Repository

HiPKI CP/CPS v1.1

 • 2026-03-06 PMA approved.

HiPKI CP/CPS v1.05

 • 2025-08-25 PMA approved.
 • Add the certificate information for our newly generated CAs: CHT TrustRoot CA and CHT Trust TLS CA.

ePKI CP v2.3

 • 2025-08-18 PMA approved.

HiPKICA CPS v1.1

 • 2025-05-19 PMA approved.

HiPKICA CPS v1.0

 • 2024-08-27 approved by the Ministry of Digital Affairs, approval document number"數授產經字第1130005512號".
 • This version covers CHT PMA approved CHTCA CPS v0.97.

CHTCA CPS v1.4

 • 2026-04-21 PMA approved.

CHTCA CPS v1.3

 • 2025-10-29 approved by the Ministry of Digital Affairs, approval doc. number"數授產經字第1140010405號".
 • This version covers CHT PMA approved CHTCA CPS v1.2.

GTLSCA CPS v1.0.6

 • 2025-09-23 PMA approved.

Contract Terms of CHT TLS Service

CHT partners with GlobalSign Certificate Chain

HiPKI Root CA-G1 Self-signed Cert (RSA 4096 w/SHA-256)

 • SHA-256: f015ce3cc239bfef064be9f1d2c417e1a0264a0a94be1f0c8d121864eb6949cc
 • Serial number: 2d dd ac ce 62 97 94 a1 43 e8 b0 cd 76 6a 5e 60
 • Validity:
   Not Before: Feb 22 17:46:04 2019 (GMT+8)
   Not After: Dec 31 23:59:59 2037 (GMT+8)

HiPKI RCA-G1 Certificate Revocation List (RSA 4096 w/SHA-256)

CHT TrustRoot CA - G1 Self-signed Cert (RSA 4096 w/SHA-256)

 • SHA-256: AC0B9F8E3F88C9BA1FACA0B360B6EC3DE1E2C7BE0EB508C063649ABA02061D39
 • Serial number: 00 e9 bd 90 7d c1 35 95 cc be 59 0f a5 d3 9e 57 2a
 • Validity:
   Not Before: Aug 25 14:42:38 2025 (GMT+8)
   Not After: Aug 25 23:59:59 2040 (GMT+8)

CHT TrustRoot CA-G1 Certificate Revocation List (RSA 4096 w/SHA-256)

ePKI Root CA-G1 Self-signed Cert (RSA 4096 w/SHA-256)

 • SHA-256: c0a6f4dc63a24bfdcf54ef2a6a082a0a72de35803e2ff5ff527ae5d87206dfd5
 • Serial number: 15 c8 bd 65 47 5c af b8 97 00 5e e4 06 d2 bc 9d
 • Validity:
   Not Before: Dec 20 10:31:27 2004 (GMT+8)
   Not After: Dec 20 10:31:27 2034 (GMT+8)

eCA-G1 Certificate Revocation List (RSA 4096 w/SHA-256)

ePKI Root CA-G2 Self-signed Cert (RSA 4096 w/SHA-256)

 • SHA-256: 1e51942b84fd467bf77d1c89da241c04254dc8f3ef4c22451fe7a89978bdcd4f
 • Serial number: 00 d6 96 2e c1 0a 15 93 12 af 8f 63 bc d4 44 c9 5b
 • Validity:
   Not Before: Nov 17 16:23:42 2015 (GMT+8)
   Not After: Dec 31 23:59:59 2037 (GMT+8)

eCA-G2 Certificate Revocation List (RSA 4096 w/SHA-256)

eCA Self-issued Cert (Old with New, RSA 4096 w/SHA-256)

 • SHA-256: 72D716F7BB6BD105704F42B9524923510DCB85B2D870C0E9ADA5AEB9C969051A
 • Serial number: 00 ed b8 f4 6f 99 dd 6a 9a a7 62 3e 3f 2c 11 d0 5c
 • Validity:
   Not Before: Nov 17 16:51:35 2015 (GMT+8)
   Not After : Dec 20 10:31:27 2034 (GMT+8)

ePKI Root CA-G3 Self-signed Cert (RSA 4096 w/SHA-256)

 • SHA-256: 558fab7f4b5dff16b68ba4e40d1d3e940efa9b013350617d6f377c1724d9d421
 • Serial number: 62 37 e0 1b 9a ae 4e 4d f8 62 29 bb 44 49 7b 01
 • Validity:
   Not Before: April 30 17:42:34 2019 (GMT+8)
   Not After : Dec 31 23:59:59 2037 (GMT+8)

eCA-G3 Certificate Revocation List (RSA 4096 w/SHA-256)

ePKI Root CA-G4 Self-signed Cert (RSA 4096 w/SHA-256)

 • SHA-256: 19a2fa09332c6d8eac1393d5f30371dd8b4dd687b0e1e50a6b48ae762caba2b5
 • Serial number: 00 f6 70 f9 59 88 f4 52 05 8e 31 e1 68 86 3e fa 7a
 • Validity:
   Not Before: Nov 3 11:43:14 2022 (GMT+8)
   Not After : Nov 3 23:59:59 2047 (GMT+8)

eCA-G4 Certificate Revocation List (RSA 4096 w/SHA-256)

eCA-G1 to HiPKI RCA-G1 Cross-certified Cert (RSA 4096 w/SHA-256)

 • SHA-256: 6807C97235C5EC6090269A4B5FEDFAB46986E42F4D67D2EDDDCF6E45CF0DFA80
 • Serial number: 23 fb a6 48 36 0e 15 e9 2b a7 8a ed b6 7a 0a e5
 • Validity:
   Not Before: Dec 21 10:11:23 2023 (GMT+8)
   Not After : Dec 19 23:59:59 2034 (GMT+8)

eCA Self-issued Cert (eCA-G1 to eCA-G2, RSA 4096 w/SHA-256)

 • Add CA/Browser Forum SMIME BR CP OID
 • SHA-256: 72D716F7BB6BD105704F42B9524923510DCB85B2D870C0E9ADA5AEB9C969051A
 • Serial number: 00 ed b8 f4 6f 99 dd 6a 9a a7 62 3e 3f 2c 11 d0 5c
 • Validity:
   Not Before: Nov 17 16:51:35 2015 (GMT+8)
   Not After : Dec 20 10:31:27 2034 (GMT+8)

eCA Self-issued Cert (eCA-G1 to eCA-G2, RSA 4096 w/SHA-256)

 • Add AATL usage CP OID: 1.3.6.1.4.1.23459.100.0.9
 • SHA-256: 64717250AF8B028DD8E5C0BAE4C9142C8B103532612BC487085FD3C319F9C067
 • Serial number: 3b ee e0 91 8e 88 86 ad 46 0f e8 ae 91 0c 9c ba
 • Validity:
   Not Before: Nov 17 16:51:35 2015 (GMT+8)
   Not After : Dec 20 10:31:27 2034 (GMT+8)

eCA Self-issued Cert (eCA-G2 to eCA-G1, RSA 4096 w/SHA-256)

 • Add 3 AAL CP OIDs and remove CA/Browser Forum EV SSL CP OID
 • SHA-256: B9C974DE139F6308D74CCC423C3BC0BDED5E7AB4AD738B304B50D429C42C3D66
 • Serial number: 18 90 74 02 b0 83 ec 8b ce 19 94 de af c0 a1 d7
 • Validity:
   Not Before: Nov 17 16:51:35 2015 (GMT+8)
   Not After : Dec 20 10:31:27 2034 (GMT+8)

eCA Self-issued Cert (eCA-G1 to eCA-G2, RSA 4096 w/SHA-256)

 • Add 3 AAL CP OIDs and remove CA/Browser Forum EV SSL CP OID
 • SHA-256: 18467C4E64D586C844A44466DE5BA7A6D5969C7A92859A511C5FDAD75B03CDCE
 • Serial number: 00 af cd 8d 64 2c 62 d6 45 06 7d c8 57 fd a8 f1 5d
 • Validity:
   Not Before: Nov 17 16:51:35 2015 (GMT+8)
   Not After : Dec 20 10:31:27 2034 (GMT+8)

eCA-G2 to PublicCA-G4 Cross-certified Cert (RSA 4096 w/SHA-256)

 • SHA-256: 6F2FE4FC2596F7E0B430BE62F8893A601FE4F0E9A1CC420886AD09EB551CDC57
 • Serial number: 75 b9 09 a8 a8 b0 6b ea 54 1b 45 23 e2 e5 25 42
 • Validity:
   Not Before: Dec 13 10:30:22 2024 (GMT+8)
   Not After : Dec 31 23:59:59 2037 (GMT+8)

HiPKI OV TLS CA-G1 Cert (RSA 4096 w/SHA-256)

