Shell PKI Trust Services

If you use web components (either clients or servers) that do not already have these certificates, you can update these components by downloading the root certificates provided below.

​The different root certificates are used for different purposes as described below. If you are not sure which one you need, you can import all of them or contact our Center of Excellence.

​​Current Documents

These documents will only be available to shell internal staff. For others pls contact GXITSOSOMETISGPKI-CMS-EKMSServiceManagement@shell.com


 Certificate Policy ​(last update 01/2025)

​Shell's Internal Certificate Policy​​

Shell Certificate Policy.pdf

 

Certificate Practice Statement (last update 01/2025)

​​Shell's Internal Type 1 Certification Practice Statement​​

Type1 Shell Certificate Practice Statement.pdf

Shell's Internal Type 2 Certification Practice Statement​​

Type2 Shell Certificate Practice Statement.pdf

 

Certification Authorities

The following certificate authorities are operated according to the practices described in the above CPS.

Distinguished Names are represented using the algorithm recommended in RFC 4514.​​

The Shell Private Type 1 Root CA provides a SHA2 compatible Public Key Infrastructure, whereas the Shell Private Type 2 Root CA provides a SHA1 Legacy compatible PKI.​

Root CA's

Distinguished Name

​SHA-256 Hash of Subject Public Key Information (Thumbprint)

Valid till

​Self-Signed Certificate​

CN=Shell
Private Type 1
Root CA,
OU=Shell
Information
Technology
International,
O=Royal Dutch
Shell, L=The
Hague, C=NL​

ccf95dc68af9cf28105254e30c9a653ecff541b8​​​

June ‎5, ‎2038

Shell Private Type 1 Root CA.p7b

CN=Shell
Private Type 2
Root CA,
OU=Shell
Information
Technology
International,
O=Royal Dutch
Shell, L=The
Hague, C=NL​

79376c0bfa31d323def5b0edad1675ab3e2bf2c0​​

June ‎5, ‎2038

Shell Private Type 2 Root CA.p7b

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Subordinate Issuing CAs (published October 2025; valid until 2030)

 

Distinguished Name

SHA-256 Hash of Subject Public Key Information (Previous CA hash)

SHA-256 Hash of Subject Public Key Information (Thumbprint)

Valid till

Trust Anchor Info.

Shell Private Type 1 AM Primary Issuing CA

de1e2ae67321e40376c8abdcf06f3b1a39a9d74e

b97aadbaebec897a9df730091cc5ffeb8c61661d

‎October ‎16, ‎2030

 

 

 

 

 

 

 

 

​​​Shell Private Type 1 Intermediate CAs.p7b

Shell Private Type 1 AM Secondary Issuing CA

67873c0563f1f64b1ae6ef8a3c4d2ffebc3e4282

193d132e526c2dd3a75bc703ce6e3183d29fae11

‎October ‎16, ‎2030

Shell Private Type 1 AM Issuing CA 3

 794dc0484af9fc5c0e1ab6d64bf555957a896e63

bcfac48158d9ad477d36ab3ab48f47b290f7c6d8

‎October ‎16, ‎2030

Shell Private Type 1 AP Primary Issuing CA

d54ff0a9a003a7c5dcb92211792e148aa8881fc2

d4afbea35390bfd0e10fd58af93cac8b1ad6c422

‎October ‎16, ‎2030

Shell Private Type 1 AP Secondary Issuing CA

b49c9ccc351ab7eafc2e0efb953b0579dea252c0

9cdbb9dd183159fa24ec6565521d45d24f806255

‎October ‎16, ‎2030

Shell Private Type 1 AP Issuing CA 3

 b99e9d5f2a41660ec0335ed29683b5e7e70f29d6

0a2b52092ccfc4cf0288ff9d2c9086df3d929ced

October ‎16, ‎2030

Shell Private Type 1 EU Primary Issuing CA

81cb6b79832bcdf53ad91bf71b256bebc24c7141

521f7831bb869b3ddf5d52cda541c778513f4b91

October ‎16, ‎2030

Shell Private Type 1 EU Secondary Issuing CA

d70182ba5b30bf6622caa84806e674afba0ae7ca

63ac3d011424a820666f8f7c5db4a77413627dba

October ‎16, ‎2030

Shell Private Type 1 EU Issuing CA 3

8402c47a1d58280bec241a66e1c0eebe16bcba27

8d8b024abfe2a097d19d6c0016ab40eade914993

October ‎16, ‎2030

Shell Private Type 1 EU FAAS Issuing CA

964da0c426eee141601e4f7d4cc0fd8bb321a846

12b726d1bd78d5b8e4220afdd99e9778248b504b

October ‎16, ‎2030

Shell Private Type 2 AM Primary Issuing CA

7df2a9b3b4a1dd16e74a794459d0b85f60ddae84

3ccc4a52964b1f34a4860b3dd0af03e0dc5d8da3

October ‎16, ‎2030

 

Shell Private Type 2 Intermediate CAs.p7b
​ ​

Shell Private Type 2 AP Primary Issuing CA

883a288c29d13e8ab9beaabeca9eaf927b951e41

68defae4fe8d78106666b7dd91eb8b9c2322f192

October ‎16, ‎2030

Shell Private Type 2 EU Primary Issuing CA

50bcb640491b3323c466702ca64313a86debf1e7

80c5066975d779c12cb492317bbcf4f58a8fd056

October ‎16, ‎2030

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

All CAs

If you prefer to download all the Shell Private Internal PKI CA’s, then please access the file below:

Shell PKI.p7b

 

Cross Certificates

Currently no active Cross Signing certs with the CA listed above as Subject.


Externally Operated Subordinate CAs

The Subordinate IOT

Distinguished Name

SHA-256 Hash of Subject Public Key Information (Previous CA hash)

Valid till

SHA-256 Hash of Subject Public Key Information (Thumbprint)

​​Shell Private Type 1 IOT CA

4A0C2BEC97AFF32491EABDDE5D3BCBD274377187

‎August ‎18, ‎2027

D100F9003EAEC1CE8276DE703591A5F7D377FE1E

 

Requests and Problem Reporting

Problem Reporting
Reports of problems with certificates issued by Shell Internal PKI may be submitted by emailing. All reports need to include sufficient detail to identify the specific certificates in question and the problem being reported.


Revocation Requests
Subscribers may request revocation of their own certificates by completing All reports need to include sufficient detail to identify the specific certificates to be revoked.​

Certificate Management Services - Service Portal (shell.com)