TeliaSonera Server Certificate Policy and Certification Practice Statement

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "TeliaSonera Server Certificate Policy and Certification Practice Statement"

Transcription

1 TeliaSonera Server Certificate Policy and Certification Practice Statement v.1.4 TeliaSonera Server Certificate Policy and Certification Practice Statement CA name Validation OID TeliaSonera Server CA v1 OV TeliaSonera Server CA v2 TeliaSonera Extended Validation SSL CA v1 EV Revision Date: 16 th November 2015 Version: 1.4 Published by: TeliaSonera

2 TeliaSonera Server Certificate CP and CPS No part of this document may be reproduced, modified or distributed in any form or by any means, in whole or in part, or stored in a database or retrieval system, without prior written permission of TeliaSonera. However, permission generally applies for reproducing and disseminating this CPS in its entirety provided that this is at no charge and that no information in the document is added to, removed or changed. Page II

3 TeliaSonera Server Certificate CP and CPS Table of Contents Table of Contents...III Revision History... VII 1 INTRODUCTION Overview Document name and identification PKI participants Certification authorities Registration authorities Subscribers Relying parties Other participants Certificate usage Appropriate certificate uses Prohibited certificate uses Policy administration Organization administering the document Contact person Person determining CPS suitability for the policy CPS approval procedures Definitions and acronyms PUBLICATION AND REPOSITORY RESPONSIBILITIES Repositories CPS Repository Revocation Information Repository Certificate Repository Publication of certification information Time or frequency of publication Access controls on repositories IDENTIFICATION AND AUTHENTICATION Naming Types of names Need for names to be meaningful Anonymity or pseudonymity of Subscribers Rules for interpreting various name forms Uniqueness of names Recognition, authentication, and role of trademarks Initial identity validation Method to prove possession of private key Authentication of organization identity Authentication of individual identity Non-verified Subscriber information Validation of authority Criteria for interoperation Identification and authentication for re-key requests Identification and authentication for routine re-key Identification and authentication for re-key after revocation Identification and authentication for revocation request CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS Certificate Application Who can submit a certificate application Enrollment process and responsibilities Certificate application processing Performing identification and authentication functions Approval or rejection of certificate applications Page 3

4 TeliaSonera Server Certificate CP and CPS Time to process certificate applications Certificate Authority Authorization (CAA) Certificate issuance CA actions during certificate issuance Notification to Subscriber by the CA of issuance of certificate Certificate acceptance Conduct constituting certificate acceptance Publication of the certificate by the CA Notification of certificate issuance by the CA to other entities Key pair and certificate usage Subscriber private key and certificate usage Relying party public key and certificate usage Certificate renewal Circumstance for certificate renewal Who may request renewal Processing certificate renewal requests Notification of new certificate issuance to Subscriber Conduct constituting acceptance of a renewal certificate Publication of the renewal certificate by the CA Notification of certificate issuance by the CA to other entities Certificate re-key Certificate modification Certificate revocation and suspension Circumstances for revocation Who can request revocation Procedure for revocation request Revocation request grace period Time within which CA must process the revocation request Revocation checking requirement for relying parties CRL issuance frequency Maximum latency for CRLs On-line revocation/status checking availability On-line revocation checking requirements Other forms of revocation advertisements available Special requirements regarding key compromise Circumstances for suspension Who can request suspension Procedure for suspension request Limits on suspension period Certificate status services Operational characteristics Service availability Optional features End of subscription Key escrow and recovery Key escrow and recovery policy and practices Session key encapsulation and recovery policy and practices FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS TECHNICAL SECURITY CONTROLS Key pair generation and installation Key pair generation Private key delivery to Subscriber Public key delivery to certificate issuer CA public key delivery to relying parties Key sizes Public key parameters generation and quality checking Key usage purposes (as per X.509 v3 key usage field) Private key protection and cryptographic module engineering controls Cryptographic module standards and controls Private key (n out of m) multi-person control Page 4

5 TeliaSonera Server Certificate CP and CPS Private key escrow Private key backup Private key archival Private key transfer into or from a cryptographic module Private key storage on cryptographic module Method of activating private key Method of deactivating private key Method of destroying private key Cryptographic module rating Other aspects of key pair management Public key archival Certificate operational periods and key pair usage periods Activation data Activation data generation and installation Activation data protection Other aspects of activation data CERTIFICATE, CRL, AND OCSP PROFILES Certificate profile Version number(s) Certificate extensions Algorithm object identifiers Name forms Name constraints Certificate policy object identifier Usage of Policy Constraints extension Policy qualifiers syntax and semantics Processing semantics for the critical Certificate Policies extension CRL profile Version number(s) CRL and CRL entry extensions OCSP profile Version number(s) OCSP extensions COMPLIANCE AUDIT AND OTHER ASSESSMENTS Frequency or circumstances of assessment Identity/qualifications of assessor Assessor's relationship to assessed entity Topics covered by assessment Actions taken as a result of deficiency Communication of results OTHER BUSINESS AND LEGAL MATTERS Fees Certificate issuance or renewal fees Certificate access fees Revocation or status information access fees Fees for other services Refund policy Financial responsibility Confidentiality of business information Privacy of personal information Intellectual property rights Representations and warranties Disclaimers of warranties Limitations of liability Indemnities Term and termination Term Termination Page 5

6 TeliaSonera Server Certificate CP and CPS Effect of termination and survival Individual notices and communications with participants Amendments Procedure for amendment Notification mechanism and period See Circumstances under which OID must be changed Dispute resolution provisions Governing law Compliance with applicable law Miscellaneous provisions Other provisions...35 ACRONYMS...36 DEFINITIONS...37 Page 6

7 Revision History Version Version date Change Author th June 2012 The first official version TeliaSonera CA Policy Management team th September 2012 Fixed minor errors in references TeliaSonera CA Policy Management team st December 2012 Added OCSP support, In validation a call back to technical contact person is an option, Fixed AIA extension description, Mandatory 2048 bit RSA key length TeliaSonera CA Policy Management team rd May 2013 Geographical definition to Server Certificates, Suspension no more used, small technical fixes 1.2 3rd April 2014 All Subject fields except O and OU will refer to registered O location. Small fixes and clarifications th April 2015 Extended Validation (EV) certificate processes were included, TeliaSonera Server CA v2 added, CA must understand all extensions in 3.2.4, validity max limited to 3y, OCSP specification rewritten, small clarifications in many places, fixed contact details th November 2015 Clarifications mainly to EV processes, Revocation link added, CAA record handling TeliaSonera CA Policy Management team TeliaSonera CA Policy Management team TeliaSonera CA Policy Management team TeliaSonera CA Policy Management team Page 7

8 1 INTRODUCTION 1.1 Overview A Certification Practice Statement (CPS) is a Certification Authority s (CA) description of the practices it follows when issuing certificates. The purpose of this CPS is to describe the procedures that the TeliaSonera Server CA v1-2 and TeliaSonera Extended Validation SSL CA v1 use when issuing certificates, and that all Registration Authorities, Subscribers and Relying Parties shall follow in connection with these certificates. This CPS describes the procedures and routines which apply when registering and completing a certificate and for revoking and revocation checking of certificates. This CPS will refer to separate TeliaSonera Production CPS, which describes the premises, procedures and routines which apply for the Production of TeliaSonera CA Services. This CPS generally conforms to the IETF PKIX Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practice Statement Framework (also known as RFC 3647). This document is divided into nine sections: Section 1 - provides an overview of the policy and set of provisions, as well as the types of entities and the appropriate applications for certificates. Section 2 - contains any applicable provisions regarding identification of the entity or entities that operate repositories; responsibility of a PKI participant to publish information regarding its practices, certificates, and the current status; frequency of publication; and access control on published information. Section 3 - covers the identification and authentication requirements for certificate related activity. Section 4 - deals with certificate life-cycle management and operational requirements including application for a certificate, revocation, suspension, audit, archival and compromise. Section 5 - covers facility, management and operational controls (physical and procedural security requirements). Section 6 - provides the technical controls with regard to cryptographic key requirements. Section 7 - defines requirements for certificate, Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) formats. This includes information on profiles, versions, and extensions used. Section 8 - addresses topics covered and methodology used for assessments/audits; frequency of compliance audits or assessments; identity and/or qualifications of the personnel performing the audit or assessment; actions taken as a result of deficiencies found during the assessment; and who is entitled to see results of an assessment. Section 9 - covers general business and legal matters: the business issues of fees, liabilities, obligations, legal requirements, governing laws, processes, and confidentiality. All certificates containing the OID value are so called Organization Validation (OV) SSL certificates and conform to the current version of the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates published at In the event of any inconsistency between this document and those Documents, those Documents take precedence over this document. All certificates containing the OID value are so called Extended Validation (EV) certificates and conform to the current version of the Guidelines For The Issuance And Management Of Extended Validation Certificates published at In the event of any inconsistency between this document and those Documents, those Documents take precedence over this document. TeliaSonera SSL certificates provide a mean for relaying parties to evaluate trust when relying on such certificates. TeliaSonera SSL certificates are always organization validated (OV) certificates meaning that CA has verified the name and some other details of the entity that controls the website from official registers. TeliaSonera Extended Validation ("EV") Certificates are intended to provide enhanced assurance of the identity of the legal entity that controls a website, including the entity's name, address of Place of Business, Jurisdiction of Incorporation or Registration, and Registration Number. EV Certificates may be issued to Private Organizations, Government Entities, International Page 8

9 Organization Entities, and Business Entities. TeliaSonera OV or EV Certificates do not, however, provide any guarantee that the Subject named in the Certificate is trustworthy, honest or reputable in its business dealings, or safe to do business with. Issued certificates only establish that TeliaSonera CA verified that the business was legally organized, used domain names were owned or managed by the Subject and in EV case also that Applicant s physical existence (business presence at a physical address), and operational existence (business activity) were verified. 1.2 Document name and identification This CPS is titled TeliaSonera Server Certificate CPS and the CPS name of this CPS is {TELIASONERA-SERVER-CPS-1}. This CPS is also a Certificate Policy for TeliaSonera server and EV certificates. The certificates issued according to this CPS contain Certificate policy object identifier corresponding to the applicable certificate type. The routines and roles resulting from this CPS apply only in connection with certificates referring to the following Certificate policy object identifiers: Certificate type Issuing CA Certificate policy object identifier Organization validation (OV) certificates TeliaSonera Server CA v1 TeliaSonera Server CA v Extended validation (EV) certificates TeliaSonera Extended Validation SSL CA v TeliaSonera Server CA v2 was introduced in to bring SHA256 algorithm to complement TeliaSonera s SSL certificate offering. Since then the default algorithm in SSL certificates has been SHA256 and older SHA1 has been used only in special circumstances. Otherwise v1 and v2 policies are identical. This CPS also refers to the TeliaSonera Production CPS with the name {TELIASONERA- PRODUCTION-CPS-2}. 1.3 PKI participants TeliaSonera OV and EV certificates are issued to devices (e.g. web servers) possessed by Customers of TeliaSonera or by TeliaSonera. All of the participating organizations shall undertake what s stated in this Certification Practice Statement Certification authorities The Certification Authority operating in compliance with this Certification Practice Statement is TeliaSonera. The name of the Certification Authority in the Issuer field of the certificate is TeliaSonera Server CA v1, TeliaSonera Server CA v2 or TeliaSonera Extended Validation SSL CA v1. TeliaSonera Server CA v1, TeliaSonera Server CA v2 and TeliaSonera Extended Validation SSL CA v1 are subordinate CAs of TeliaSonera Root CA v1. TeliaSonera Root CA has its own CP and CPS describing the management of the certificate life cycle of subordinate CA certificates signed by it. The title of that CPS is TeliaSonera Root CPS and its CPS name is {TELIASONERA-ROOT-CPS-2}. The Certification Authorities are responsible for managing the certificate life cycle of end entity certificates signed by the CAs. This will include: creating and signing of certificates binding Subjects with their public key promulgating certificate status through CRLs and/or OCSP responders Registration authorities The CA s units authorized to perform registration functions, Customers acting as Customers of certification services and authorized by CA, or other organizations selected and authorized as RAs, with which the CA makes written agreements, can act as Registration Authorities. Through those Page 9

10 agreements, RAs are obliged to follow this CPS for their part. Typically RA is responsible for the following activities on behalf of a CA: Identification and authentication of certificate subjects initiate or pass along revocation requests for certificates approve applications for renewal or re-keying certificates Subscribers The Subscriber is the legal entity that makes an agreement with the CA about issuance of a certificate to a Device in its possession. With both OV and EV certificates the Subscriber is typically also the Subject of a certificate Relying parties Any natural person or Legal Entity that relies on a Valid Certificate Other participants TeliaSonera has made agreements with Application Software Suppliers so that they may trust and display certificates issued by TeliaSonera as trusted when used via their software. 1.4 Certificate usage Appropriate certificate uses Certificates under this CPS are issued to servers or devices to be used for the following applications: - Subject authentication - Verification of digital data origin and integrity - Confidentiality of digital data TeliaSonera server certificates can be used, for example, to identify servers and secure SSL/TLS session Prohibited certificate uses Applications using certificates issued under this CPS shall take into account the key usage purpose stated in the Key Usage and Extended Key Usage extension fields of the certificate. Additionally, the key usage purposes and limitations possibly stated in the contract between the Subscriber and the CA shall be taken into account when using certificates. 1.5 Policy administration Organization administering the document TeliaSonera CA Policy Management Team is the responsible authority for reviewing and approving changes to this CPS. Written and signed comments on proposed changes shall be directed to the listed web form or to TeliaSonera contact as described in Section Decisions with respect to the proposed changes are at the sole discretion of the TeliaSonera CA Policy Management Team. Contact information regarding CPS issues: Contact person Contact person in matters related to this CPS: TeliaSonera CA Product Manager Phone: +358 (0) Internet: Page 10

11 Other contact information: Customer Service: Technical Customer Service: CA Customer Service: Revocation Service: +358 (0) (normal office hour Help Desk services) +358 (0) (any support issues) (PKI support issues) +358 (0) (revocation requests or any urgent issues) Note! Also can be used for reporting complaints or suspected private key compromise, Certificate misuse, or other types of fraud, compromise, misuse, or inappropriate conduct related to SSL Certificates Person determining CPS suitability for the policy TeliaSonera CA Policy Management Team is the administrative entity for determining this Certification Practice Statement (CPS) suitability to the applicable policies CPS approval procedures TeliaSonera CA Policy Management Team will review any modifications, additions or deletions from this CPS and determine if modifications, additions or deletions are acceptable and do not jeopardize operations or the security of the production environment. 1.6 Definitions and acronyms A list of definitions and acronyms can be found at the end of this document. Page 11

12 2 PUBLICATION AND REPOSITORY RESPONSIBILITIES 2.1 Repositories CPS Repository A full text version of this CPS is published at Revocation Information Repository OCSP is the recommended Revocation Information Repository. It can be found from Certificate Revocation Lists (CRLs) are published in the TeliaSonera LDAP directory and on the TeliaSonera website: Issuing CA TeliaSonera Server CA v1 CRL addresses (ldap://crl-1.trust.teliasonera.com/cn=teliasonera%20server%20ca %20v1,o=TeliaSonera?certificaterevocationlist;binary) TeliaSonera Server CA v2 (ldap://crl-1.trust.teliasonera.com/cn=teliasonera%20server%20ca %20v2,o=TeliaSonera?certificaterevocationlist;binary) TeliaSonera Extended Validation SSL CA v1 (ldap://crl-1.trust.teliasonera.com/cn=teliasonera%20extended %20Validation%20SSL%20CA%20v1,o=TeliaSonera?certificaterevocationl ist;binary) If OCSP is not used then http based CRL repository is recommended. It is listed at first on certificate s CDP extension Certificate Repository All issued certificates are stored in the local database of the CA system. Certificates may also be published to other repositories if it is a part of the TeliaSonera CA Service or agreed with a Customer. EV certificates may be distributed to external directories as required by Certificate Transparency specification at Publication of certification information It is TeliaSonera s duty to make the following information available: a) This CPS b) Certificate revocation lists and revocation status of revoked certificates c) Issued CA certificates and cross certificates for cross-certified CAs TeliaSonera may publish and supply certificate information in accordance with applicable legislation. Each published certificate revocation list (CRL) provides all processed revocation information at the time of publication for all revoked certificates of which the revocation list is intended to give notification. TeliaSonera supplies CA certificates for all public CA keys provided these can be used for verifying valid certificates. Subscribers will be notified that a CA may publish information submitted by them to publicly accessible Page 12

13 directories in association with certificate information. The publication of this information will be within the limits of sections 9.3 and Time or frequency of publication Updates to this CPS are published in accordance with the provisions specified in section Revocation information publication provisions are specified in section 4.9. All issued certificates are stored in the local database of the CA system promptly on issuing. Certificates may also be published to other repositories if it is a part of the TeliaSonera CA Service or agreed with a customer. 2.4 Access controls on repositories This CPS, CRLs and CA certificates are publicly available. Only authorized CA personnel have access to Subscriber certificates stored in the local database of the CA system. Page 13

14 3 IDENTIFICATION AND AUTHENTICATION 3.1 Naming Types of names An X.501 Distinguished Name (DN) is used as an unambiguous name of the Subject in the Subject field of the certificate. The name always includes the following attributes: commonname (CN, OID ) OrganizationName (O, OID ) Locality (L, OID: ) Country (ST, OID: ) Description OV SSL A single host domain name (FQDN) or IP address which is owned or controlled by the Subject and to be associated with the Subject s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). The CN value is always one of the values contained in the Certificate s subjectaltname extension. Customer in relation to which the Subject is identified. Common variations or abbreviations may also be used provided that the name owner is unambiguous. City name. A component of the address of the physical location of the Subject s Place of Business. Two character country code. A component of the address of the physical location of the Subject s Place of Business. subjectaltname:dnsname One or more host domain names (FQDN) which are owned or controlled by the Subject and to be associated with the Subject s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). Wildcard names are allowed. subjectaltname:ipaddress jurisdictioncountryname (OID: ) businesscategory (OID: ) serialnumber (OID: ) One or more IP addresses which are owned or controlled by the Subject and to be associated with the Subject s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). N/A. May be used like in EV. N/A. May be used like in EV. May be used like in EV. Optional in normal OV certificates. Description EV SSL A single host domain name (FQDN) which is owned or controlled by the Subject and to be associated with the Subject s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). Wildcard certificates are not allowed. The CN value is always one of the values contained in the Certificate s subjectaltname extension. Subject s full legal organization name as listed in the official records of the Incorporating or Registration Agency. Common abbreviations may be used in prefix or suffix parts. City name. A component of the address of the physical location of the Subject s Place of Business. Two character country code. A component of the address of the physical location of the Subject s Place of Business. One or more host domain names (FQDN) which are owned or controlled by the Subject and to be associated with the Subject s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). Wildcard names are not allowed. Not allowed Two character country code of the country in which the subject is registered One of the following strings: "Private Organization", "Government Entity", "Business Entity", or "Non-Commercial Entity" depending how the Subject qualifies in CA validation. Registration Number (e.g. Business ID or organization number) assigned to the Subject by the Incorporating or Registration Agency. Page 14

