EAIT Internal CA

Used for signing smartcard authentication certificates and constrained intermediates in the Faculty of EAIT.

AD CS intermediates are constrained (using X.509 NameConstraints) to only signing Computer certificates for Windows workstations and servers in the relevant domain. These are used primarily for RDP access, and enforced by rdp.eait.uq.edu.au.

We also have an ACME intermediate, similarly constrained, with directory URL https://acme.eait.uq.edu.au/acme/acme/directory, which can sign certificates for non-Windows workstations.

Root CA certificates (X.509)

• EAIT Internal CA

Intermediate CA certificates (X.509)

• ACME
  • EAIT ACME CA G1
  • EAIT Database CA G1
• LABS AD CS (.labs.eait.uq.edu.au)
  • labs-LILY-CA
  • labs-LILAC-CA
  • labs-LAVENDER-CA
• EAIT AD CS (.eait.uq.edu.au)
  • eait-PEACH-CA
  • eait-PEAR-CA
  • eait-PAWPAW-CA

Certificate revocation lists (CRLs)

Signed every 2-4 weeks.

• Root CAs
  • EAIT Internal CA: http://ca.eait.uq.edu.au/crl/internal
• ACME
  • EAIT ACME CA G1: http://ca.eait.uq.edu.au/crl/EAIT-ACME-CA-G1
  • EAIT Database CA G1: http://ca.eait.uq.edu.au/crl/EAIT-Database-CA-G1
• LABS AD CS
  • labs-LILY-CA: http://ca.eait.uq.edu.au/crl/labs-LILY-CA
  • labs-LILAC-CA: http://ca.eait.uq.edu.au/crl/labs-LILAC-CA
  • labs-LAVENDER-CA: http://ca.eait.uq.edu.au/crl/labs-LAVENDER-CA
• EAIT AD CS
  • eait-PEACH-CA: http://ca.eait.uq.edu.au/crl/eait-PEACH-CA
  • eait-PEAR-CA: http://ca.eait.uq.edu.au/crl/eait-PEAR-CA
  • eait-PAWPAW-CA: http://ca.eait.uq.edu.au/crl/eait-PAWPAW-CA

AD CS CRLs are also available in LDAP for machines which are members of the domain.