Auth0 Managed Certificates for Custom Domains

Problem statement

We have a few questions about custom domains with Auth0-managed certificates.

Solution

How long are the certificates valid?

The certificate is valid for three months.

Are the certificates Extended Validation?

The certificates issued by Auth0 are not Extended Validation (EV) certificates. Auth0 uses standard Domain Validated (DV) certificates.

Are they “wildcard” certs or specific?

The certificates issued by Auth0 are specific to the custom domain they are issued for. They are not wildcard certificates.

What is the Root CA and Issuing CA for these Certificates?

The Root CA is ISRG Root X1, and the Issuer is LetsEncrypt. You can read more about our latest changes here: Introduction of Additional Certificate Authorities.

Also, to determine the Root CA and Issuing CA of a domain, you can follow these steps:

  1. Open the website in your web browser.
  2. Click the padlock icon (usually in the address bar) to view the website’s security information.
  3. Click “Certificate” or “Certificate Information” to view the website’s SSL/TLS certificate.
  4. Look for the “Issuer” or “Issued By” field in the certificate information. This will show the name of the Issuing CA that issued the certificate.
  5. Look for the “Root” or “Root CA” field in the certificate information. This will show the name of the Root CA that issued the certificate for the Issuing CA.

Alternatively, you can use online tools like SSL Checker to check the certificate details of a domain, including the Root CA and Issuing CA.