15 Additionally, the Subject field may include following attributes depending on the usage purpose of the certificate: Description Server Description EV SSL organizationalunit Name (OU,OID: ) streetaddress (OID: ) postalcode (OID: ) State or province (ST, OID: ) Organizational unit defined by the Subscriber. This attribute may also be a DBA, tradename, trademark, address, location, or other text that refers to the specific Legal Entity in the field OrganizationName. Optional. Street address. A component of the address of the physical location of the Subject s Place of Business. Optional. Postal code. A component of the address of the physical location of the Subject s Place of Business. Not recommended. A country or province name. A component of the address of the physical location of the Page 15 Organizational unit defined by the Subscriber. This attribute may also be a DBA, tradename, trademark, address, location, or other text that refers to the specific Legal Entity in the field OrganizationName. Optional. Street address. A component of the address of the physical location of the Subject s Place of Business. Optional. Postal code. A component of the address of the physical location of the Subject s Place of Business. Not recommended. A country or province name. A component of the address of the physical location of the Subject s Place of Business. Subject s Place of Business. Additional Distinguished Name (DN) or Subject Alternative Name attributes may be used as necessary providing that CA is able to verify that the additional attributes belong to the Subject Need for names to be meaningful Names will be meaningful as stated in the section Anonymity or pseudonymity of Subscribers Names will be meaningful as stated in the section Rules for interpreting various name forms No stipulation Uniqueness of names The Subject name stated in a certificate will be unique for all certificates issued within the domain of the CA, and conform to X.500 standards for name uniqueness. Subject name uniqueness means that the CA will not issue certificates with identical names to different organizations. However, the CA may issue several certificates to the same organization, and in that case the Subject names in those certificates may be the same Recognition, authentication, and role of trademarks The priority to entity names is given to registered trademark holders. TeliaSonera reserves the right not to issue such a certificate, or to revoke a certificate that has already been issued, when there is a name claim dispute involved concerning the certificate contents. 3.2 Initial identity validation Method to prove possession of private key The CA verifies the possession of the private key by verifying the electronic signature included in the PKCS #10 certificate request. The request is accepted only when signed with the private key associated with the public key to be certified Authentication of organization identity TeliaSonera CA or its authorized resellers do the authentication and verification of the certificate request data as described in this chapter. The data for verification is given to the CA either in hand-signed SSL certificate service agreement (Full SSL agreement) or in web order form of OV or EV certificate. Data may be given to CA in the PKCS#10 certificate signing request or separately on the order form so that the latter will override the former if both exist.

16 TeliaSonera CA verifies the organization name (O) of a new Customer by checking the existence of the company, its legal name, business identity code and other relevant organization information from an official business register maintained by an applicable government agency (e.g. ytj.fi in Finland). The list of applicable trusted registries is maintained in CA internal instructions.. Subject s registration number and address components (street, postalcode, locality, stateorprovince, country) are typically verified using the same register. In EV validation the verified registration number is added to the serialnumber attribute of a certificate. The address components may be added to the certificate. Mandatory attributes must have a successfully verified value. Metadata such as -,. or unknown are not allowed in these attributes. TeliaSonera verifies domain names and IP addresses from a trusted database maintained by a reliable third party registrar e.g. domain.fi (for domain.fi ), iis.se (for domain.se ), ripe.net (for IP addresses) and (for non-country domains), that as of the date the Certificate was issued, the Applicant either had the right to use, or had control of, the Fully-Qualified Domain Name(s) and IP address(es) listed in the Certificate, or was authorized by a person having such right or control (e.g. under a Principal-Agent or Licensor-Licensee relationship) to obtain a Certificate containing the Fully-Qualified Domain Name(s) and IP address(es). Connection to the third party database is SSL/TLS protected when applicable. In domain verification the domain name ownership is approved if the registered domain/ip owner is a Parent/Subsidiary Company of the Applicant or the ownership is registered to the old name/entity of the same Applicant. In such cases a reliable proof of company structure or name change must be available. If the Subject Identity Information is to include a name, DBA, trade name or trademark the CA verifies the Applicant s right to use the name from applicable government agency responsible of such names (e.g. ytj.fi in Finland). TeliaSonera may use its previously documented verification data. Old verification data will expire in three years in OV verification and in thirteen months in EV verification or earlier if the data had an internal expiration date. Old verification data including organization name, address components, Parent/Subsidiary/name change relationships, authorization documents and domain/ip ownership are stored related to organization s registration number. Other subject values like OU or E are verified each time separately. In FullSSL service such verification can be done by the Customer Registration Officer and TeliaSonera only verifies the Organization names and domain ownerships. In all cases TeliaSonera CA regularly validates that all Registration Officers have done the verification of all subject fields correctly. Alternatively the Registration Officer may use another allowed authentication or verification methods listed in the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (regarding OV certificates) or Guidelines For The Issuance And Management Of Extended Validation Certificates (regarding EV certificates) published at If such special verification method is used, it is always separately approved by a supervising TeliaSonera PKI board Authentication of individual identity The procedures to authenticate the identity of the Subscriber vary between the different TeliaSonera Server Certificate services: OV order via public web form TeliaSonera authenticates the administrative (or technical) contact person defined in the certificate application by calling the contact person via the Customer s PBX number or by making a call to some other verified number in the organization, which is looked up from a trusted phone directory maintained by a third party Page 16

17 EV certificate order via public web form CA requires that administrative contact person (Contract signer) makes a web Subscriber contract with CA. Contract is verified by calling to him/her like above in SSL order authentication. His/her identity and authority on behalf of the Applicant to do contracts is verified. After the initial authentication he/she will get an order confirmation message from each EV order. Each confirmation message can be used to cancel the contract or authorization. In the EV contract at least one technical contact person representing the Applicant is authorized by Contract Signer to order EV certificates. In EV terms he/she is the Certificate Requester and the Certificate Approver. Authorization is given to the address that will get the approved EV certificates. Each EV order is authenticated by CA by making a call or other applicable contact method to technical contact like above in the OV order authentication. Internal TeliaSonera OV or EV certificates or when CA has direct access to Applicant employee register When employee register is available CA verifies that both technical and administrative contact persons are using approved Applicant company addresses AND both persons are active employees in the Company according to the employee register. Normal web application authentication described above must be used instead of this if the requirements are not completely fulfilled. SSL order using TeliaSonera s self service software The Customer can make an agreement with TeliaSonera to act as a Registration Officer within the Customer Organization (Full SSL Service) and to register TeliaSonera Server certificates using TeliaSonera s RA system for Customers. The Customer Registration Officer is restricted to register certificates only within their own Organizations (O) and the domain names and other values authorized by the CA. Before enabling the service or adding new authorized Organization or domain names, the CA verifies the organization identity and the domain names as described in the section When registering Subjects, the identity of the Registration Officer is verified by means of the Registration Officers certificate issued by a TeliaSonera CA Non-verified Subscriber information The Registration Officer is obliged to always review all subject information and initiate additional checking routines if there are any unclear Subject values. Only well-known certificate extensions are verified and others are accepted only if CA is aware of the reason for including the extension. Domain name ownership of domains in addresses is not verified by TeliaSonera except when Applicant s employee register is used for authority verification. The value in OrganizationalUnit field is not verified unless it includes a name, DBA, tradename, trademark, address, location, or other text that refers to a specific Legal Entity. If such value is used TeliaSonera verifies that the Applicant has a right to use it according to a reliable data source Validation of authority OV order via public web form TeliaSonera verifies that the administrative contact person defined in the certificate application is employed by the Customer by calling the contact person via the Customer s PBX number or by making a call to some other verified number in the organization, which is looked up from a directory maintained by a trusted party. Page 17

