Repository / Certificate Revocation List
Hongkong Post Repository
"Repository", as defined under the Electronic Transactions Ordinance, means an information system for storing and retrieving certificates and other information relevant to certificates. Hongkong Post maintains a repository that contains a list of accepted certificates issued under the Certification Practice Statement (CPS), together with the current certificate revocation list. Hongkong Post promptly publishes each certificate in the repository following receipt of the Applicant's confirmation of acceptance of the certificate.
- View any accepted certificate, or through LDAP at ldap://ldap1.eCert.gov.hk
Hongkong Post Certification Revocation List (CRL)
Under normal circumstances, Hongkong Post will publish the latest CRL as soon as possible after the update time mentioned below. Hongkong Post may need to change the updating and publishing schedule of the CRL without prior notice if such changes are considered to be necessary under unforeseeable circumstances.
Certification Revocation List supported by "Hongkong Post e-Cert CA 2 - 15", "Hongkong Post e-Cert CA 2 - 17", "Hongkong Post e-Cert CA 2 - 19", "Hongkong Post e-Cert SSL CA 3 - 17" and "Hongkong Post e-Cert EV SSL CA 3 - 17"
Hongkong Post updates and publishes the following Certificate Revocation Lists (CRLs) containing information of e-Certs suspended or revoked under this CPS 3 times daily at 09:15, 14:15 and 19:00 Hong Kong Time (i.e. 01:15, 06:15 and 11:00 Greenwich Mean Time (GMT or UTC)):
- Partitioned
CRLs that contain Information of suspended
or revoked certificates in groups. Each
of the partitioned CRLs is available for
public access at the following locations
(URLs):
- e-Cert (Personal):
http://crl1.eCert.gov.hk/crl/eCertCA2-17CRL1_<xxxxx>.crl which are partitioned CRLs issued by Sub CA "Hongkong Post e-Cert CA 2 - 17" where <xxxxx> is a string of five alphanumeric characters. (For certificates issued before 1 July 2019, URL of CRL Distribution Point is http://crl1.hongkongpost.gov.hk/crl/eCertCA2-17CRL1_<xxxxx>.crl) - e-Cert (Personal) with MR Status:
http://crl1.eCert.gov.hk/crl/eCertCA2-15CRL1_<xxxxx>.crl which are partitioned CRLs issued by Sub CA "Hongkong Post e-Cert CA 2 - 15" where <xxxxx> is a string of five alphanumeric characters. (For certificates issued before 1 July 2019, URL of CRL Distribution Point is http://crl1.hongkongpost.gov.hk/crl/eCertCA2-15CRL1_<xxxxx>.crl) - e-Cert (Organisational), e-Cert (Encipherment):
http://crl1.eCert.gov.hk/crl/eCertCA2-17CRL2.crl which is partitioned CRL issued by Sub CA "Hongkong Post e-Cert CA 2 - 17" (For certificates issued before 1 July 2019, URL of CRL Distribution Point is http://crl1.hongkongpost.gov.hk/crl/eCertCA2-17CRL2.crl) - e-Cert (Organisational) with MR Status:
http://crl1.eCert.gov.hk/crl/eCertCA2-15CRL2.crl which is partitioned CRL issued by Sub CA "Hongkong Post e-Cert CA 2 - 15" (For certificates issued before 1 July 2019, URL of CRL Distribution Point is http://crl1.hongkongpost.gov.hk/crl/eCertCA2-15CRL2.crl) - e-Cert (Server):
The information of suspended or revoked e-Cert (Server) certificates will only be published in the full CRL. - e-Cert (Organisational Role):
http://crl1.eCert.gov.hk/crl/eCertCA2-15CRL2.crl which is partitioned CRL issued by Sub CA "Hongkong Post e-Cert CA 2 - 15" (For certificates issued before 1 July 2019, URL of CRL Distribution Point is http://crl1.hongkongpost.gov.hk/crl/eCertCA2-15CRL2.crl) - Bank-Cert (Personal):
http://crl1.eCert.gov.hk/crl/eCertCA2-15CRL1_<xxxxx>.crl which are partitioned CRLs issued by Sub CA "Hongkong Post e-Cert CA 2 - 15" where <xxxxx> is a string of five alphanumeric characters. (For certificates issued before 1 July 2019, URL of CRL Distribution Point is http://crl1.hongkongpost.gov.hk/crl/eCertCA2-15CRL1_<xxxxx>.crl) - Bank-Cert (Corporate), Bank-Cert (Bank):
http://crl1.eCert.gov.hk/crl/eCertCA2-15CRL2.crl which is partitioned CRL issued by Sub CA "Hongkong Post e-Cert CA 2 - 15" (For certificates issued before 1 July 2019, URL of CRL Distribution Point is http://crl1.hongkongpost.gov.hk/crl/eCertCA2-15CRL2.crl) - g-Cert (Individual), g-Cert (Functional Unit):
http://crl1.eCert.gov.hk/crl/eCertCA2-17CRL2.crl which is partitioned CRL issued by Sub CA "Hongkong Post e-Cert CA 2 - 17" - iAM Smart-Cert:
http://crl1.eCert.gov.hk/crl/eCertCA2-19CRL1_<xxxxx>.crl which are partitioned CRLs issued by Sub CA "Hongkong Post e-Cert CA 2 - 19" where <xxxxx> is a string of five alphanumeric characters.