 • Subordinate/Intermediate CA Certificate (Chain: HiPKI RCA-G1 to HiPKI OV TLS CA-G1)
 • SHA-256: d34a5b981a85ca075db62cbac415ef659d95339040ca476868625d4aa23a9849
 • Serial number: 2b ab a2 d6 e6 80 cc a5 94 e0 48 09 af 06 5d 42
 • Validity:
   Not Before: May 18 10:51:28 2023 (GMT+8)
   Not After : Dec 31 23:59:59 2037 (GMT+8)

CHT Trust TLS CA-G1 Cert (RSA 4096 w/SHA-256)

 • Subordinate/Intermediate CA Certificate (Chain: CHT TrustRoot CA-G1 to CHT Trust TLS CA-G1)
 • SHA-256: 14E9217404AC6F4443A622F3061CF5FDF10D2C6F9448EB4A1A25026FED247311
 • Serial number: 70 9F 59 D2 91 98 94 B8 CD 84 20 5D C7 01 51 84
 • Validity:
   Not Before: March 12 10:53:09 2026 (GMT+8)
   Not After : March 10 23:59:59 2029 (GMT+8)

PublicCA-G2 Cert (RSA 2048 w/SHA-256)

 • Subordinate/Intermediate CA Certificate (Chain: eCA-G2 to PublicCA-G2)
 • SHA-256: dae3434f696fc9f0f652e1b2a6f69b5e9273d09f43bd3bdd4717d6141f8cd2c2
 • Serial number: 14 35 96 f2 44 1a 71 67 98 3f fc 95 97 41 9b 53
 • Validity:
   Not Before: Dec 11 16:51:59 2014 (GMT+8)
   Not After : Dec 11 16:51:59 2034 (GMT+8)

PublicCA-G3 Cert (RSA 2048 w/SHA-256)

 • Subordinate/Intermediate CA Certificate (Chain: eCA-G3 to PublicCA-G3)
 • SHA-256: b0f1f7c7df837bdf88825a444444e4815da7e0899728a07ae8767d5f65b50995
 • Serial number: 00 88 c1 80 7b a0 ab b6 2e 1f 49 a4 2a 02 8b e4 3e
 • Validity:
   Not Before: Apr 30 17:52:26 2019 (GMT+8)
   Not After : Dec 31 23:59:59 2037 (GMT+8)

PublicCA-G4 Cert (RSA 4096 w/SHA-256)

 • Subordinate/Intermediate CA Certificate (Chain: eCA-G4 to PublicCA-G4)
 • SHA-256: 8faf35aa59ebb971fb4fc6131dd9c2da41c18421c86fdec274606ec31ebe5436
 • Serial number: 29 1c 0c 63 c0 17 2b b1 25 9f 5a 42 5a af 24 e3
 • Validity:
   Not Before: Nov 3 11:54:17 2022 (GMT+8)
   Not After : Nov 3 23:59:59 2042 (GMT+8)

HiPKI OV TLS CA-G1 CRL (RSA 4096 w/SHA-256)

CHT Trust TLS CA-G1 CRL (RSA 4096 w/SHA-256)

eTSCA-G1 Cert (RSA 4096 w/SHA-256)

 • Subordinate/Intermediate CA Certificate (Chain: eCA-G2 to eTSCA-G1)
 • SHA-256: DA31293D659781C69E0085C732A2811DB50E5CC576909149B80A98A9B0F93FD9
 • Serial number: 00 b2 14 37 d0 d6 7c 63 87 48 44 f8 46 1c 5f 4b 54
 • Validity:
   Not Before: Oct 18 02:50:29 2019 (GMT+8)
   Not After : Dec 30 00:00:00 2037 (GMT+8)

2025 CHT TrustRoot CA - G1 & CHT Trust TLS CA - G1 POT Report

2025 CHT TrustRoot CA - G1 & CHT Trust TLS CA - G1 PIT Report

2025 CHT TrustRoot CA - G1 Key Generation Witness Report

2025 (WebTrust for CA + WebTrust for CA-SSL BR + WebTrust for CA-S/MIME + WebTrust for CA-Network Security)

2024 (WebTrust for CA+WebTrust for CA-SSL BR + WebTrust for CA-S/MIME + WebTrust for CA-Network Security)

2023 (WebTrust for CA + WebTrust for CA-SSL BR)

2022 (WebTrust for CA + WebTrust for CA-SSL BR)

2021 (WebTrust for CA + WebTrust for CA-SSL BR)

2020 (WebTrust for CA + WebTrust for CA-SSL BR + WebTrust for CA-EV SSL)

2019 (WebTrust for CA + WebTrust for CA-SSL BR)

Test Website URLs disclosed to CCADB

Guideline for Certificate Problem Report