18 EV order via public web form SSL order using TeliaSonera s self-service software TeliaSonera verifies that the administrative contact person (Contract Signer) has the authority to do contracts on behalf of the Customer. He/she must be an employee of the Applicant and have an applicable manager or director title or similar role according to certificate application. This title or role is verified via the Company switchboard or via other data source available excluding the person him/herself. The Administrative Contact Person, who grants the necessary initial authorizations in the Customer, has been identified in the service agreement or order. TeliaSonera verifies that the Organization has authorized the certificate service by contacting the contact person specified in the agreement by phone, mail or other similar methods. A Registration Officer in a Customer has the right to define new Registration Officers. Authorization is based on multi-factor authentication to TeliaSonera s self-service software (typically certificate and PIN code) Criteria for interoperation Not applicable. 3.3 Identification and authentication for re-key requests Identification and authentication for routine re-key No special routine exists for renewal of TeliaSonera Server certificates. In Subject registration the same process will be followed as in the initial registration. The previous verification data may be utilized by CA if it is not expired Identification and authentication for re-key after revocation After revocation of a Subject s certificate, if the Subscriber wants to have a new certificate, then the same process will be followed as in the initial registration. The previous verification data may be utilized by CA if it is not expired. 3.4 Identification and authentication for revocation request Revocation by Customer In cases where a Customer can issue SSL certificates using TeliaSonera s self-service software, the Subscriber shall submit a request for certificate revocation to the Registration Officer of its own organization, who has additionally the rights of a Revocation Officer. The Revocation Officer in the Customer is responsible for the verification of the authenticity of the request to revoke the certificate. The identity of the Revocation Officer in the Customer is verified based on a certificate. Revocation by the Revocation Service of the CA The Subscriber or Registration Officer in a Customer shall submit a request for certificate revocation to the Revocation Service by telephone or by . The revocation service checks that the origin of the request is the Customer who owns the certificate using message details. The Revocation Service may make a call back to the Customer and ask certain detailed data. This data is compared with the information recorded about the Subject or Subscriber at registration, and if necessary, with information in the agreements made with the Subscriber or with the Customer. If the data match the certificate will be revoked. In certain situations where there is an identified risk of abuse of the private key or when it is obvious that the authorized use of the key is prevented, it may be necessary to revoke the certificate on request of someone else but the above mentioned entities. In that case the verification of the authenticity of the revocation request can require other authentication methods. In cases where reliable verification cannot be immediately performed the CA may revoke the certificate to reduce risks. Page 18

19 4 CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS 4.1 Certificate Application Who can submit a certificate application OV or EV order via public web form Manually processed Certificate application can be submitted by a representative of the Organization, which possesses the Device to which the certificate is applied. If the application is submitted by a different organization from the organization that owns the domain name or the IP address (e.g. by an IT service provider), the application must be authorized by the organization owning the domain name or IP address. SSL order using TeliaSonera s self-service software Automatically processed Certificate application can be submitted by an authorized Registration Officer in a Customer that has made a SSL Service agreement with TeliaSonera. Authorized TeliaSonera personnel can also submit these applications for devices of TeliaSonera. TeliaSonera will issue server certificates only to organizations that are registered in the European Economic Area. The European Economic Area (EEA) comprises the countries of the European Union (EU), plus Iceland, Liechtenstein and Norway. TeliaSonera may refuse to issue certificates to organizations registered in countries where TeliaSonera cannot reliably validate information on the certificate application Enrollment process and responsibilities OV or EV order via public web form SSL order using TeliaSonera s self-service software A certificate to a Device (an EV or OV server certificate) is applied by filling in a form that is publicly available at TeliaSonera s web site. A Certificate Signing Request (CSR) that is a standard format certificate request generated by the Device shall be attached to the form. The completed application forms are directed to TeliaSonera s RA office where the sufficiency of the application is checked. Before the application can be submitted, the Subscriber has to accept the Subscriber responsibilities and terms and conditions of the service. A Registration Officer in a Customer applies for certificates to Devices (OV server certificates) directly from the CA system by using the selfservice application provided by TeliaSonera. The application will print all relevant certificate request values on screen for final review. If accepted by the Registration Officer and the CA configuration the request is processed automatically. It may contain only pre-defined Domain Name and Organization Name values allowed to this Customer. Only TeliaSonera Registration Officers may add new allowed Domain Name or Organization Name values for Customers. New values are always verified according to 3.2. The Customer is bound through a SSL Service Agreement with TeliaSonera. Customer s Registration Officers also accept Customer Responsibilities when they logon to TeliaSonera s self-service application for the first time. 4.2 Certificate application processing Performing identification and authentication functions TeliaSonera performs identification and authentication of Subject and Subscriber information in accordance with the section 3.2. Page 19

20 4.2.2 Approval or rejection of certificate applications TeliaSonera will approve a certificate application if it meets the requirements documented in this CPS and there are no other reasons to reject the application. All other certificate applications will be rejected. The Subscriber will be informed on why the certificate application was rejected and on how to proceed to be approved Time to process certificate applications OV or EV order via public web form OV order using TeliaSonera s self service software TeliaSonera process the applications within reasonable time frame. The certificate request is processed automatically by TeliaSonera s RA and CA systems immediately after the request is submitted Certificate Authority Authorization (CAA) CA is not currently checking CAA records. 4.3 Certificate issuance CA actions during certificate issuance If the certificate application is approved, the CA issues the certificate. The CA system accepts only such certificate requests the origin of which can be authenticated. The certificate is created by the CA according to the information contained in the certificate request and configured for the Customer. However, the CA may overwrite or delete some certificate information using pre-defined certificate profile specific standard values Notification to Subscriber by the CA of issuance of certificate OV or EV order via public web form Subscriber is informed of the acceptance or rejection of the certificate request. TeliaSonera s RA office delivers a web link to the contact person for fetching of the certificate. OV order using TeliaSonera s self-service software The certificate is available for the Customer s Registration Officer in the RA tool after the issuance. 4.4 Certificate acceptance Conduct constituting certificate acceptance The Subscriber is considered to have accepted the certificate when the private key associated with it has been used, or when the certificate has been installed into a Device Publication of the certificate by the CA TeliaSonera will not publish Subscriber certificates to a publicly available repository if not agreed upon with the Customer. EV certificates may be distributed to external directories as required by Certificate Transparency specification at Notification of certificate issuance by the CA to other entities EV certificates may be distributed to external directories as required by Certificate Transparency specification at Page 20

