CSAIL has three certificate authorities: one top-level ("root", "trusted") CA signs the certificates of two intermediate CAs, which then sign the certificates of clients and servers. For Web browsers, email clients, and other client software, you may need only the top-level CA, or you may need only the intermediate CAs, depending on the program and version. For servers, you will need all three certificates; choose the format appropriate for your SSL/TLS library.
|CSAIL Master CA v2||PEM (ASCII-armored, for OpenSSL)|
|CSAIL Master CA v2||DER (binary, for Windows and all browsers)|
|CSAIL Client CA||PEM (ASCII-armored, for OpenSSL)|
|CSAIL Client CA||DER (binary, for Windows and all browsers)|