Trust Services
LMAX Trust Services have been established by LMAX
Group ("LMAX") to enable reliable and secure identity authentication, and to facilitate the preservation of
confidentiality and integrity of data in electronic transactions across LMAX assets.
Certificate Authorities are compliant with the latest version of the CA/Browser Forum Baseline Requirements for
the Issuance and Management of Publicly-Trusted Certificates, and are operated in accordance with the practices
described in the Certification Practice Statement (CPS) below.
| Name | Key Pair | Signature Algorithm | Valid Until | Links |
|---|---|---|---|---|
| LMAX Root Authority R1 | RSA-4096 | RSA | SHA-256 | 22 Jun 2042 | DERPEM CRL |
| LMAX Trust Services CA R1 | RSA-2048 | RSA | SHA-256 | 22 Jun 2037 | DER PEM CRLOCSP Bundle |
| LMAX Root Authority E1 | ECC-384 | ECDSA | SHA-384 | 22 Jun 2042 | DER PEM CRL |
| LMAX Trust Services CA X1 | ECC-256 | ECDSA | SHA-384 | 22 Jun 2037 | DERPEMCRLOCSP Bundle Trust Test Revoked Test |
| DigiCert Global Root G3 | ECC-384 | ECDSA | SHA-384 | 15 Jan 2038 | DER PEM CRL |
| LMAX Trust Services CA X2 | ECC-256 | ECDSA | SHA-384 | 29 Jun 2037 | DERPEM CRL OCSPBundle |
| DigiCert Assured ID Root G2 | RSA-2048 | RSA | SHA-256 | 15 Jan 2038 | DER PEM CRL |
| LMAX Trust Services CA R2 | RSA-2048 | RSA | SHA-256 | 16 Aug 2037 | DERPEM CRL OCSPBundle |
| [ Post-Quantum ] | (experimental, not in CPS scope) | |||
| LMAX Trust Services CA PQC D1 | CRYSTALS-Dilithium R3-1952 | ML-DSA | SHAKE-256 | 10 Feb 2034 | Bundle |
| Name | Serial # and Hash Details |
|---|---|
| LMAX Root Authority R1 | Serial: 07:88:f8:6c:c1:21:40:1d:ae:57:9b:ef:3b:07:a2:de
SHA-256: 650f525821ca7523760f42085531f61ec24a2dfebb6b1b7e89305d728f1007c4 SPKI SHA-256: 14d575344037af22f0d1027d6bd667f3176131d2fdad604cdd0a9a384eaffacb |
| LMAX Root Authority E1 | Serial: 1a:a3:f4:78:45:6a:9f:9c:df:59:c7:d0:04:c5:25:16
SHA-256: d92980e5d968dfe63e30e5feb41423b818246257bd1fb9da3fac187b82d37001 SPKI SHA-256: 6e265b68a206f28dda382dc587c5f25a6d8228794c3c7f7aa55b9774b605bb45 |
| DigiCert Global Root G3 | Serial: 05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72
SHA-256: 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 SPKI SHA-256: b94c198300cec5c057ad0727b70bbe91816992256439a7b32f4598119dda9c97 |
| DigiCert Assured ID Root G2 | Serial: 0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b
SHA-256: 7d05ebb682339f8c9451ee094eebfefa7953a114edb2f44949452fab7d2fc185 SPKI SHA-256: f1c6ba670cfc88e4df52973cae420f0a089dd474144fe5806c420064e1591229 |
| LMAX Trust Services CA R1 | Serial: 6c:dd:d6:aa:c1:10:57:ae:cf:f0:f0:ba:94:fb:82:bc
SHA-256: 50d1d12ba1c3cca548a7ca030420e1a864caeafcf17bb452bf1be2a35bf874e4 SPKI SHA-256: f3ac8c3c97f020a55a97a599407e971e0da017ccda03e5aa54ad6f107095c113 |
| LMAX Trust Services CA X2 | Serial: 05:4b:93:ef:7f:cc:6e:f0:d2:f6:96:b4:26:d0:0f:06
SHA-256: adbf61297bc10f2c4150f26e6a94da024da60854ab5dcaced1c8486456838735 SPKI SHA-256: 8cf3476534b397ba7f9c6b10bd2cdab11348bb5b20af53dc43eafbf0050c1dba |
| LMAX Trust Services CA X1 | Serial: 76:68:66:13:8d:44:d2:9f:01:ca:eb:f2:df:31:90:5f
SHA-256: 1352d27c0e4169202d03139b90a4640ef2e45d1ebdba5b1d7d45901c26bec15c SPKI SHA-256: 4043ded1d02c83120cd1df7708eac11c7acb0d2645ba4dbd4edb1ab39474a740 |
| LMAX Trust Services CA PQC D1 | Serial: 2e:70:2a:0f:78:9c:64:7f:ba:a4:60:da:33:3f:76:2e:04:b9:cd:a8
SHA-256: 60bc43c2d956f3ce42cd6166cc96f4bf2b25009d1da6d8d7dc8869b863760644 |
The CPS is divided into nine components that cover security controls, practices and procedures in line with PKIX RFC 3647.
LMAX Trust Services CP/CPS v1.6(current)
LMAX
Trust Services CP/CPS v1.5
To report a security incident related to LMAX
certificates, including private key compromise or certificate misuse,
please follow the steps outlined in the
CPS or email pki@lmax.com.
To be published when available.
