Administrative Subpoena Signature Resources

All CISA administrative subpoenas will be signed with a cryptographic digital signature by an authorized CISA representative.

The following information is provided as a resource for subpoena recipients.


CISA administrative subpoenas will be signed using the Department of Homeland Security public key infrastructure. The latest DHS certificate revocation list and DHS CA certificates are posted on the Treasury Department’s CRL’s and Certificates page

Hashes/Thumbprints of Authorized Representatives’ X.509 Certificates

The table below contains X.509 certificate hash values that can be used to help determine whether the subpoena signature, once verified, was provided by an authorized representative of CISA.

Authorized Representative Validity Period

Hash Algorithm

X.509 Certificate Hash Value

April 26, 2021

to Current

SHA1 (Thumbprint)

3F FC 19 C6 54 AF CC CB 48 C0 30 13 76 FE 23 FB 7F 5F 22 24


2E 75 C4 7B 65 87 13 5B 81 6F A2 79 6C 56 A4 CB 59 80 C4 0A 5D 61 77 64 EF 84 48 6E 1E 2C 11 2A

Authorized Representative Validity Period – The authorized representative validity period is the time period during which the CISA representative is authorized to sign CISA administrative subpoenas.  This time period is different from the signer’s certificate validity period.

Hash Algorithm – CISA is providing both the SHA1 and SHA256 hash values for each X.509 certificate. Either hash value can be used to compare with the hash value of the signature in the received subpoena; however, using the SHA256 hash is recommended.* 

X.509 Certificate Hash Value – Hash value of an authorized signer’s X.509 certificate.

* The National Institute of Standards and Technology (NIST) has directed federal agencies to stop using the SHA1 algorithm ( due to potential for cryptographic collisions.  CISA is providing SHA1 values for the convenience of organizations unable to obtain the preferred SHA256 values.

Was this webpage helpful?  Yes  |  Somewhat  |  No