Shell PKI Trust Services

If you use web components (either clients or servers) that do not already have these certificates, you can update these components by downloading the root certificates provided below.

​The different root certificates are used for different purposes as described below. If you are not sure which one you need, you can import all of them or contact our Center of Excellence.

​​Current Documents

These documents will only be available to shell internal staff. For others pls contact GXITSOSOMETISGPKI-CMS-EKMSServiceManagement@shell.com


 Certificate Policy ​(last update 08/2023)

​Shell's Internal Type 1 Certificate Policy​​

Type1 Shell Certificate Policy.pdf

Shell's Internal Type 2 Certificate Policy​​​


Type2 Shell Certificate Policy.pdf

 

Certificate Practice Statement (last update 08/2023)

​​Shell's Internal Type 1 Certification Practice Statement​​

Type1 Shell Certificate Practice Statement.pdf

Shell's Internal Type 2 Certification Practice Statement​​

Type2 Shell Certificate Practice Statement.pdf

 

Certification Authorities

The following certificate authorities are operated according to the practices described in the above CPS.

Distinguished Names are represented using the algorithm recommended in RFC 4514.​​

The Shell Private Type 1 Root CA provides a SHA2 compatible Public Key Infrastructure, whereas the Shell Private Type 2 Root CA provides a SHA1 Legacy compatible PKI.​

Root CA's

Distinguished Name

​SHA-256 Hash of Subject Public Key Information (Thumbprint)

Valid till

​Self-Signed Certificate​

CN=Shell
Private Type 1
Root CA,
OU=Shell
Information
Technology
International,
O=Royal Dutch
Shell, L=The
Hague, C=NL​

ccf95dc68af9cf28105254e30c9a653ecff541b8​​​

June ‎5, ‎2038

Shell Private Type 1 Root CA.p7b

CN=Shell
Private Type 2
Root CA,
OU=Shell
Information
Technology
International,
O=Royal Dutch
Shell, L=The
Hague, C=NL​

79376c0bfa31d323def5b0edad1675ab3e2bf2c0​​

June ‎5, ‎2038

Shell Private Type 2 Root CA.p7b

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Subordinate Issuing CAs (published March 2023; valid until 2028)

Distinguished Name

SHA-256 Hash of Subject Public Key Information (Previous CA hash)

SHA-256 Hash of Subject Public Key Information (Thumbprint)

Valid till

Trust Anchor Info.

Shell Private Type 1 AM Primary Issuing CA

f8b3758ffe162bae31ba5c45ef9f192d5ce3c3e0

de1e2ae67321e40376c8abdcf06f3b1a39a9d74e

March ‎8, ‎2028

​​​​​​​​​


​ ​​​Shell Private Type 1 Intermediate CAs.p7b

Shell Private Type 1 AM Secondary Issuing CA

65e4e08abf653ae234cb39f786a44a2dccacbf68

67873c0563f1f64b1ae6ef8a3c4d2ffebc3e4282

‎March ‎8, ‎2028

Shell Private Type 1 AM Issuing CA 3

 eebf02ba54a86307f55fad6c55b4353bbd7255ef

794dc0484af9fc5c0e1ab6d64bf555957a896e63

‎March ‎8, ‎2028

Shell Private Type 1 AP Primary Issuing CA

c8ce027afdcedfeb38604feabcb8d44d542339ad

d54ff0a9a003a7c5dcb92211792e148aa8881fc2

‎March ‎8, ‎2028

Shell Private Type 1 AP Secondary Issuing CA

acb47a2ff54683d8123513bdae302663944404c7

b49c9ccc351ab7eafc2e0efb953b0579dea252c0

‎March ‎8, ‎2028

Shell Private Type 1 AP Issuing CA 3

 08ed4a49aa9330e03a81786abd5eb79434365101

b99e9d5f2a41660ec0335ed29683b5e7e70f29d6

March ‎8, ‎2028

Shell Private Type 1 EU Primary Issuing CA

c315301bffe4a4dd03e2c79698790695af5f49fb

81cb6b79832bcdf53ad91bf71b256bebc24c7141

March ‎8, ‎2028

Shell Private Type 1 EU Secondary Issuing CA

969cf8aff6322813e64b64782b955b7fd49152eb

d70182ba5b30bf6622caa84806e674afba0ae7ca

March ‎8, ‎2028

Shell Private Type 1 EU Issuing CA 3

1bd8634bb811836d7707814116cebde45b60f5c7

8402c47a1d58280bec241a66e1c0eebe16bcba27

March ‎8, ‎2028

Shell Private Type 1 EU FAAS Issuing CA

1a3f66aa9b590e4cc8f134eaa1102c9848a270cf

964da0c426eee141601e4f7d4cc0fd8bb321a846

March ‎8, ‎2028

Shell Private Type 2 AM Primary Issuing CA

701826397c8b86724372caef0f119c6a6c7e27c1

7df2a9b3b4a1dd16e74a794459d0b85f60ddae84

March ‎8, ‎2028

​​


Shell Private Type 2 Intermediate CAs.p7b
​ ​

Shell Private Type 2 AP Primary Issuing CA

6ddc20a6f9b95aecdbad17db1d64071715f5e037

883a288c29d13e8ab9beaabeca9eaf927b951e41

March ‎8, ‎2028

Shell Private Type 2 EU Primary Issuing CA

65c2cfe7de98c2162ebf998c2befea48b4c523d4

50bcb640491b3323c466702ca64313a86debf1e7

March ‎8, ‎2028

 

All CAs

If you prefer to download all the Shell Private Internal PKI CA’s, then please access the file below:

Shell PKI.p7b

 

Cross Certificates

 Currently no active Cross Signing certs with the CA listed above as Subject.


Externally Operated Subordinate CAs

The Subordinate IOT

Distinguished Name

SHA-256 Hash of Subject Public Key Information (Previous CA hash)

Valid till

SHA-256 Hash of Subject Public Key Information (Thumbprint)

​​Shell Private Type 1 IOT CA

C7A6C5A34E0C5CC04F589D3A1C37D55EF8B6A302

‎August ‎24, ‎2025

F902D38F5E19A8AA2F1F97F951EC61A8307248CD

 

Requests and Problem Reporting

Problem Reporting
Reports of problems with certificates issued by Shell Internal PKI may be submitted by emailing. All reports need to include sufficient detail to identify the specific certificates in question and the problem being reported.


Revocation Requests
Subscribers may request revocation of their own certificates by completing All reports need to include sufficient detail to identify the specific certificates to be revoked.​

Certificate Management Services - Service Portal (shell.com)