DST Root CA X3
E556221
DST Root CA X3 is a widely trusted root certificate authority operated by IdenTrust that historically provided the cross-signed trust anchor enabling broad browser compatibility for Let’s Encrypt certificates.
All labels observed (1)
| Label | Occurrences |
|---|---|
| DST Root CA X3 canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T5919749 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: DST Root CA X3 Context triple: [Let’s Encrypt, previouslyCrossSignedBy, DST Root CA X3]
-
A.
Let’s Encrypt
Let’s Encrypt is a free, automated, and open certificate authority that provides TLS/SSL certificates to enable secure HTTPS connections for websites worldwide.
-
B.
VeriSign
VeriSign is an American technology company best known for operating key internet infrastructure, including managing the .com and .net top-level domains and providing critical DNS and security services.
-
C.
X.509 certificates
X.509 certificates are digital documents that bind a public key to an entity’s identity using a trusted certificate authority, forming the basis of public key infrastructure for secure communications.
-
D.
DNSSEC root key signing ceremony
The DNSSEC root key signing ceremony is a highly controlled, regularly scheduled cryptographic event where trusted personnel generate and manage the root cryptographic keys that secure the global Domain Name System.
-
E.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: DST Root CA X3 Target entity description: DST Root CA X3 is a widely trusted root certificate authority operated by IdenTrust that historically provided the cross-signed trust anchor enabling broad browser compatibility for Let’s Encrypt certificates.
-
A.
Let’s Encrypt
Let’s Encrypt is a free, automated, and open certificate authority that provides TLS/SSL certificates to enable secure HTTPS connections for websites worldwide.
-
B.
VeriSign
VeriSign is an American technology company best known for operating key internet infrastructure, including managing the .com and .net top-level domains and providing critical DNS and security services.
-
C.
X.509 certificates
X.509 certificates are digital documents that bind a public key to an entity’s identity using a trusted certificate authority, forming the basis of public key infrastructure for secure communications.
-
D.
DNSSEC root key signing ceremony
The DNSSEC root key signing ceremony is a highly controlled, regularly scheduled cryptographic event where trusted personnel generate and manage the root cryptographic keys that secure the global Domain Name System.
-
E.
DNSSEC
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
- F. None of above. chosen
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
X.509 public key certificate
ⓘ
root certificate authority ⓘ |
| associatedWith | IdenTrust Commercial Root CA 1 NERFINISHED ⓘ |
| basicConstraints | CA:TRUE ⓘ |
| belongsToPKI | public Web PKI ⓘ |
| commonName | DST Root CA X3 NERFINISHED ⓘ |
| country | US NERFINISHED ⓘ |
| enabledBroadBrowserCompatibilityFor | Let’s Encrypt certificates ⓘ |
| fingerprintSHA1 | DAC9024F54D8F6DF94935FB1732638CA6AD77C13 ⓘ |
| fingerprintSHA256 | 0687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11B6C61F81C5 ⓘ |
| historicalSignificance | enabled early wide deployment of free HTTPS via Let’s Encrypt ⓘ |
| includedIn |
Android root store
NERFINISHED
ⓘ
Apple root store NERFINISHED ⓘ Microsoft root store NERFINISHED ⓘ Mozilla root store NERFINISHED ⓘ |
| isExpired | true ⓘ |
| issuer | Digital Signature Trust Co. NERFINISHED ⓘ |
| isTrustAnchorFor |
Let’s Encrypt Authority X1 (via cross-signing chain)
NERFINISHED
ⓘ
Let’s Encrypt Authority X3 NERFINISHED ⓘ |
| keyIdentifier | C4A7B1A47B2C71F0 ⓘ |
| keySize | 2048-bit ⓘ |
| keyUsage |
CRL Sign
ⓘ
Certificate Sign ⓘ |
| notAfter | 2021-09-30T14:01:15Z ⓘ |
| notBefore | 2000-09-30T21:12:19Z ⓘ |
| operator | IdenTrust NERFINISHED ⓘ |
| organization | Digital Signature Trust Co. NERFINISHED ⓘ |
| pathLenConstraint | none ⓘ |
| providedCrossSignedTrustFor | Let’s Encrypt certificates NERFINISHED ⓘ |
| publicKeyAlgorithm | RSA ⓘ |
| replacedBy | ISRG Root X1 (for Let’s Encrypt trust) NERFINISHED ⓘ |
| role | legacy trust anchor for Let’s Encrypt ⓘ |
| selfSigned | true ⓘ |
| serialNumber | 44AFB080D6A327BA893039862EF8406B ⓘ |
| signatureAlgorithm | sha1WithRSAEncryption ⓘ |
| standard | X.509 NERFINISHED ⓘ |
| statusAfterExpiry | no longer recommended as active trust anchor ⓘ |
| subjectName | CN=DST Root CA X3, O=Digital Signature Trust Co. NERFINISHED ⓘ |
| trustedBy |
major operating systems
ⓘ
major web browsers ⓘ mobile device platforms ⓘ |
| usedFor |
S/MIME trust chain
ⓘ
TLS server authentication trust chain ⓘ code signing trust chain ⓘ |
| validityPeriodEnd | 2021-09-30 ⓘ |
| version | V3 ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: DST Root CA X3 Description of subject: DST Root CA X3 is a widely trusted root certificate authority operated by IdenTrust that historically provided the cross-signed trust anchor enabling broad browser compatibility for Let’s Encrypt certificates.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.