Do not import the root certificates into your browser/system keychain from this site.
Only use the revocation and chain provided below; the actual certificates are just for reference.
This certificate is only used to sign intermediate CA certificates and is valid for ten years. This certificate is already installed on all machines including employee laptops.
This certificate is used to sign individual certificates for services and users. Its validity period is much shorter (one year) and will be renewed on a regular basis. End-users do not need to update anything provided that the chain below is properly included in all certificates.