- e-Cert (Personal):
-
Full CRLs that contain Information of all suspended or revoked certificates are available at the following locations:
- Certificates issued by Sub CA "Hongkong Post e-Cert CA 2 - 15":
http://crl1.eCert.gov.hk/crl/eCertCA2-15CRL1.crl or
ldap://ldap1.eCert.gov.hk (port 389, cn=Hongkong Post e-Cert CA 2 - 15 CRL1, o=Hongkong Post, c=HK) - Certificates issued by Sub CA "Hongkong Post e-Cert CA 2 - 17":
http://crl1.eCert.gov.hk/crl/eCertCA2-17CRL1.crl or
ldap://ldap1.eCert.gov.hk (port 389, cn=Hongkong Post e-Cert CA 2 - 17 CRL1, o=Hongkong Post, c=HK) - Certificates issued by Sub CA "Hongkong Post e-Cert CA 2 - 19":
http://crl1.eCert.gov.hk/crl/eCertCA2-19CRL1.crl or
ldap://ldap1.eCert.gov.hk (port 389, cn=Hongkong Post e-Cert CA 2 - 19 CRL1, o=Hongkong Post, c=HK) - Certificates issued by Sub CA "Hongkong Post e-Cert SSL CA 3 - 17":
http://crl1.eCert.gov.hk/crl/eCertSCA3-17CRL1.crl or
ldap://ldap1.eCert.gov.hk (port 389, cn=Hongkong Post e-Cert SSL CA 3 - 17 CRL1, o=Hongkong Post, c=HK) - Certificates issued by Sub CA "Hongkong Post e-Cert EV SSL CA 3 - 17":
http://crl1.eCert.gov.hk/crl/eCertESCA3-17CRL1.crl or
ldap://ldap1.eCert.gov.hk (port 389, cn=Hongkong Post e-Cert EV SSL CA 3 - 17 CRL1, o=Hongkong Post, c=HK)
- Certificates issued by Sub CA "Hongkong Post e-Cert CA 2 - 15":
- Download previously generated CRL issued by the Sub CA
"Hongkong Post e-Cert CA 2 - 15" (from 7 December 2015 onwards) - Download previously generated CRL issued by the Sub CA
"Hongkong Post e-Cert CA 2 - 17" (from 1 February 2019 onwards) - Download previously generated CRL issued by the Sub CA
"Hongkong Post e-Cert CA 2 - 19" (from 7 October 2020 onwards) - Download previously generated CRL issued by the Sub CA
"Hongkong Post e-Cert SSL CA 3 - 17" (from 1 April 2019 onwards) - Download previously generated CRL issued by the Sub CA
"Hongkong Post e-Cert EV SSL CA 3 - 17" (from 21 January 2022 onwards)
To view the CRL profile, please see Appendix C of the corresponding CPS.
Certificate Revocation List supported by Expired "Hongkong Post Root CA 1"
The Root CA "Hongkong Post Root CA 1" has ceased to issue Recognized Certificates with effect from 1 July 2019, and it expired on 15 May 2023.