21 4.5 Key pair and certificate usage Subscriber private key and certificate usage The Subscriber shall only use certificates and their associated key pairs for the purposes identified in this CPS and in applicable agreements with TeliaSonera. Issued certificates contain information which defines suitable areas of application for the certificate and its associated keys. Area of application labelling takes place in accordance with X.509 and chapter 7 of this CPS. For more information regarding appropriate Subscriber key usage see sections and The Subscriber shall protect the Subject private key from unauthorized use and discontinue the use of the Subject private key immediately and permanently in case the private key is compromised Relying party public key and certificate usage Prior to accepting a TeliaSonera Server certificate, a relying party is responsible to: a) Verify that the certificate is appropriate for the intended use; b) Check the validity of the certificate, i.e. verify the validity dates and the validity of the certificate and issuance signatures; and c) Verify from a valid Certificate Revocation List (CRL) or other certificate status service provided by the CA that the certificate has not been revoked or suspended. If certificate status cannot be verified due to system failure or similar, the certificates shall not be accepted. 4.6 Certificate renewal Certificate renewal is the re-issuance of a certificate with a new validity date using the same public key corresponding to the same private key Circumstance for certificate renewal When the validity time of a certificate is about to end, the certificate can be renewed Who may request renewal Renewal may be requested by the same persons as the initial certificate application as described in section Processing certificate renewal requests OV or EV order via public web form Certificate renewal requests are processed like the initial certificate requests as described in section 4.2. CA may use the stored data of previous validations if available and such data is not expired. OV order using TeliaSonera s self-service software Registration Officer has an option to renew certificates using the tool provided by the CA, in which case the tool uses the old CSR file to renew the certificate. Registration Officer is responsible to ensure that the certificate information is still valid and that there are no other obstacles to the renewal. Certificate renewal and re-key requests may also be processed like the initial certificate requests as described in section Notification of new certificate issuance to Subscriber The Subscriber is notified as described in section Conduct constituting acceptance of a renewal certificate Conduct constituting acceptance of a renewal certificate is described in section Publication of the renewal certificate by the CA Page 21

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc. THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

EuropeanSSL Secure Certification Practice Statement

EuropeanSSL Secure Certification Practice Statement EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE

More information

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised

More information

SSL.com Certification Practice Statement

SSL.com Certification Practice Statement SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com

More information

VeriSign Trust Network Certificate Policies

VeriSign Trust Network Certificate Policies VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT

More information

Equens Certificate Policy

Equens Certificate Policy Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)

More information

Symantec Trust Network (STN) Certificate Policy

Symantec Trust Network (STN) Certificate Policy Symantec Trust Network (STN) Certificate Policy Version 2.8.5 Effective Date: September 8, 2011 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 http//:www.symantec.com

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT

More information

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB Document no 1/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev A TeliaSonera Public Root CA Certification Practice Statement Revision Date: 2006-11-17 Version: Rev A Published

More information

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 2.0 Effective Date: 14 April 2015 TABLE OF CONTENTS 1. INTRODUCTION 1.1 Overview 1.2 Document name and identification 1.3 PKI participants 1.3.1

More information

Trusted Certificate Service

Trusted Certificate Service TCS Server and Code Signing Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service TCS Server CAs, escience Server CA, and Code Signing CA Certificate Practice Statement Version 2.0

More information

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...

More information

Fraunhofer Corporate PKI. Certification Practice Statement

Fraunhofer Corporate PKI. Certification Practice Statement Fraunhofer Corporate PKI Certification Practice Statement Version 1.1 Published in June 2012 Object Identifier of this Document: 1.3.6.1.4.1.778.80.3.2.1 Contact: Fraunhofer Competence Center PKI Fraunhofer

More information

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates)

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates) (CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014 1. INTRODUCTION... 10 1.1. Overview... 10 1.2. Document Name and Identification... 11 1.3. Participants...

More information

KIBS Certification Practice Statement for non-qualified Certificates

KIBS Certification Practice Statement for non-qualified Certificates KIBS Certification Practice Statement for non-qualified Certificates Version 1.0 Effective Date: September, 2012 KIBS AD Skopje Kuzman Josifovski Pitu 1 1000, Skopje, Republic of Macedonia Phone number:

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

Version 3.0. Effective Date: 15 october, 2008

Version 3.0. Effective Date: 15 october, 2008 Getronics Version 3.0 Effective Date: 15 october, 2008 Getronics Nederland B.V. Fauststraat 1 P.O. Box 9105 7300 HN Apeldoorn The Netherlands Phone: +31 (0)20 570 4511 http://www.pki.getronicspinkroccade.nl

More information

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5 Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1

More information

Advantage Security Certification Practice Statement

Advantage Security Certification Practice Statement Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro

More information

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00 Registration Practices Statement Grid Registration Authority Approved December, 2011 Version 1.00 i TABLE OF CONTENTS 1. Introduction... 1 1.1. Overview... 1 1.2. Document name and Identification... 1

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Version 2.2 Document OID: 1.3.6.1.4.1.36355.2.1.2.2 February 2012 Contents

More information

epki Root Certification Authority Certification Practice Statement Version 1.2

epki Root Certification Authority Certification Practice Statement Version 1.2 epki Root Certification Authority Certification Practice Statement Version 1.2 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1 1.1.1 Certification Practice Statement...

More information

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June 2009. Version: 1.0

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June 2009. Version: 1.0 Document no 4/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev. 1.0 Telia hardware based e-legitimation v2 Certification Practice Statement Revision Date: 10 th June 2009

More information

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) [Draft] Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) Version: 1.00 August, 2015 Bangladesh Bank Page 2 of 42 Document Reference Title Document Type Bangladesh Bank

More information

Certificate Policy and Certification Practice Statement

Certificate Policy and Certification Practice Statement DigiCert Certificate Policy and Certification Practice Statement DigiCert, Inc. Version 3.03 March 15, 2007 333 South 520 West Lindon, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com

More information

X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities

X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities Version 5.1 May 2014 Notice to all parties seeking to rely Reliance

More information

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3.

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3. California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority Version 3.4 April 2015 Table of Contents 1.0 INTRODUCTION... 8 1.1 OVERVIEW... 8 1.2

More information

SSL CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT

SSL CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT SSL CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Kamu Sertifikasyon Merkezi TÜBİTAK Yerleşkesi, P.K. 74 Gebze 41470 Kocaeli, TURKEY Tel: +90 (0) 262 648 18 18 Fax: +90 (0) 262 648 18 00 www.kamusm.gov.tr

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

phicert Direct Certificate Policy and Certification Practices Statement

phicert Direct Certificate Policy and Certification Practices Statement phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a

More information

thawte Certification Practice Statement

thawte Certification Practice Statement thawte Certification Practice Statement Version 3.7.5 Effective Date: 4 June, 2012 (All CA/Browser Forum-specific requirements are effective on July 1, 2012) thawte Certification Practice Statement 2012

More information

TC TrustCenter GmbH. Certification Practice Statement

TC TrustCenter GmbH. Certification Practice Statement TC TrustCenter GmbH Certification Practice Statement NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certification Practice Statement is published in conformance

More information

Trusted Certificate Service (TCS)

Trusted Certificate Service (TCS) TCS Personal and escience Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service (TCS) TCS Personal CA, escience Personal CA, and Document Signing CA Certificate Practice Statement

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :

More information

X.509 Certificate Policy for India PKI

X.509 Certificate Policy for India PKI X.509 Certificate Policy for India PKI Version 1.4 May 2015 Controller of Certifying Authorities Department of Information Technology Ministry of Communications and Information Technology Document Control

More information

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG) Internet Security Research Group (ISRG) Certificate Policy Version 1.0 Updated May 5, 2015 Approved by ISRG Policy Management Authority ISRG Web Site: https://letsencrypt.org Page 1 of 83 Copyright Notice

More information

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 - X.509 PKI EMAIL SECURITY GATEWAY Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 Commerzbank AG - Page 1 Document control: Title: Description : RFC Schema: Authors: Commerzbank

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Trustwave Holdings, Inc

Trustwave Holdings, Inc Trustwave Holdings, Inc Certificate Policy and Certification Practices Statement Version 2.9 Effective Date: July 13, 2010 This document contains Certification Practices and Certificate Policies applicable

More information

Certification Practice Statement. Internet Security Research Group (ISRG)

Certification Practice Statement. Internet Security Research Group (ISRG) Certification Practice Statement Internet Security Research Group (ISRG) Version 1.0 Updated May 5, 2015 Approved by ISRG Policy Management Authority Web Site: https://letsencrypt.org Page 1 of 11 Copyright

More information

CERTIFICATE POLICY KEYNECTIS SSL CA

CERTIFICATE POLICY KEYNECTIS SSL CA CERTIFICATE POLICY KEYNECTIS SSL CA Date: 05/02/2009 KEYNECTIS SSL CA CERTIFICATE POLICY Subject: KEYNECTIS SSL CA Certificate Policy Version number: 1.1 Number of pages: 49 Status of the Project Final

More information

e-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013

e-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013 e-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013 Ceyhun Atıf Kansu Cad. 130/58 Balgat / ANKARA TURKEY

More information

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 Certificate Policy KEYNECTIS SSL CA CP Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 KEYNECTIS SSL CA CP Version 1.2 Pages 51 Status Draft Final Author Emmanuel Montacutelli OpenTrust

More information

Visa Public Key Infrastructure Certificate Policy (CP)

Visa Public Key Infrastructure Certificate Policy (CP) Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential

More information

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the

More information

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY The Boeing Company Boeing Commercial Airline PKI Basic Assurance CERTIFICATE POLICY Version 1.4 PA Board Approved: 7-19-2013 via e-mal PKI-233 BCA PKI Basic Assurance Certificate Policy Page 1 of 69 Signature

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Certificate Policy for. SSL Client & S/MIME Certificates

Certificate Policy for. SSL Client & S/MIME Certificates Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

thawte Certification Practice Statement Version 2.3

thawte Certification Practice Statement Version 2.3 thawte Certification Practice Statement Version 2.3 Effective Date: July, 2006 thawte Certification Practice Statement 2006 thawte, Inc. All rights reserved. Printed in the United States of America. Revision

More information

SWITCHaai Metadata CA. Certificate Policy and Certification Practice Statement

SWITCHaai Metadata CA. Certificate Policy and Certification Practice Statement SWITCHaai Metadata CA Certificate Policy and Certification Practice Statement Version 1.0, OID 2.16.756.1.2.6.7.1.0 July 15, 2008 Table of Contents 1. INTRODUCTION...6 1.1 Overview...6 1.2 Document name

More information

InCommon Certification Practices Statement. Server Certificates

InCommon Certification Practices Statement. Server Certificates InCommon Certification Practices Statement for Server Certificates 16 August 2010 Version 1.0 Latest version: https://www.incommon.org/cert/repository/cps_ssl.pdf This version: https://www.incommon.org/cert/repository/cps_ssl_20100816.pdf

More information

CERTIFICATION PRACTICE STATEMENT. EV SSL CA Certification Practice Statement

CERTIFICATION PRACTICE STATEMENT. EV SSL CA Certification Practice Statement CERTIFICATION PRACTICE STATEMENT EV SSL CA Certification Practice Statement Emmanuel Montacutelli September 1, 2015 OpenTrust_DMS_EV Statement SSL CA Certification Practice Manage d Services Signature

More information

X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) Version 2.24

X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) Version 2.24 X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) Version 2.24 February 25, 2011 Signature Page Chair, Federal Public Key Infrastructure Policy Authority DATE Revision History

More information

Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Version 2.5

Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Version 2.5 Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Prepared by: United States Patent and Trademark Office Public Key Infrastructure Policy Authority This page is intentionally

More information

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2 PKI NBP Certification Policy for ESCB Encryption Certificates OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2 Security Department NBP Warsaw, 2015 Table of Contents 1. Introduction 1 1.1 Overview 1 1.2 Document

More information

PKI NBP Certification Policy for ESCB Signature Certificates. OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5

PKI NBP Certification Policy for ESCB Signature Certificates. OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5 PKI NBP Certification Policy for ESCB Signature Certificates OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5 Security Department NBP Warsaw, 2015 Table of Contents 1. Introduction 1 1.1 Overview 1 1.2 Document

More information

[COMPANY CA] Certification Practice Statement

[COMPANY CA] Certification Practice Statement Certification Practice Statement Date: [PUBLICATION DATE] Version: v. X.X Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...3 1.2

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

InCommon Certification Practices Statement. Client Certificates

InCommon Certification Practices Statement. Client Certificates InCommon Certification Practices Statement for Client Certificates 14 February 2011 Version 1.0 Latest version: 14 February 2011 This version: 14 February 2011 Table of Contents 1 INTRODUCTION... 4 1.1

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information

Operational Research Consultants, Inc. Non Federal Issuer. Certificate Policy. Version 1.0.1

