Where can I find the most up to date SSL certificates for CDRouter's ACS and download server?
CDRouter TR-069 includes a number of different ACS and ACS download server
certificate files which can be used for SSL/TLS testing. All certificates are
distributed in .pem format and are located in the /usr/cdrouter/tests
directory on the CDRouter host system.
Sectigo Signed Server Certificates
The ACS and ACS download server certificates used in CDRouter are valid for one year and expire every year in January or early February.
Updated server certificates will be included in new versions of CDRouter when
available. If you are using an older version of CDRouter with expired
certificates, you may download the current valid certificates below and copy
them to the /usr/cdrouter/tests directory, overwriting the existing ones, on
your CDRouter system.
Current ACS and download server certificates
The most up to date certificates for CDRouter’s ACS and ACS download server can be found in the following table. This certificate chain uses SHA384 with RSA encryption.
| Certificate Type | Signature Algorithm | File | Expiration Date |
|---|---|---|---|
| ACS server certificate | rsa (SHA256) | acs.cdroutertest.com.pem | February 5, 2027 |
| Download server certificate | rsa (SHA256) | acs-download.cdroutertest.com.pem | February 5, 2027 |
| Intermediate and cross-signed Root CA | rsa (SHA384) | acs.cdroutertest.com-ca.pem | March 21, 2036 |
| Root CA (legacy) | rsa (SHA384) | acs.cdroutertest.com-rootca.pem | January 18, 2038 |
**Note: In June 2025, Sectigo released a new Root CA and Intermediate signing CA, which was used to sign both the ACS and Download server certificates. The cross-signed Root CA is included for backward compatibility in case the TR-069 agent only has access to the previous Root CA.
In the above table, the full chain will potentially be a length of four (4) when being validated on the agent device. The Server certificate, the Intermediate CA certificate, the cross-signed Root CA, and the legacy Root CA.**
