), [pem](/certs/gen-y/int-ye3.pem), [txt](/certs/gen-y/int-ye3.txt)
144+
* OID: 1.3.6.1.4.1.44947.1.2.3.3
132145
* **Let's Encrypt YR1**
133146
* Subject: `O = Let's Encrypt, CN = YR1`
134147
* Key type: `RSA 2048`
135148
* Valid until: 2028-09-02
136149
* Certificate details: [der](/certs/gen-y/int-yr1.der), [pem](/certs/gen-y/int-yr1.pem), [txt](/certs/gen-y/int-yr1.txt)
150+
* OID: 1.3.6.1.4.1.44947.1.2.4.1
137151
* **Let's Encrypt YR2**
138152
* Subject: `O = Let's Encrypt, CN = YR2`
139153
* Key type: `RSA 2048`
140154
* Valid until: 2028-09-02
141155
* Certificate details: [der](/certs/gen-y/int-yr2.der), [pem](/certs/gen-y/int-yr2.pem), [txt](/certs/gen-y/int-yr2.txt)
156+
* OID: 1.3.6.1.4.1.44947.1.2.4.2
142157
* **Let's Encrypt YR3**
143158
* Subject: `O = Let's Encrypt, CN = YR3`
144159
* Key type: `RSA 2048`
145160
* Valid until: 2028-09-02
146161
* Certificate details: [der](/certs/gen-y/int-yr3.der), [pem](/certs/gen-y/int-yr3.pem), [txt](/certs/gen-y/int-yr3.txt)
162+
* OID: 1.3.6.1.4.1.44947.1.2.4.3
147163

148164
</details>
149165

@@ -158,52 +174,60 @@ These intermediate CAs are no longer being used to issue Subscriber certificates
158174
* Valid until: 2025-09-15
159175
* CA details: [crt.sh](https://crt.sh/?caid=183283), [issued certs](https://crt.sh/?Identity=%25&iCAID=183283)
160176
* Certificate details (signed by ISRG Root X2): [crt.sh](https://crt.sh/?id=3334671964), [der](/certs/lets-encrypt-e1.der), [pem](/certs/lets-encrypt-e1.pem), [txt](/certs/lets-encrypt-e1.txt)
177+
* OID: 1.3.6.1.4.1.44947.1.2.2.1
161178
* **Let's Encrypt E2**
162179
* Subject: `O = Let's Encrypt, CN = E2`
163180
* Key type: `ECDSA P-384`
164181
* Valid until: 2025-09-15
165182
* CA details: [crt.sh](https://crt.sh/?caid=183284), [issued certs](https://crt.sh/?Identity=%25&iCAID=183284)
166183
* Certificate details (signed by ISRG Root X2): [crt.sh](https://crt.sh/?id=3334671963), [der](/certs/lets-encrypt-e2.der), [pem](/certs/lets-encrypt-e2.pem), [txt](/certs/lets-encrypt-e2.txt)
184+
* OID: 1.3.6.1.4.1.44947.1.2.2.2
167185
* **Let's Encrypt E5**
168186
* Subject: `O = Let's Encrypt, CN = E5`
169187
* Key type: `ECDSA P-384`
170188
* Valid until: 2027-03-12
171189
* CA details: [crt.sh](https://crt.sh/?caid=295810), [issued certs](https://crt.sh/?Identity=%25&iCAID=295810)
172190
* Certificate details (signed by ISRG Root X2): [der](/certs/2024/e5.der), [pem](/certs/2024/e5.pem), [txt](/certs/2024/e5.txt)
173191
* Certificate details (cross-signed by ISRG Root X1): [der](/certs/2024/e5-cross.der), [pem](/certs/2024/e5-cross.pem), [txt](/certs/2024/e5-cross.txt)
192+
* OID: 1.3.6.1.4.1.44947.1.2.2.3
174193
* **Let's Encrypt E6**
175194
* Subject: `O = Let's Encrypt, CN = E6`
176195
* Key type: `ECDSA P-384`
177196
* Valid until: 2027-03-12
178197
* CA details: [crt.sh](https://crt.sh/?caid=295819), [issued certs](https://crt.sh/?Identity=%25&iCAID=295819)
179198
* Certificate details (signed by ISRG Root X2): [der](/certs/2024/e6.der), [pem](/certs/2024/e6.pem), [txt](/certs/2024/e6.txt)
180199
* Certificate details (cross-signed by ISRG Root X1): [der](/certs/2024/e6-cross.der), [pem](/certs/2024/e6-cross.pem), [txt](/certs/2024/e6-cross.txt)
200+
* OID: 1.3.6.1.4.1.44947.1.2.2.4
181201
* **Let's Encrypt R3**
182202
* Subject: `O = Let's Encrypt, CN = R3`
183203
* Key type: `RSA 2048`
184204
* Valid until: 2025-09-15
185205
* CA details: [crt.sh](https://crt.sh/?caid=183267), [issued certs](https://crt.sh/?Identity=%25&iCAID=183267)
186206
* Certificate details (signed by ISRG Root X1): [crt.sh](https://crt.sh/?id=3334561879), [der](/certs/lets-encrypt-r3.der), [pem](/certs/lets-encrypt-r3.pem), [txt](/certs/lets-encrypt-r3.txt)
187207
* Certificate details (cross-signed by IdenTrust): [crt.sh](https://crt.sh/?id=3479778542), [der](/certs/lets-encrypt-r3-cross-signed.der), [pem](/certs/lets-encrypt-r3-cross-signed.pem), [txt](/certs/lets-encrypt-r3-cross-signed.txt)
208+
* OID: 1.3.6.1.4.1.44947.1.2.1.1
188209
* **Let's Encrypt R4**
189210
* Subject: `O = Let's Encrypt, CN = R4`
190211
* Key type: `RSA 2048`
191212
* Valid until: 2025-09-15
192213
* CA details: [crt.sh](https://crt.sh/?caid=183268), [issued certs](https://crt.sh/?Identity=%25&iCAID=183268)
193214
* Certificate details (signed by ISRG Root X1): [crt.sh](https://crt.sh/?id=3334561877), [der](/certs/lets-encrypt-r4.der), [pem](/certs/lets-encrypt-r4.pem), [txt](/certs/lets-encrypt-r4.txt)
194215
* Certificate details (cross-signed by IdenTrust): [crt.sh](https://crt.sh/?id=3479778543), [der](/certs/lets-encrypt-r4-cross-signed.der), [pem](/certs/lets-encrypt-r4-cross-signed.pem), [txt](/certs/lets-encrypt-r4-cross-signed.txt)
216+
* OID: 1.3.6.1.4.1.44947.1.2.1.2
195217
* **Let's Encrypt R10**
196218
* Subject: `O = Let's Encrypt, CN = R10`
197219
* Key type: `RSA 2048`
198220
* Valid until: 2027-03-12
199221
* CA details: [crt.sh](https://crt.sh/?caid=295814), [issued certs](https://crt.sh/?Identity=%25&iCAID=295814)
200222
* Certificate details (signed by ISRG Root X1): [der](/certs/2024/r10.der), [pem](/certs/2024/r10.pem), [txt](/certs/2024/r10.txt)
223+
* OID: 1.3.6.1.4.1.44947.1.2.1.3
201224
* **Let's Encrypt R11**
202225
* Subject: `O = Let's Encrypt, CN = R11`
203226
* Key type: `RSA 2048`
204227
* Valid until: 2027-03-12
205228
* CA details: [crt.sh](https://crt.sh/?caid=295815), [issued certs](https://crt.sh/?Identity=%25&iCAID=295815)
206229
* Certificate details (signed by ISRG Root X1): [der](/certs/2024/r11.der), [pem](/certs/2024/r11.pem), [txt](/certs/2024/r11.txt)
230+
* OID: 1.3.6.1.4.1.44947.1.2.1.4
207231
* **Let's Encrypt Authority X1**
208232
* Subject: `O = Let's Encrypt, CN = Let's Encrypt Authority X1`
209233
* Key type: `RSA 2048`

