Certificates

Afnic supports secured communication via SSL (Secure Sockets Layer). Here is the list of necessary certificates as well as the zone signing keys (DNSSEC) for the ccTLDs we operate :

 

Certificates

 

Certificat KEYNECTIS EV :


Pour les sites suivants :

 

On our institutional website :
Certificate RAPIDSSL sha-2 signature wildcard.afnic.fr :

 

Until 29/05/2017 at 12:00 pm (UTC+2) on our institutional website and our FTP servers and our EPP server .nic.fr :


Certificate RAPIDSSL sha-2 signature wildcard.nic.fr :

 

Starting 29/05/2017 at 12:00 pm (UTC+2) on our institutional website and our FTP servers and our EPP server .nic.fr :


Certificate RAPIDSSL sha-2 signature wildcard.nic.fr :

 

Certificate epp.sandbox.fr :

 

Zone signing keys (DNSSEC)

 

Algorithm

  • KSK:
    • Size 2048 bits
    • Algorithm RSA/SHA2 (256)
    • Lifetime 2 years
  • ZSK:
    • Size 1024 bits
    • Algorithm RSA/SHA2 (256)
    • Lifetime 3 months

Denial of existence signature:

  • NSEC3 + opt-out :
    • Salt 32 bits
    • 2 iterations

Signature lifetime: 2 months

TTL: 2 days

 

 

.fr

KSK active

fr. 172800 IN DNSKEY 257 3 8 AwEAAa2sILZ4XD/QqobSU6NKFRzXwBV3OpHn21LWcGgz84+g9emlizfjWv51lwsERFSgK+AqmKpYegptTY/PQJrgrCAvOEoQBZi3WvnjZFmMvqnZpeFlymIAiRgfAsHdF+Nxo/5eItUoJv3YjquFXcSQXpZJz5w6S/I2n+7W44GuWv3AiNuVJNG6qsy7sEZRc2SpOgM8RPtAQpwcA+YHPuMdIdbaO7BEzlnmUN6bOSguVRz1SQR6+5xcLciZ264+whSTKtOyfjLvrrbTyZtXu8s++5xJkDQ8U/yUpBbtNaUVtlKeLFTeAd8K6xd3ggAR2qLvUMp2XZYBBKF7Lfwn6fcEq6E= ; key id = 20122

 

KSK retired

fr. 172800 IN DNSKEY 257 3 8 AwEAAYz/bZVFyefKTiBBFW/aJcWX3IWHc8iI7Wi01mcZNHGC+w5EszmtHcsK/ggIu+V7lnJlHcamTNstxnSl4DAzN2Mgzux7sqd7Jlqa+BtRoI9MO3l2yi+qE6WIViUS0U3atm+l1SQsAgkyXlYBN52Up1jsVZ+FNt+kKGKzvIMo8/qM3mCYxkLhazj+q4Bg7bH+yNhHOaZ5KAiFO++8wZJK2rwrh2Yd5LP+smStJoij42sYALLA9WPdeiSaoxpbjmpYBUQAoDUYdqLnRWOnQds0O1EO5h1PXGSIt9feZpwNbPzTfHL80q2SI1A7qRzfZ6BzA2jZU4BLCv2YhKCcWo3kfbU= ; key id = 1336

 

.pm

KSK active

pm. 172800 IN DNSKEY 257 3 8 AwEAAaCt6kLkkn3v5klnWtG8l0O0soRAsO5a8TE6DDiQ+vxB6TVi1WEpKMTKCiYTP5YGbfCvW6ALV0bju1Ut2BEhwNjZ8lzbqNxj5q+3h7P82V6GOOW5zxT/IXa9eG5CmKHqCLTseyB7nT5sox8DCG/8TWlIPbdRuA+L4fISbZLpKwyJZjE+oI8U3EjXWL0RODw/hW4WK5gI/tEXL7sLd3VGDQkxka6pcvcMppQOgptzlbITAIVq2N2zS5wHrQVUelRE6v3xQgOdCcE2qaoCE8sDzxEhLGkBX1VBZR3AbtI/qr4z6ry7wfeZaHtfwc3kzzR96kgc25lBjFuwXOSohYBvKyk= ; key id = 35911

 

KSK retired

pm. 172800 IN DNSKEY 257 3 8 AwEAAd8wbkPI7Gp8ppA3KeIEa4QTUvKePdiDzyJ8TWbUTITqwhiC6/PliRI4xtCbeYU282di0k9BkSmHa8CglAZ8RZfujBUmXUYbaoTc1UEAWAsoRWdeniLxPkzt3rdcA6mnUP2IZADzB+nO2WPtd75sHYKSsUkNkNI9ilXTR/0LwKjuRLlt1wQXYUnIdcf9xttPpiSwKkJ+o9TTOSM5i4tqd69d9I3/eTg9wHy7v/zEEQxwM/hEFSfQY4UCX7kt0d0zkXXfMEf8lbuLa3tzgPBhm25q5jJGr2q9m6zlfOhZHb+yYGBrWdSMXYmOx0xB2zgwyr42aY85Z2T6IS6brrJlU8c= ; key id = 41402

 

.re

KSK active

re. 172800 IN DNSKEY 257 3 8 AwEAAajCmbZgQHhdh2O2CNV4akXVEraLgnTRWeK4HxIxDGlP7stUIip5E8ND08TCFea6JcHklmR6mShrTYEMmVAAB5+qFBDbTSKzpUdYHWnTl+4QyxX5WG3OWRXseaaKBnFw44fnRLCiUCnBmUK0Hdy71nWgQfY/378YSFpCAiRbNOX38LSHDVR+eZFjIw3mdL4i0JqVZL8bEwaaFEivw2Oavfeuy+wCg1VcTxLP5+YS9wLbeNvF4G0SzF/qZ8YOPQIywA6MwDjHSWF9eL0iceVBBlDpiGZp20QodzP2Pe3g4VRBmObUGEu1n4e1TEomytTfxAe7xpmsK9dmYpYXRB4edhk= ; key id = 45706

 

KSK retired

re. 172800 IN DNSKEY 257 3 8 AwEAAas6fZYYjQUXbU/ws6pLxIi4cv0pZgbeVZvA5+NXhE6E52of0OAIQSH2FJtdf/2Jje4iNJ64y47s0RiyoOE3Zmzpf0A2tsVQvDvB7JWHUUWL/HDGNVRK1G5kM4LKSA68YCGaH2xjoYe43IwONsoJU9veAP6udBv6J1iW3emidh4FGXWYyuxFdMmjEBlvknvj2X5CdNg8zPP6S65jRu4hBraksNLgnOKOCnmwVMJGLOk/XlyqJ9sLqOBedt2nKItmIa5rK/4g8/EGW4gAclmbjB8uDJlg2rMH83y91ImxJXPM0po1xH7eJ7HY3Rlt+XIm8Cx09DGV+WCTfsxjJ9j6s10= ; key id = 18007

 

.tf

KSK active

tf. 172800 IN DNSKEY 257 3 8 AwEAAbH0b4xwN9jO2zG3mAW39gEhvPIO65+irqzKl6mAIJUZ1vBB7d2NV+6MouvlOwsiLIa9+GGX4O2anaE1FifGWlRk5yyjG0wby+8wMTsVTyWpI/K6ZdmXcYHRUURUwMNINEw0poYVRf0RYcE4OqiUAzR/qoSnSx6vgl4kMtKwqduSs9XaooZDzNV5VB5qyylngU+E5bDURjAIlaXUUzc4C47iBUDowSyPpMEuipifdBVxK3HLcqxHgVAxJROa+IOGoOV+FFAg689X/90HImM6hQpVk+YV/fYojyNYSl0HLs0QkcwflZ3ai13aBdD3ClqA5oD1iGyv3IF5HLgy7mZGevk= ; key id = 13684

 

