• Home
• knowledge-base
• Where can I find the most up to date SSL certificates for CDRouter's ACS and download server?

CDRouter TR-069 includes a number of different ACS and ACS download server certificate files which can be used for SSL/TLS testing. All certificates are distributed in .pem format and are located in the /usr/cdrouter/tests directory on the CDRouter host system.

Sectigo/Comodo Signed Server Certificates (CDRouter 11.8 and Later)

The ACS and ACS download server certificates that were initially shipped with with CDRouter 10.6 expired in March of 2020.

The current ACS and ACS download server certificates expire in March of 2022 and were initially shipped with CDRouter 11.8 MR1 Note that these certificates are signed by Sectigo (formerly Comodo) and that the default domain name has been changed from qacafe.com to cdroutertest.com.

Sectigo Root CA

The Sectigo AddTrust External CA Root required to validate CDRouter’s ACS and ACS download server certificates expired in May of 2020. This root CA has been replaced in CDRouter 12.1 with the new Sectigo USERTrust RSA CA that expires in January of 2038.

Note that the old Sectigo root CA used SHA1 with RSA encryption. The new root CA uses SHA384 with RSA encryption.

For more information on the Sectigo Chain Hierarchy and Intermediate Roots, please see this page.

Current ACS and download server certificates

The most up to date certificates for CDRouter’s ACS and ACS download server can be found in the following table. This certificate chain uses SHA384 with RSA encryption.

Intermediate chain for legacy devices

Legacy devices may not support SHA384 with RSA encryption. For these devices an alternate Intermediate and Root CA using SHA1 with RSA encryption is available in the following table: