Root & Intermediate CA Certificates

Download Hong Kong Certification Authority (HKCA) Root and Intermediate Certification Authority (CA) certificates, token management tools, and other supporting resources to ensure proper system integration and trusted certificate validation.​​

🛠️

Management Tools

Secure Token Manager (e-Token)

The Secure Token Manager (e‑Token) is software designed for subscribers who store their HKCA Digital Certificates on a Secure USB Token (e‑Token), such as Personal “Mutual Recognition” and Organisational “Mutual Recognition” certificates.​ ​ This tool allows subscribers to:​ View certificate details stored on the e‑Token​ Change or update the e‑Token PIN securely​ ​ It helps ensure safe and convenient management of digital certificates stored on hardware tokens.

Download Token Manager - Windows Download Token Manager - macOS
🛡️

Root & Intermediate CA Certificates

Every digital certificate issued by the Hong Kong Certification Authority (HKCA) is signed by an Intermediate Certification Authority (CA), which is in turn signed by an HKCA Root CA. Together, these certificates form a chain of trust that allows systems to verify the authenticity of HKCA‑issued certificates.​ ​ To ensure that your browser, application, or system recognises and trusts HKCA digital certificates, you may need to install the appropriate Root CA and Intermediate CA certificates.

HKCA Root CA 1

This Root CA certificate is valid from 2025 to 2050. It is used to verify the "HKCA d-Cert CA 1 - 25" and "HKCA d-Cert CA 1 - 25A" intermediate certificates.

Download HKCA Root CA 1 Installation Guide

HKCA Root CA 2

This Root CA certificate is valid from 2025 to 2050. It is used to verify the "HKCA d-Cert DV SSL CA 2 - 25", "HKCA d-Cert OV SSL CA 2 - 25" and "HKCA d-Cert EV SSL CA 2 - 25" intermediate certificates.

Download HKCA Root CA 2

HKCA d-Cert CA 1 – 25

This intermediate certificate is used to sign HKCA d-Cert Personal, Organisational, and Encipherment Certificates. The "Issuer" field will show "HKCA d-Cert CA 1 - 25".

Download HKCA d-Cert CA 1 - 25 Installation Guide

HKCA d-Cert CA 1 – 25A

This intermediate certificate is used to sign HKCA Personal, Organisational, and Encipherment Certificates. The "Issuer" field will show "HKCA d-Cert CA 1 - 25A".

Download HKCA d-Cert CA 1 - 25A

HKCA d-Cert EV SSL CA 2 – 25

This intermediate certificate is used to sign all HKCA EV Server Certificates. The "Issuer" field of your certificate will show "HKCA d-Cert EV SSL CA 2 - 25".

Download HKCA d-Cert EV SSL CA 2 - 25
📦

Archived & Expired Certificates

These certificates are no longer active because they have expired or been replaced by newer certificates. They are provided for reference, record‑keeping, and validation purposes only and should not be used for new or active transactions.

Note: You may need Acrobat Reader to view and print PDF files.