content/en/docs/oids.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
lastmod: 2025-09-09
5+
show_lastmod: false
6+
---
7+
8+
An Object Identifier (OID) is a dotted-separated sequence of numbers used to uniquely identify various objects within the WebPKI. For example, every _extension_ within an X.509 certificate is identified by an OID, and the OID `2.5.29.15` is defined to represent the [Key Usage](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) extension. Similarly, the OID `2.23.140.1.2.1` can be placed within the body of the [Certificate Policies](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) extension to indicate that the certificate was validated according to the [CA/Browser Forum's "Domain Validated" criteria](https://github.com/cabforum/servercert/blob/main/docs/BR.md#12-document-name-and-identification).
9+
10+
This page lists the OIDs used by Let's Encrypt, documents what each OID means, and points to where we use them.
11+
12+
* **1.3.6.1.4.1.44947**: Internet Security Research Group. Parent arc for all ISRG OIDs.
13+
* 1.3.6.1.4.1.44947.**1**: Let's Encrypt. Parent arc for all LE OIDs.
14+
* 1.3.6.1.4.1.44947.1.**1**: Certificate Policies.
15+
* 1.3.6.1.4.1.44947.1.1.**1**: Domain Validated. This OID is equivalent to 2.23.140.1.2.1, the CA/BF Domain Validated Certificate Policy OID. It [used to appear in our issuing intermediates](/certs/lets-encrypt-e1.txt), but we have stopped doing so to remove redundancy and reduce certificate size.
16+
* 1.3.6.1.4.1.44947.1.**2**: Issuers. Parent arc for all "trust anchors" ([CA keypairs](/certificates)), which can be used by the [Trust Anchor Identifiers](https://datatracker.ietf.org/doc/draft-ietf-tls-trust-anchor-ids/) and [Merkle Tree Certificates](https://datatracker.ietf.org/doc/draft-davidben-tls-merkle-tree-certs/) draft standards.
17+
* 1.3.6.1.4.1.44947.1.2.**1**: ISRG Root X1
18+
* 1.3.6.1.4.1.44947.1.2.1.**1**: Let's Encrypt R3
19+
* 1.3.6.1.4.1.44947.1.2.1.**2**: Let's Encrypt R4
20+
* 1.3.6.1.4.1.44947.1.2.1.**3**: Let's Encrypt R10
21+
* 1.3.6.1.4.1.44947.1.2.1.**4**: Let's Encrypt R11
22+
* 1.3.6.1.4.1.44947.1.2.1.**5**: Let's Encrypt R12
23+
* 1.3.6.1.4.1.44947.1.2.1.**6**: Let's Encrypt R13
24+
* 1.3.6.1.4.1.44947.1.2.1.**7**: Let's Encrypt R14
25+
* 1.3.6.1.4.1.44947.1.2.**2**: ISRG Root X2
26+
* 1.3.6.1.4.1.44947.1.2.2.**1**: Let's Encrypt E1
27+
* 1.3.6.1.4.1.44947.1.2.2.**2**: Let's Encrypt E2
28+
* 1.3.6.1.4.1.44947.1.2.2.**3**: Let's Encrypt E5
29+
* 1.3.6.1.4.1.44947.1.2.2.**4**: Let's Encrypt E6
30+
* 1.3.6.1.4.1.44947.1.2.2.**5**: Let's Encrypt E7
31+
* 1.3.6.1.4.1.44947.1.2.2.**6**: Let's Encrypt E8
32+
* 1.3.6.1.4.1.44947.1.2.2.**7**: Let's Encrypt E9
33+
* 1.3.6.1.4.1.44947.1.2.**3**: ISRG Root YE
34+
* 1.3.6.1.4.1.44947.1.2.3.**1**: Let's Encrypt YE1
35+
* 1.3.6.1.4.1.44947.1.2.3.**2**: Let's Encrypt YE2
36+
* 1.3.6.1.4.1.44947.1.2.3.**3**: Let's Encrypt YE3
37+
* 1.3.6.1.4.1.44947.1.2.**4**: ISRG Root YR
38+
* 1.3.6.1.4.1.44947.1.2.4.**1**: Let's Encrypt YR1
39+
* 1.3.6.1.4.1.44947.1.2.4.**2**: Let's Encrypt YR2
40+
* 1.3.6.1.4.1.44947.1.2.4.**3**: Let's Encrypt YR3

content/es/docs/oids.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
date: 2025-09-08
5+
lastmod: 2025-09-08
6+
show_lastmod: false
7+
untranslated: 1
8+
---
9+

content/fa/docs/oids.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
title: Object Identifiers
3+
slug: oids
4+
date: 2025-09-08
5+
lastmod: 2025-09-08
6+
show_lastmod: false
7+
untranslated: 1
8+
---
9+

0 commit comments

Comments
 (0)