KSK retired

tf. 172800 IN DNSKEY 257 3 8 AwEAAdztV8QQzRW+Ba3Oyb8dWJvMOLLgHko0P9nhIPr1nSpFz9sH9kDx25Bu3UYBzNzZraKOwhDhOsbCXtipXQnkRPslL/jTpE9TDEr2oRq49S0zMtfp83IoeIp2Mftloso4y9TkGKsIMx7EbJghKjPQbg0aiLTrLay7BCbMHXfhZIIR7wRrf3zMZkM1SowDXDNc0l3Eqo66whTMrC908b8OwWHYGwlhLpmYsSBm4uS0BWN51ADAty/1XzxtsRgsRmUt18HqzmYF0csDMtEpNOoDn3Bolvb0w7G9ec/aLI7k4kdNErS9/SNBYHL0ATrK872RwCjBsldjTeKVxmEchBTjxns= ; key id = 6502

 

.yt

KSK active

yt. 172800 IN DNSKEY 257 3 8 AwEAAcz2FEmENtqAiUtYNj7pSkq4EIM31ZqngSfpCZFOLaiEMlNofQfntniZSMX8YUsm/Fkque7eZsQROQJZhZzHdPIWICWzVoOLZcy5R7O/q7oyQOFAym8+3MoIRjuiEcheN/3jkhSy3iEwj/xZqTQLy+PdESO5LLuy/i/0otLS+V0ZXkeVWe5lRRFpHPNjrXEvX0nnhsNQbbFovwYXNjVV9xtL9IpHviysb2NUAcRrNF2XZAVmcxe1PZswUR5KePCSKxn0BGSjkH8mIIQb3chfllbMNOlnESwaP2rF6B9Yeq+HkzsYIzhXggeflF2r2zq3hiaVJrzyE76pm0YxFjarjxc= ; key id = 18257

 

KSK retired

yt. 172800 IN DNSKEY 257 3 8 AwEAAYeVz2JeaNdQ464sAvF3x9g+88rsiZIB6GBK6kgeGE54SR4Zmsr4hUBqdHUgnrCZgJYwx72Bo0RlIiUDVY0/jc+DB8RZOhandC8cQ8GvVuOdmzPuNj1yxWFpLc81Gh0/hWM2rXcpj6f8IZAwDsyxufOksiNF2jo53DA61IXw7beIC6nM6jzuNXkJK+BuJL4MHVnAAH+Tpix4hXZ7MfbSzjDYOsx2Obh7szKCHZmUUODuA/WxJacCqCYjPvWeHoOeXOLNTHzi2EqOpekfMPDwMX4fMOtT4JmEtrtPmLjYrl+5qj8G33GrTsWb30Si8vWu2nRU2W8fsPC5wYQbMvjzShE= ; key id = 23161

 

.wf

KSK active

wf. 172800 IN DNSKEY 257 3 8 AwEAAYrb71Sqbsm5UtoS6TlUeG7Y54ysvkIVzYYDbpJMELO3d47kc1Gn7ifwp/X+UsLqHhO59lxbuk+klYXHZGiuzZPVLmhhe6W/1w35iTQapaeLNFtsmhtk9PGPJJXJ/D8J0TINJHBm+m4L29u6THlvbwcu0p2gFblbARAc5etJ7kgz9AWHeycnEUOVlLLS32QmCyzb1ml2vbpFGQUteV0NPVDKiA6X1MTa1yHFm4K3zCTPM7LaqqO7YoT/V+C0s37BaPezyW9ZgGfOyWUbsm7vZQZOidZrk8I1+UmJLw3glSKB/mzcxVk4efaRY7vGDV61zLBSjEsxMAHVyMCcUIfbcvE= ; key id = 14407

 

KSK retired

wf. 172800 IN DNSKEY 257 3 8 AwEAAZoHyG/1LMw7ru1jf0mVRLp/jp6UQYlf6JAGZssk3V1s45ymRkLJDkdNAgDNl77qZAwGQhppIRjgQPtsRS2dx7q3PgrLImS27WglOUeSeMoR+V62+37T/YRt0O3icOWr+befzwX6GrsXtX+jGcnEVJze69iKfXFemNsln0XVsFB7qdtdqiqPvt8P2iaMduCV/m18IGE87DwrelR7eH/3cPjIvJE4JVEf/Uh11qoeu2q3i5TJWQxrdmP3kJswi+TJ+vYyBXV5Riq13me5ushJwVJqDXIz1+4j0A2SQJ+cI+qXZmGIrJ4A0YkNNX+H5rbYPgYvzl7CSW9TgaVVFO82Yo0= ; key id = 47327