The last full CRL and partitioned CRLs were issued at 09:15 on 15 May 2023 (Hong Kong Time) and the ARL was issued at 10:41 on 11 November 2022 (Hong Kong Time) at the following links and no further update is provided afterwards:
- Full CRL:
- Certificates issued by Sub CA "Hongkong Post e-Cert CA 1 - 10":
- http://crl1.hongkongpost.gov.hk/crl/eCertCA1-10CRL1.crl or
- ldap://ldap1.hongkongpost.gov.hk (port 389, cn=Hongkong Post e-Cert CA 1 - 10 CRL1, o=Hongkong Post, c=HK)
- Certificates issued by Sub CA "Hongkong Post e-Cert CA 1 - 14":
- http://crl1.hongkongpost.gov.hk/crl/eCertCA1-14CRL1.crl or
- ldap://ldap1.hongkongpost.gov.hk (port 389, cn=Hongkong Post e-Cert CA 1 - 14 CRL1, o=Hongkong Post, c=HK)
- Certificates issued by Sub CA "Hongkong Post e-Cert CA 1 - 15":
- http://crl1.hongkongpost.gov.hk/crl/eCertCA1-15CRL1.crl or
- ldap://ldap1.hongkongpost.gov.hk (port 389, cn=Hongkong Post e-Cert CA 1 - 15 CRL1, o=Hongkong Post, c=HK)
- Certificates issued by Sub CA "Hongkong Post e-Cert CA 1 - 10":
- Partitioned CRL:
- e-Cert (Personal):
http://crl1.hongkongpost.gov.hk/crl/eCertCA1-10CRL1_<xxxxx>.crl which are partitioned CRLs issued by Sub CA "Hongkong Post e-Cert CA 1 - 10" where <xxxxx> is a string of five alphanumeric characters. - e-Cert (Personal) with MR Status:
http://crl1.hongkongpost.gov.hk/crl/eCertCA1-10CRL1_<xxxxx>.crl which are partitioned CRLs issued by Sub CA "Hongkong Post e-Cert CA 1 - 10" where <xxxxx> is a string of five alphanumeric characters. - e-Cert (Organisational), e-Cert (Encipherment):
http://crl1.hongkongpost.gov.hk/crl/eCertCA1-10CRL2.crl which is partitioned CRL issued by Sub CA "Hongkong Post e-Cert CA 1 - 10" - e-Cert (Organisational) with MR Status:
http://crl1.hongkongpost.gov.hk/crl/eCertCA1-10CRL2.crl which is partitioned CRL issued by Sub CA "Hongkong Post e-Cert CA 1 - 10" - e-Cert (Organisational Role):
http://crl1.hongkongpost.gov.hk/crl/eCertCA1-10CRL2.crl which is partitioned CRL issued by Sub CA "Hongkong Post e-Cert CA 1 - 10"
- e-Cert (Personal):
- ARL:
- http://crl1.hongkongpost.gov.hk/crl/RootCA1ARL.crl
- ldap://ldap1.hongkongpost.gov.hk (port 389, cn=Hongkong Post Root CA 1, o=Hongkong Post, c=HK)
- Download previously generated CRL issued by the Sub CA "Hongkong Post e-Cert CA 1 - 10" (from 26 February 2010 to 15 May 2023)
- Download previously generated CRL issued by the Sub CA "Hongkong Post e-Cert CA 1 - 14" (from 1 January 2015 to 15 May 2023)
- Download previously generated CRL issued by the Sub CA "Hongkong Post e-Cert CA 1 - 15" (from 1 September 2015 to 15 May 2023)
Certificate Revocation List supported by Expired "Hongkong Post e-Cert CA 1"
The Sub CA "Hongkong Post e-Cert CA 1" has ceased to issue Recognized Certificates with effect from 26 February 2010, and it expired on 15 May 2013.
The last full CRL and partitioned CRLs were issued at 14:15 on 15 May 2013 (Hong Kong Time) at the following links and no further update is provided afterwards:
- Full CRL:
- http://crl1.hongkongpost.gov.hk/crl/eCertCA1CRL1.crl or
- ldap://ldap1.hongkongpost.gov.hk (port 389, cn=Hongkong Post e-Cert CA 1 CRL1, o=Hongkong Post, c=HK)
- Partitioned CRLs:
- http://crl1.hongkongpost.gov.hk/crl/eCertCA1CRL2.crl
- http://crl1.hongkongpost.gov.hk/crl/eCertCA1CRL1_<xxxxx>.crl
where <xxxxx> is a string of five alphanumeric characters. - ldap://ldap1.hongkongpost.gov.hk (port 389, cn=Hongkong Post e-Cert CA 1 CRL2, o=Hongkong Post, c=HK)
To view the CRL profile, please see Appendix C of the corresponding CPS.
Certificate Revocation List supported by retired "Hongkong Post e-Cert CA"
Before 31 March 2005, such CRLs were updated 3 times daily at 09:15, 14:15 and 19:00 Hong Kong Time (i.e. 01:15, 06:15 and 11:00 GMT). On 31 March 2005, Hongkong Post has ceased to issue CRLs under the Sub CA "Hongkong Post e-Cert CA" (relevant information). The last CRL is at http://crl1.hongkongpost.gov.hk/crl/eCert.crl.
Hongkong Post Authority Revocation List (ARL)
Authority Revocation List supported by "Hongkong Post Root CA 2" and "Hongkong Post Root CA 3"
Hongkong Post updates and publishes Authority Revocation List (ARL) that contains information of suspended or revoked Sub CA certificates. The ARL supported by "Hongkong Post Root CA 2" and "Hongkong Post Root CA 3" has a validity period of 1 year. Hongkong Post will update and publish the ARL before its expiry or when necessary. The latest ARL is available at the following locations:-
- Hongkong Post Root CA 2 :
- http://crl1.eCert.gov.hk/crl/RootCA2ARL.crl or
- ldap://ldap1.eCert.gov.hk
(port 389, cn=Hongkong Post Root CA 2, o=Hongkong Post, c=HK)
- Hongkong Post Root CA 3 :
- http://crl1.eCert.gov.hk/crl/RootCA3ARL.crl or
- ldap://ldap1.eCert.gov.hk
(port 389, cn=Hongkong Post Root CA 3, o=Hongkong Post, c=HK)