Operational Research Consultants, Inc. Non Federal Issuer. Certificate Policy. Version 1.0.1 Operational Research Consultants, Inc. Non Federal Issuer Certificate Policy Version 1.0.1 Operational Research Consultants, Inc. 11250 Waples Mill Road South Tower, Suite 210 Fairfax, Virginia 22030 June

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

Certificate Policy of the. Public Key Infrastructure in the. Deutsche Forschungsnetz. - Grid -

Certificate Policy of the. Public Key Infrastructure in the. Deutsche Forschungsnetz. - Grid - Certificate Policy of the Public Key Infrastructure in the Deutsche Forschungsnetz - Grid - DFN-Verein Grid-CP V1.4, May 2008 This document and all parts thereof are copyrighted. Distribution or reproduction

More information

BUYPASS CLASS 3 SSL CERTIFICATES Effective date: 11.06.2013

BUYPASS CLASS 3 SSL CERTIFICATES Effective date: 11.06.2013 CERTIFICATE POLICY BUYPASS CLASS 3 SSL CERTIFICATES Effective date: 11.06.2013 PUBLIC Version: 2.0 Document date: 11.05.2013 Buypass AS Nydalsveien 30A, PO Box 4364 Nydalen Tel.: +47 23 14 59 00 E-mail:

More information

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015 ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document

More information

DigiCert. Certificate Policy. DigiCert, Inc. Version 4.03 May 3, 2011

DigiCert. Certificate Policy. DigiCert, Inc. Version 4.03 May 3, 2011 DigiCert Certificate Policy DigiCert, Inc. Version 4.03 May 3, 2011 Suite 200 Canopy Building II 355 South 520 West Lindon, UT 84042 USA Tel: 1 801 877 2100 Fax: 1 801 705 0481 www.digicert.com TABLE OF

More information

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS) Starfield Technologies, LLC Certificate Policy and Certification Practice Statement (CP/CPS) Version 3.8 April 15, 2016 i Starfield CP-CPS V3.8 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2

More information

Amazon Web Services Certificate Policy. Version 1.0.1

Amazon Web Services Certificate Policy. Version 1.0.1 Amazon Web Services Certificate Policy Version 1.0.1 1 Contents Contents 1 INTRODUCTION 1.1 Overview 1.1.1 Compliance 1.1.2 Types of Certificates 1.1.2.1 CA Certificates 1.1.2.1.1 Self-signed CA Certificates

More information

RAPIDPIV-I Credential Service Certification Practice Statement Redacted

RAPIDPIV-I Credential Service Certification Practice Statement Redacted James D. Campbell Digitally signed by James D. Campbell DN: c=us, cn=james D. Campbell Date: 2014.06.18 10:45:03-07'00' RAPIDPIV-I Credential Service Certification Practice Statement Redacted Key Information:

More information

Version 2.4 of April 25, 2008

Version 2.4 of April 25, 2008 TC TrustCenter GmbH Certificate Policy for SAFE NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certificate Policy is published in conformance with international

More information

Certification Practice Statement for Extended Validation Certificates

Certification Practice Statement for Extended Validation Certificates DigiCert Certification Practice Statement for Extended Validation Certificates DigiCert, Inc. Version 1.0.4 May 29, 2009 Suite 200 Canopy Building II 355 South 520 West Lindon, UT 84042 USA Tel: 1-801-877-2100

More information

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs: 1.3.6.1.4.1.8024.0.1 1.3.6.1.4.1.8024.0.

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs: 1.3.6.1.4.1.8024.0.1 1.3.6.1.4.1.8024.0. QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT OIDs: 1.3.6.1.4.1.8024.0.1 1.3.6.1.4.1.8024.0.3 Effective Date: 20 April 2009 Version: 4.6 Copyright QuoVadis

More information

Swiss Government Root CA II. Document OID: 2.16.756.1.17.3.21.1

Swiss Government Root CA II. Document OID: 2.16.756.1.17.3.21.1 Swiss Government Root CA II CP/CPS End-user Certificates Swiss Government PKI - Root CA II Certificate Policy and Certification Practice Statement (CP/CPS) Document OID: 2.16.756.1.17.3.21.1 Project Name:

More information

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB 2007-10-18 1 (46) TeliaSonera Root CA v1 Certificate Practice Statement Published by: TeliaSonera AB Company Information Created Modified Approved Valid from 2007-10-12 Reg. office: Printed Coverage Business

More information

PostSignum CA Certification Policy applicable to qualified personal certificates

PostSignum CA Certification Policy applicable to qualified personal certificates PostSignum CA Certification Policy applicable to qualified personal certificates Version 3.0 7565 Page 1/60 TABLE OF CONTENTS 1 Introduction... 5 1.1 Review... 5 1.2 Name and clear specification of a document...

More information

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...

More information

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012 Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate

More information

APPLICATION FOR DIGITAL CERTIFICATE

APPLICATION FOR DIGITAL CERTIFICATE Application ID Number (For Official Use only) APPLICATION FOR DIGITAL CERTIFICATE Instructions: 1. Please fill the form in BLOCK LETTERS ONLY. 2. All fields are mandatory. 3. Present one (1) copy and the

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Comodo CA, Ltd. Version 4.1.4 Effective: August 14, 2015 3rd Floor, Office Village, Exchange Quay, Trafford Road, Salford, Manchester, M5 3EQ, United Kingdom Tel:

More information

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy Version: 1.0 Issued: August 2014 Status: Final PEXA Certification Authority Certificate Profile 1. Introduction Property

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA) E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA) QUALIFIED CERTIFICATE POLICY AND PRACTICE STATEMENT (CP-CPS) VERSION 1.0 DATE OF ENTRY INTO FORCE : JUNE, 2008 OID 2.16.792.3.0.4.1.1.2 E-TUGRA

More information

Symantec Trust Network (STN) Certificate Policy

Symantec Trust Network (STN) Certificate Policy Symantec Trust Network (STN) Certificate Policy Version 2.8.20 May 20, 2016 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 www.symantec.com - i - Symantec Trust Network

More information

TrustCor Systems S. de R.L. Certification Practice Statement

TrustCor Systems S. de R.L. Certification Practice Statement TrustCor Systems S. de R.L. Certification Practice Statement Version: 1.2.2 This document is PUBLIC Generated on January 25, 2016 at 17:04 UTC. 1 Contents 1. INTRODUCTION 1.1 Overview 1.2 Document name

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Version 2.0 Effective Date: October 1, 2006 Continovation Services Inc. (CSI) Certification Practice Statement 2006 Continovation Services Inc. All rights reserved. Trademark

More information

Vodafone Group CA Web Server Certificate Policy

Vodafone Group CA Web Server Certificate Policy Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name

More information