phimath PKI

The phimath PKI consists of multiple layers of certification authorities.

phimath Root CA

The Root CA is an offline certification authority. Being separated from any network allows for maximum protection of the private keys and all issued subordinate certification authorities.

Because issued certificates are usually valid for at least one year, the Root CA does not have an Online Certificate Status Protocol (OCSP) Responder.

phimath Intermediate CA

The Intermediate CA is an online certification authority. It issues certificates for all principals (i.e. users, webservers, computers, etc.) in the domains phimath.de and phimath.local, including all subdomains.

In contrast to the Root CA, the Intermediate CA does have an Online Certificate Status Protocol (OCSP) Responder. You can access the OCSP Responder at http(s)://pki.phimath.de/ocsp.

phimath Network Issuing CA

This Intermediate CA is an online certification authority. It issues certificates for all members of the network infrastructure. This includes IPSec server and client certificates.


This is a list of end-entity certificates relevant to external parties: