Government CA Government AA. Certification Practice Statement

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Government CA Government AA. Certification Practice Statement"

Transcription

1 PKI Belgium Government CA Government AA Certification Practice Statement Government CA - Government AA Certification Practice Statement 1 / 54

2 Contents 1. Document History Document Approval Distribution List Document Change Control Acknowledgments Introduction Overview eid hierarchy Document Name and Identification PKI participants Certification Authority Registration Authorities and Local Registration Authorities Subscribers Relying Parties Certificate usage Policy Administration Definitions and acronyms Publication and Repository Responsibilities Access control on repositories Identification and Authentication Naming Identity Validation Identification and Authentication for Re-key Requests Identification and Authentication for Revocation and Suspension Requests CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS Certificate Application Certificate Application Processing Certificate Issuance Certificate Acceptance Key Pair and Certificate Usage Subscriber duties Relying party duties Certificate Renewal Certificate Re-key Certificate Modification Certificate Revocation and Suspension Term and Termination of Suspension and Revocation Certificate Status Services End of Subscription Key Escrow and Recovery MANAGEMENT, OPERATIONAL, AND PHYSICAL CONTROLS Physical Security Controls Procedural Controls Personnel Security Controls Qualifications, Experience, Clearances Background Checks and Clearance Procedures Training Requirements and Procedures Retraining Period and Retraining Procedures Job Rotation Sanctions against Personnel Controls of independent contractors Documentation for initial training and retraining Audit Logging Procedures Records Archival Government CA - Government AA Certification Practice Statement 2 / 54

3 7.5.1 Types of records Retention period Protection of archive Archive backup procedures Requirements for Time-stamping of Records Archive Collection Procedures to obtain and verify archive information Key Changeover Compromise and Disaster Recovery CA or RA Termination TECHNICAL SECURITY CONTROLS Key Pair Generation and Installation CA Private Key Generation Process CA Key Generation Key Pair re-generation and re-installation CA Key Generation Devices CA Private Key Storage CA Private Key Distribution CA Private Key Destruction Private Key Protection and Cryptographic Module Engineering Controls Other Aspects of Key Pair Management Computing resources, software, and/or data corrupted CA public key revocation Compromise of the GCA-AA private key Activation Data Computer Security Controls Life Cycle Security Controls Network Security Controls Time-stamping CERTIFICATE AND CRL PROFILES Certificate Profile Government CA Cerificate Government AA Cerificate Certificate Revocation List (CRL) Profile COMPLIANCE AUDIT AND OTHER ASSESSMENT OTHER BUSINESS AND LEGAL MATTERS Fees Refund policy Financial Responsibility Liability Confidentiality of Information Disclosure Conditions Privacy of Personal Information Intellectual Property Rights Representations and Warranties Subscriber Obligations Relying Party Obligations Subscriber Liability towards Relying Parties CA Repository and Web site Conditions of Use GCA-AA Obligations Service Level Measurement Registration Authority Obligations Disclaimers of Warranties Limitation for Other Warranties Exclusion of Certain Elements of Damages Indemnities Government CA - Government AA Certification Practice Statement 3 / 54

4 11.8 Term and Termination Individual notices and communications with participants Survival Severability Amendments Dispute Resolution Procedures Governing Law Miscellaneous Provisions List of definitions List of acronyms Government CA - Government AA Certification Practice Statement 4 / 54

5 1. Document History 1.1 Document Approval Name + Title Date Signature Checked by: Fedict Approved by Fedict 19 januari Distribution List Version Company Name Action V1.0 Fedict Samoera Jacobs Fedict Sam Van Den Eynde 1.3 Document Change Control Version Release Date Status + Description V March 03 First draft V March 03 Update after comparison with the CPS for the Admin CA V October 2004 Update V0.2 Update regarding BRCA2 Introduction Gov AA V januari 2012 Update, minor corrections 2 Government CA - Government AA Certification Practice Statement 5 / 54

6 2. Acknowledgments This Government CA - AA 1 CPS 2 describes certification practices for digital certificates issued for the Belgian government applications or government platforms. These certification practices are compliant with the following standards: RFC 2527: Internet X.509 Public Key Infrastructure _ Certificate Policies and Certification Practices Framework, RFC 3280: Internet X.509 Public Key Infrastructure - Certificate and CRL Profile. RFC 2560: X.509 Internet Public Key Infrastructure - Online Certificate Status Protocol - OCSP ETSI TS : Policy requirements for certification authorities issuing public key certificates (Normalised level only). The ISO standard on security and infrastructure. 1 CA = Certification Authority 2 Certification Practice Statement 2 Government CA - Government AA Certification Practice Statement 6 / 54

7 3. Introduction This Certification Practice Statement (hereinafter, CPS) of the Government CA and Government AA (hereinafter, the GCA-AA) applies to all certification services provided in the context of the GCA-AA. Together with this CPS other documents may have to be taken into account. These documents will be available through the CA repository at: This CPS complies with the formal requirements of Internet Engineering Task Force (IETF) RFC 2527, version 12 July 2001 with regard to format and content. While certain section titles are included according to the structure of RFC 2527, the topic may not necessarily apply in the implementation of the certification services of the GCA-AA. Such sections are denoted as Section not applicable. Minor editorial changes of RFC 2527 prescriptions have been inserted in this CPS to better adapt the structure of RFC 2527 to the needs of this application domain. The CPS addresses in detail the technical, procedural and organisational policies and practices of the GCA-AA with regard to all certification services it provides and during the complete lifetime of certificates issued by the GCA-AA Further information with regard to this CPS and the GCA-AA can be obtained from the GCA-AA itself in the following address, attn. Fedict, Legal Practices, Rue Marie-Thérèse 1-3 B-1000 Brussels, BELGIUM. Important note regarding the Belgium Root PKI infrastructure Starting from 2008 an additional Belgium Root Certification Authority (BRCA) has been introduced in the eid PKI environment. This Belgium Root Certification Authority2 (BRCA2) is necessary in order to continue to issue certificates after 26th of October As of this date it is impossible to issue certificates under the initial BRCA. This CPS is applicable for Government CA & Government AA under both BRCA s. References to the BRCA in this document are applicable to both BRCA s unless clearly stated. In order to overcome any misunderstanding regarding which BRCA is referred to, the following convention is used: When referring to the first BRCA it will be describe as BRCA(1), the number 1 is set between brackets as the real name of this BRCA does not contain the number 1. When referring in this document to the second BRCA it will be describe as BRCA2. With the introduction of the BRCA2 a new set of OID numbers is used to clearly identify the difference between the BRCA(1) and BRCA2. For technical details regarding the BRCA certificates we refer to CHAPTER 7. CERTIFICATE AND CRL PROFILES in CPS of the Belgium ROOT CA. This can be found at 3.1 Overview A certification practice statement (CPS) is a unilateral declaration of the practices that a Certification Authority complies with when it provides certification services. A CPS is a comprehensive description 2 Government CA - Government AA Certification Practice Statement 7 / 54

8 of how the CA makes its services available. This CPS is intended to be used within the CA domain 3 to the exclusion of any other. The CPS aims at delimiting the GCA-AA domain of providing certification services to entities within the governmental context. This CPS also outlines the relationship between the Government Certification Authority (GCA-AA) and other CAs within the Belgian Government PKI hierarchy such as the Belgium Root Certification Authority (BRCA) 4. It also describes the relationship between the Government CA and the other organisations involved in the delivery of the certificates for the Belgian Electronic Identity Cards Infrastructure. The organisation issuing certificates is called Certification Authority (CA), the organisation in charge of the identification of the person applying for a certificate is called Registration Authorities (RA). The role of the RA can be delegated to a LRA. Although the function of the issuer of the certificates and the registration authority coincide on the same entity within the Belgian Public Administration, from a systematic viewpoint they both fulfil different roles to meet different requirements. For example, only the RA and the LRA can request the GCA-AA to issue a certificate. This CPS also provides operational guidelines for all the civil servants responsible for the infrastructure of the Belgian Electronic ID cards. This CPS provides operational guidelines to other CAs, such as the BRCA, that belong to the PKI hierarchy of the Belgian State within the legal framework for electronic signatures and electronic identity cards in Belgium. This CPS describes the relationships between the GCA-AA and all other entities that retain an organisational link with the GCA-AA such as suppliers of services. The Belgian State acquires these services through appropriate agreements concluded with these third party suppliers. Finally in an accreditation and supervisory perspective this CPS provides guidance to supervising authorities, accreditation bodies, accredited auditors etc with regard to the practices. This CPS is made available on-line in the Repository of the issuing CA under The GCA-AA accepts comments regarding this CPS addressed to: or by post to, attn. Fedict, Legal Practices, Rue Marie-Thérèse 1-3 B-1000 Brussels BELGIUM. 3.2 eid hierarchy To use the Belgian eid card to its full extent, it is required to ensure both the citizen s identity and the identity of the Belgian State technical infrastructure and applications. It is, therefore, required to use multiple types of certificates beyond the eid citizen certificates. The GCA-AA belongs to a broader domain of CAs of the Belgian State. To facilitate the building of trust among the various participating CAs, the Belgian State has set up a CA hierarchy. In this hierarchy, there is a Belgium Root CA (BRCA) that has as purpose amongst others to build trust in the various CAs within the government domain. The BRCA has certified each of the private keys of the CAs in the government domain including the GCA-AA. By validating the certificate of such a CA, the trust in the BRCA can also be applied to the CA it has certified. To the extent that the BRCA is trusted, a certificate issued by the GCA-AA can be trusted as well. Trust in BRCA within software applications is also ascertained through root sign carried out by a third party provider, whose root has widely been embedded in application software. The BRCA operates under practices published in a dedicated CPS available at 3 The CA domain is the area of competence of the CA to provide certification services. This means the CA domain does for instance not include the applications using the certificates, etc. 4 The BRCA is the CA that has certified the Government CA. Trust in the BRCA, automatically implies that verification of the certificate of the Government CA may take place, hence resulting implicitly in trusting the Government CA. 2 Government CA - Government AA Certification Practice Statement 8 / 54

9 Trust in the certificates issued by the GCA-AA can be verified as follows: 1. Trusted path building. The certificate is checked on whether it has been issued by the GCA-AA. Pursuant to that, the GCA-AA certificate is checked on whether it has been indeed issued by the BRCA. When the result of these controls is positive Trust from the BRCA can be cascaded via the GCA-AA certificate to the end entity certificate. 2. Verification of the BRCA certificate. Generally the BRCA certificate is indicated in the application s certificate store as a trusted certificate. In the unlikely case that an end user is warned that the BRCA certificate is not valid anymore, it is sufficient that the end user removes the BRCA certificate from the certificate store to exclude that domain from its trusted ones to ascertain that this part of the verification fails. 3. Verification of the GCA-AA certificate can be ascertained by taking the following steps: 3.1. Check of the validity of the GCA-AA certificate (e.g. check expiration date) 3.2. Check of the status of the GCA-AA certificate (e.g. check the suspension or revocation state). 4. Verification of the end entity certificate can be ascertained by taking the following steps: 4.1. Check of the validity of the end entity certificate (e.g. check that its validity period is not expired) Check of the status of the end entity certificate (e.g. check the suspension or revocation state). Generally most or all of these operations are performed automatically by the application that uses the certificates requiring minimal or no end user interaction. The Trust hierarchy of the certificates follows 1. A small hierarchy for which all the required information to validate the eid citizen certificates offline can be stored in the card. 2. A high preference for automated trust in certificates issued by the Belgian State infrastructure without requiring end-user intervention, which allows, however, online verification. This more complex hierarchy is described in figure 1 below: 2 Government CA - Government AA Certification Practice Statement 9 / 54

10 Figure 1: Government CA & AA hierarchy To meet both requirements, the Government CA hierarchy consists of a combination of a two-layered and a three-layered model. The two-layer model is used for the validation of the eid citizen certificates in an off-line mode not further relevant for the GCA-AA. In the two-layered model the eid Citizen CA and the Self-Signed Belgium Root CA 5 form a hierarchy, which in an off-line mode allows validating the eid Citizen signing and authentication certificates. In the three-layered model the GCA-AA, is signed by the Belgium Root CA (BRCA) which is signed by the GlobalSign Top Root CA form a CA hierarchy. This approach allows the automated validation within the most widely used applications, e.g. browsers; because these browsers have already embedded the GlobalSign Top Root CA certificate and they list it as a trusted one. Just as the GCA- AA inherits trust from the BRCA, the BRCA inherits trust from the GlobalSign Top Root CA. This threelayered model eliminates the need to individually import the Self-Signed Belgium Root CA certificate. Because both the Self-Signed Belgium Root CA and the Belgium root signed Root CA share the same key pair albeit using two different certificates, a certificate signed by the private key of that key pair can be validated with both Belgium Root certificates. In most case the application builder will have foreseen one of both models to be used, and the end user will not have to choose between the two models. 5 A self-signed certificate is a certificate signed with the private key of the certified entity itself. Since there is no trust point higher above in the Trust hierarchy, no trust can be build on that certificate or any of the certificates that are lower in the hierarchy if that self-signed certificate is not trusted. This, however, is a case that very rarely might occur. 2 Government CA - Government AA Certification Practice Statement 10 / 54

11 3.3 Document Name and Identification This CPS can also be identified by any party through the following OIDs 6 : Certificate Type OID Belgium Root CA (1) PKI BRCA(1) Government CA certificate Server Certificate Applications Certificate Persons certificate Government AA certificate Identity Provider Certificate Belgium Root CA 2 PKI - BRCA2 Government CA certificate Server Certificate Applications Certificate Persons certificate Government AA certificate Identity Provider Certificate PKI participants Several parties make up the participants of this PKI hierarchy. The parties mentioned hereunder including all CAs, the RAs, LRAs, the subscribers and relying parties are collectively called PKI participants Certification Authority A Certification Authority is an organisation that issues digital certificates. In the GCA-AA domain, Belgian federal government acts as the CA also called in this CPS GCA-AA. The actual certification operations including issuance, certificates status, and repository services are delegated to private contractual parties operating on behalf of the Belgian State. These parties carrying out services on behalf of the GCA-AA are mentioned hereinafter as the GCA-AA operator. The GCA-AA operator operates within a grant of authority for issuing GCA-AA end-entity certificates. This grant has been provided by the Belgium Root Certification Authority (BRCA). The GCA-AA ensures the availability of all services pertaining to the certificates, including the issuing, revocation, status verification, as they may become available or required in specific applications. The GCA-AA is established in Belgium. It can be contacted at the address published elsewhere in this CPS. To deliver CA services including the issuance, suspension, revocation, renewal, status verification of certificates, the CA operates a secure facility and provides for a disaster recovery facility in Belgium. In specific the CA s domain of responsibility comprises the overall management of the certificate lifecycle including: 1. Issuance 2. Suspension/Unsuspension 6 Object Identifier 2 Government CA - Government AA Certification Practice Statement 11 / 54

12 3. Revocation 4. Status verification (Certificate Status Service) 5. Directory service The root sign provider The root sign provider ensures Trust in BRCA in widely used applications. The root sign provider ensures that its root remains trusted by such applications and notifies PKI participants of any event affecting Trust to its own root Registration Authorities and Local Registration Authorities Belgian Federal Government is the Registration Authority (RA) within the GCA-AA domain. The RA may decide upon the issuance, suspension and revocation of a certificate under this CPS. The RA may appoint a third party to further carry out RA tasks within the GCA-AA domain. This third party is called a Local Registration Authority (LRA). The RA submits the necessary data for the generation and revocation of the certificates to the GCA- AA operator. The RA registers and verifies the subscriber data and the identity of the subscriber. The RA interacts indirectly with the subscriber and directly with the GCA-AA to deliver PKI services. In specific, the RA: Validate the identity of the subscriber during the certificate issuance procedure. Follow the procedures to complete the registration file, including the electronic PKCS#10 certificate request. Validate the registration file and requesting the GCA-AA to issue a certificate based on the electronic PKCS#10 request. Initiate the process to issue a certificate and request a certificate revocation from the GCA-AA Deliver the certificates to the subscriber. The RA supplies the GCA-AA with the necessary data to enable it construct the certificates. For each certificate the RA supplies the PKCS#10 requests including the public key as generated by the subscriber. All communications between the LRA, RA, GCA-AA and GCA-AA operator regarding any phase of the life cycle of certificates is secured with PKI based encryption and signing techniques, to ensure confidentiality and mutual authentication. This includes communications containing certificate requests, issuance, suspension, un-suspension and revocation Subscribers The Subscribers of the CA services in the GCA-AA domain are entities including natural or legal persons in a governmental context whose identity and public key are certified in the certificates. In case of a legal person, the requester is normally a legal representative of the requesting organisation or department. The Subscribers: : Are identified Hold the private keys corresponding to the respective public keys that are listed in their respective certificates. 2 Government CA - Government AA Certification Practice Statement 12 / 54

13 3.4.4 Relying Parties Relying parties are entities including natural or legal persons that rely on a certificate and/or a digital signature verifiable with reference to a public key listed in the certificate. To verify the validity of a digital certificate they receive, relying parties must always verify with a CA Validation Service (e.g. OCSP, CRL, delta CRL, web interface) prior to relying on information featured in a certificate. 3.5 Certificate usage Certain limitations apply to the usage of the GCA-AA end-entity certificates. The SSL Server certificates are used for server authentication and encryption only. The applications on these servers can be used for public available services towards organisations, citizens or professionals or to secure the communication with the different government servers and/or platforms. Application Certificate can be used for object signing for Belgian Government applications. The Person certificate is a non-repudiation certificate used by natural or legal person interacting with Belgian Government applications for data signing and data encryption. The Identifier certificate is used for SAML responder in Belgian Government applications. 3.6 Policy Administration Policy administration is reserved to the RA. Policy Administration can be contacted in the following address: attn. Fedict, Legal Practices, Rue Marie-Thérèse 1-3 B-1000 Brussels BELGIUM. 3.7 Definitions and acronyms Lists of definitions and acronyms can be found at the end of this CPS. 4. Publication and Repository Responsibilities The GCA-AA publishes information about the digital certificates it issues in (an) online publicly accessible repository (ies) under the Belgian Internet Domain. The GCA-AA retains an online repository of documents where it makes certain disclosures about its practices, procedures and the content of certain of its policies including its CPS, which will be accessible at The GCA-AA reserves its right to make available and publish information on its policies by any means it sees fit. PKI participants are notified that the GCA-AA may publish information they submit directly or indirectly to the GCA-AA on publicly accessible directories for purposes associated with the provision of electronic certificate status information. The GCA-AA publishes digital certificate status information in frequent intervals as indicated in this CPS. The GCA-AA sets up and maintains a repository of all certificates it has issued. This repository also indicates the status of a certificate issued. 2 Government CA - Government AA Certification Practice Statement 13 / 54

14 The GCA-AA publishes CRLs 7 at regular intervals at The GCA-AA publishes delta CRLs containing any changes since the publication of the previous CRL or delta CRL, at regular intervals. Any newly published CRL includes all updates of the delta CRLs, published until then. The GCA-AA makes available an OCSP 8 server at pki.belgium.be that provides notice on the status of a certificate, issued by the GCA-AA upon request from a relying party, in compliance with IETF RFC The status of any certificate listed in a CRL or delta CRL, must be consistent with the information, delivered by the OCSP server. The GCA-AA maintains the CRL distribution point and the information on this URL until the expiration date of all certificates, containing the CRL distribution point. Approved versions of documents to be published on the Repository are uploaded within 24 hours. Due to their sensitivity the GCA-AA refrains from making publicly available certain subcomponents and elements of such documents including certain security controls, procedures related with the functioning of inter alia registration authorities, internal security polices etc. Such documents and documented practices are, however, conditionally available to audit to designated parties that the GCA-AA owes duty to. 4.1 Access control on repositories The OCSP service, web interface certificate status verification service, the certificate repository and the CRLs and delta CRLs are publicly available via the Internet. Access restrictions to any of these services include: The RA may exclusively issue general queries on the certificate repository, whereby sets of certificates are delivered as a result of the query. Through the publicly available interface to the certificate repository, only a single certificate can be delivered per query made by any party except of the RA. The CA may take reasonable measures to protect against abuse of the OCSP, Web interface status verification and CRL and delta CRL download services. In particular: The CA may restrict the processing frequency of OCSP requests by a single user to 10 requests per day if the CA can demonstrate that the user is abusing the system. The CA may restrict the processing frequency of Web interface certificate status verification requests by a single user to 10 requests per day. The CA may restrict the successful downloading of a CRL once per week or delta CRL by a single user to 8 per day. 5. Identification and Authentication The RA maintains documented practices and procedures to authenticate the identity and/or other attributes of a certificate applicant. Prior to requesting the issuance of a certificate the RA verifies the identity of the certificate applicant that wants to request a certificate under the Government CA. The RA authenticates the requests of parties wishing the revocation of certificates under this policy. 7 A CRL or Certificate Revocation List is a list issued and digitally signed by a CA that includes revoked and suspended certificates. Such list is to be consulted by relying parties at all times prior to relying on information featured in a certificate. 8 The Online Certificate Status Protocol (RFC 2560) is a real time status information resource used to determine the current status of a digital certificate without requiring CRLs 2 Government CA - Government AA Certification Practice Statement 14 / 54

15 5.1 Naming To identify the CA, the GCA-AA follows certain naming and identification rules that include types of names assigned to the subject, such as X.500 distinguished names RFC-822 names and X.400 names. The GCA-AA does not issue anonymous certificates to subscribers. Names assigned to subscribers of a certificate are unique within the domain of the GCA-AA as they are always used together with a unique sequential number. 5.2 Identity Validation The RA (or LRA) has to verify the identity of the applicant by verifying applicable identity documents. Besides the identity check, the RA (or LRA) has to check if the representative of a legal person is allowed to request certificates. 5.3 Identification and Authentication for Re-key Requests Section not applicable 5.4 Identification and Authentication for Revocation and Suspension Requests Revocation or suspension requires a notification by the subscriber addressed to the RA. Only if the RA is able to verify the identity of the subscriber, the revocation or suspension request gets accepted. Subsequently, the RA forwards promptly all revocation and suspension requests directly to the CA. The RA is the single contact point for the CA to obtain a revocation request. The RA can also based on its own judgement request the suspension or revocation of certificates (e.g. because the information featured in a certificate became invalid and a new certificate will replace the existing one, because the RA has received irrefutable proof of a compromise of the related private key, ). For the identification and authentication procedures of suspension or revocation requests for its subject types the GCA-AA accepts suspension and revocation requests from the RA. Such a request will use dedicated electronic authentication mechanisms. 6. CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS For all entities within the GCA-AA domain including the LRAs, subscribers, relying parties and/or other participants there is a continuous obligation to inform directly or indirectly the RA of all changes in the information featured in a certificate during the operational period of such certificate or of any other fact that materially affects the validity of a certificate. The RA will then take appropriate measures to make sure that the situation is rectified (e.g. ask the GCA-AA for the revocation of the existing certificates and the generation of new certificates with the correct data). 2 Government CA - Government AA Certification Practice Statement 15 / 54

16 The GCA-AA issues, revokes or suspends certificates only at the request of the RA to the exclusion of any other, unless explicitly instructed so by the RA. 6.1 Certificate Application The enrolment process for the end entity certificates is an integral part of the Certificate Policy. 6.2 Certificate Application Processing The RA acts upon a certificate application to validate an applicant s identity as foreseen in the Certificate Policy. The procedures for the validation of an applicant s identity are addressed in the Certificate Policy. Following a certificate application the RA either approves or rejects certificate application. This validation of the applicant s identity can also be delegated to a LRA. If the application is approved the LRA transmits the registration data to the RA. The RA on its own turn either approves or rejects the application. 6.3 Certificate Issuance Following approval of the certificate application the RA sends a certificate issuance request to the GCA-AA. The GCA-AA does not verify the completeness, integrity and uniqueness of the data, presented by the RA, but relies completely on the RA for the correctness of all data. The GCA-AA will generate a unique serial number for the certificate. All requests from the RA are granted approval provided that: They are validly formatted. Use the proper secure communication channel. The GCA-AA verifies the identity of the RA on the basis of credentials presented. The GCA-AA ensures that the issued certificate contains all data that was presented to it in the request of the RA. Following issuance of a certificate, the GCA-AA posts an issued certificate on a Repository. The certificate is thereafter delivered to the subscriber. 6.4 Certificate Acceptance The GCA-AA ensures the data in the certificate are equal to the data in the PKCS#10 request, the Subscriber checks the correctness of the data after receipt of the certificate. The certificate is deemed accepted if no objection is made. 6.5 Key Pair and Certificate Usage The responsibilities relating to the use of keys and certificates include the ones addressed below. 2 Government CA - Government AA Certification Practice Statement 16 / 54

17 6.5.1 Subscriber duties Unless otherwise stated in this CPS, subscriber s duties include the ones below: Having knowledge of and, if necessary, seeking training on using digital certificates and PKI. Reading, understanding and agreeing with all terms and conditions in this CPS and associated policies published in the Repository. Refraining from tampering with a certificate. Only using certificates for legal and authorised purposes in accordance with the CPS. Notifying the RA of any changes in the information submitted. Ceasing to use a certificate if any featured information becomes invalid. Ceasing to use a certificate when it becomes invalid. When invalid, remove administration certificates, from any applications and/or devices they have been installed on. Refraining from using the public key certified in an administration certificate to have it certified again in another certificate. Using a certificate, as it may be reasonable under the circumstances. Preventing the compromise, loss, disclosure, modification, or otherwise unauthorised use of their private key. Request the suspension of a certificate in case of the suspicion of an occurrence that materially affects the integrity of a certificate. Such suspicions include indications of loss, theft, modification, unauthorised disclosure, or other compromise of the private key of the certificate s subject. Request the revocation of a certificate in case of an occurrence that materially affects the integrity of a certificate. Such occurrences include loss, theft, modification, unauthorised disclosure, or other compromise of the private key of the certificate s subject. Obligation to use the key pair for described usage and in accordance with any other limitations notified to the subscriber; Obligation to exercise reasonable care to avoid unauthorised use of the subscriber s private key; Following compromise, the obligation to immediately and permanently discontinue the use of the subject's private key. Obligation to notify without any reasonable delay in case control over the private key has been lost due to compromise of activation data (e.g. PIN code) Relying party duties A party relying on a CA certificate will: Have knowledge on using digital certificates and PKI. Receive notice and adhere to the conditions this CPS and associated conditions for relying parties. Validate a certificate by using a CRL, delta CRL, OCSP or web based certificate validation in accordance with the certificate path validation procedure. Trust a certificate only if it has not been suspended or revoked. Rely on a certificate, as may be reasonable under the circumstances. 6.6 Certificate Renewal The subscriber is responsible for requesting a new certificate before the expiration date of the certificate. 2 Government CA - Government AA Certification Practice Statement 17 / 54

18 6.7 Certificate Re-key This section is not applicable. 6.8 Certificate Modification Section not applicable. 2 Government CA - Government AA Certification Practice Statement 18 / 54

19 6.9 Certificate Revocation and Suspension Upon request from the RA the GCA-AA suspends or revokes a digital certificate. The RA requests promptly the revocation of a certificate after: Having received notice by the subscriber that there has been a loss, theft, modification, unauthorised disclosure, or other compromise of the private key of the certificate s subject. There has been a modification of the information contained in the certificate of the certificate s subject. The performance of an obligation of the RA under this CPS is delayed or prevented by a natural disaster, computer or communications failure, or other cause beyond the person's reasonable control, and as a result, another person s information is materially threatened or compromised. The GCA-AA revokes a suspended certificate after a period of one week if it does not receive in the meantime notification from the RA to unsuspend the certificate. The CA notifies the RA of all revocations made. Relying parties must use on line resources that the GCA-AA makes available through its repository to check the status of certificates before relying on them. The GCA-AA updates OCSP, the Web interface certification status verification service, CRLs and delta CRLs accordingly. CRLs are updated at each certificate revocation The GCA-AA grants access to OCSP resources and a web site to which status inquiries can be submitted. Relying parties must comply with the GCA-AA policy and in specific with relying party obligations as published in this CPS to be found in the GCA-AA Repository Term and Termination of Suspension and Revocation Suspension may last for a maximum of seven calendar days in order to establish the conditions that caused the request for suspension. Following negative evidence of such conditions the subscriber may request to re-activate (unsuspension of) the end entity certificate on the following conditions: The subscriber has ascertained without any doubt that his suspicion that there has been a loss, theft, modification, unauthorised disclosure, or other compromise of the private key of the certificate was incorrect. No other reasons exist to doubt the reliability and confidentiality of the private key of the certificate. To request the unsuspension of the certificate, the subscriber must contact the RA. The RA requests promptly the unsuspension of a certificate after: Having received notice by the subscriber that a suspicion that there has been a loss, theft, modification, unauthorised disclosure, or other compromise of the private key of a end entity certificate was undoubtedly incorrect. The suspicion has proven undoubtedly incorrect that another person s information would be materially threatened or compromised due to the fact that the performance of an obligation of the RA under this CPS was delayed or prevented by a natural disaster, computer or communications failure, or other cause beyond the person's reasonable control. Upon request from the RA the GCA-AA suspends or revokes a end entity certificate. 2 Government CA - Government AA Certification Practice Statement 19 / 54

20 The GCA-AA automatically revokes a suspended certificate after a period of one week if it does not receive in the meantime notification from the RA to unsuspend the certificate. The GCA-AA notifies the RA of all revocations made. The GCA-AA publishes notices of suspended or revoked certificates in the Repository Certificate Status Services The GCA-AA makes available certificate status checking services including CRLs, delta CRLs, OCSP and appropriate Web interfaces. CRL, delta CRLs A delta CRL lists additions since the publishing of the last base CRL. OCSP CRLs and delta CRLs are signed and time-marked by the GCA-AA. The GCA-AA makes all CRLs and delta CRLs issued in the previous 12 months available on its Website. The OCSP service of the GCA-AA is cascaded with the OCSP service of the BRCA. Web interface for status verification service A simple web interface for status verification services allows a user to obtain status information on a certificate End of Subscription This section is not applicable Key Escrow and Recovery Key escrow and recovery are not allowed. 2 Government CA - Government AA Certification Practice Statement 20 / 54

21 7. MANAGEMENT, OPERATIONAL, AND PHYSICAL CONTROLS This section describes non-technical security controls used by the GCA-AA operator to perform the functions of subject authentication, certificate issuance, certificate revocation, audit, and archival. 7.1 Physical Security Controls The GCA-AA operator implements physical controls on its own premises. The GCA-AA operator s physical controls include the following: The GCA-AA operators secure premises are located in an area appropriate for high-security operations. These premises feature numbered zones and locked rooms, cages, safes, and cabinets. Physical access is restricted by implementing mechanisms to control access from one area of the facility to another or access into high-security zones, such as locating CA operations in a secure computer room physically monitored and supported by security alarms and requiring movement from zone to zone to be accomplished using a token and access control lists. Power and air conditioning operate with a high degree of redundancy. Premises are protected from any water exposures. The GCA-AA operator implements prevention and protection as well as measures against fire exposures. Media are stored securely. Backup media are also stored in a separate location that is physically secure and protected from fire and water damages. To prevent unwanted disclosure of sensitive data waste is disposed of in a secure manner. The GCA-AA operator implements a partial off-site backup. The sites of the GCA-AA operator host the infrastructure to provide the CA services. The GCA-AA operator sites implement proper security controls, including access control, intrusion detection and monitoring. Access to the sites is limited to authorized personnel listed on an access control list, which is subject to audit. Strict access control is enforced to all areas containing highly sensitive material and infrastructure including material and infrastructure pertaining to signing certificates, CRLs and delta CRLs, OCSP and archives. 7.2 Procedural Controls The GCA-AA operator follows personnel and management practices that provide reasonable assurance of the trustworthiness and competence of the members of the staff and of the satisfactory performance of their duties in the fields of electronic signature-related technologies. 2 Government CA - Government AA Certification Practice Statement 21 / 54

22 The GCA-AA operator obtains a signed statement from each member of the staff on not having conflicting interests with the CA, maintaining confidentiality and protecting personal data. All members of the staff operating the key management operations, administrators, security officers, and system auditors or any other operations that materially affect such operations are considered as serving in a trusted position. The GCA-AA operator conducts an initial investigation of all members of staff who are candidates to serve in trusted roles to make a reasonable attempt to determine their trustworthiness and competence. Where dual control is required at least two trusted members of the GCA-AA staff need to bring their respective and split knowledge in order to be able to proceed with the ongoing operation. The GCA-AA operator ensures that all actions with respect to the GCA-AA can be attributed to the system of the GCA-AA and the member of the GCA-AA staff that has performed the action. For critical GCA-AA functions the GCA-AA implements dual control. The GCA-AA separates among the following discreet work groups: GCA-AA operating personnel that manages operations on certificates. Administrative personnel to operate the platform supporting the GCA-AA. Security personnel to enforce security measures. 7.3 Personnel Security Controls The GCA-AA operator implements certain security controls with regard to the duties and performance of the members of its staff. These security controls are documented in a policy and include the areas below Qualifications, Experience, Clearances The GCA-AA operator performs checks to establish the background, qualifications, and experience needed to perform within the competence context of the specific job. Such background checks include: Criminal convictions for serious crimes. Misrepresentations by the candidate. Appropriateness of references. Any clearances as deemed appropriate Background Checks and Clearance Procedures The GCA-AA operator makes the relevant checks to prospective employees by means of status reports issued by a competent authority, third-party statements or signed self-declarations Training Requirements and Procedures The GCA-AA operator makes available training for their personnel to perform their GCA-AA functions Retraining Period and Retraining Procedures Periodic training updates might also be carried out to establish continuity and updates in the knowledge of the personnel and procedures. 2 Government CA - Government AA Certification Practice Statement 22 / 54

23 7.3.5 Job Rotation This section is not applicable Sanctions against Personnel The GCA-AA operator sanctions personnel for unauthorized actions, unauthorized use of authority and unauthorized use of systems for the purpose of imposing accountability on the GCA-AA operator personnel, as it might be appropriate under the circumstances Controls of independent contractors Independent GCA-AA operator subcontractors and their personnel are subject to the same background checks as the GCA-AA operator personnel. The background checks include: Criminal convictions for serious crimes. Misrepresentations by the candidate. Appropriateness of references. Any clearances as deemed appropriate. Privacy protection. Confidentiality conditions Documentation for initial training and retraining The GCA-AA operator makes available documentation to personnel, during initial training, retraining, or otherwise. 7.4 Audit Logging Procedures Audit logging procedures include event logging and systems auditing, implemented for the purpose of maintaining a secure environment. The GCA-AA operator implements the following controls: The GCA-AA event logging system records events that include but are not limited to: Issuance of a certificate. Revocation of a certificate. Suspension of a certificate. Publishing of a CRL or delta CRL. The GCA-AA operator audits all event-logging records. Audit trail records contain: The identification of the operation. The data and time of the operation. The identification of the certificate, involved in the operation. The identity of the transaction requestor. In addition, the GCA-AA operator maintains internal logs and audit trails of relevant operational events in the infrastructure, including, but not limited to: Start and stop of servers. Outages and major problems. Physical access of personnel and other persons to sensitive parts of the GCA-AA site. Back-up and restore. Report of disaster recovery tests. Audit inspections. Upgrades and changes to systems, software and infrastructure. 2 Government CA - Government AA Certification Practice Statement 23 / 54

24 Security intrusions and attempts at intrusion. Other documents that are required for audits include: Infrastructure plans and descriptions. Physical site plans and descriptions. Configuration of hardware and software. Personnel access control lists. The GCA-AA operator ensures that designated personnel reviews log files at regular intervals and detects and reports anomalous events. Log files and audit trails are archived for inspection by the authorized personnel of the GCA-AA, the RA and designated auditors. The log files should be properly protected by an access control mechanism. Log files and audit trails are backed up. Auditing events are not given log notice. Audit logging procedures include event logging and systems auditing, implemented for the purpose of maintaining a secure environment. The RA (LRA if LRA performs the RA tasks) implements the following controls. Audit trail records contain: The identification of the operation. The data and time of the operation. The identification of the certificate, involved in the operation. The identity of the transaction requestor. Other documents that are required for audits include: Configuration of hardware and software. Personnel access control lists. The RA (LRA if LRA performs the RA tasks) ensures that designated personnel reviews log files at regular intervals and detects and reports anomalous events. Log files and audit trails are archived for inspection by the authorized personnel of the LRA. The log files should be properly protected by an access control mechanism. Log files and audit trails are backed up. Auditing events are not given log notice. The RA (LRA if LRA performs the RA tasks) keeps internal records of the following items: Audit trails for a period of a minimum of 30 years on the identification of the certificate applicant Audit trails for a period of a minimum of 30 years on the requests to issue certificates and on the requests for revocation of certificates Audit trails for a period of a minimum of 30 years on the delivery of the certificates to the subscribers The RA (LRA if LRA performs the RA tasks) keeps archives in a retrievable format. The RA (LRA if LRA performs the RA tasks) ensures the integrity of the physical storage media and implements proper copying mechanisms to prevent data loss. Archives are accessible to authorized personnel of the RA (LRA if LRA performs the RA tasks). 2 Government CA - Government AA Certification Practice Statement 24 / 54

Citizen CA Certification Practice statement

Citizen CA Certification Practice statement Citizen CA Certification Practice statement OID: 2.16.56.1.1.1.2.2 OID: 2.16.56.1.1.1.2.1 VERSION: 1.1 1/56 Table of Contents 1 INTRODUCTION 5 1.1 PRELIMINARY WARNING 5 1.1.1 Trusted Entities ruled by

More information

Belgium Root CA. Certification Practice Statement

Belgium Root CA. Certification Practice Statement PKI Belgium Belgium Root CA Certification Practice Statement 2.16.56.1.1.1 2.16.56.9.1.1 PKI Belgium Belgium Root CA - Certification Practice Statement 1 / 47 Document Control and References Copyright

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

Vodafone Group CA Web Server Certificate Policy

Vodafone Group CA Web Server Certificate Policy Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name

More information

[COMPANY CA] Certification Practice Statement

[COMPANY CA] Certification Practice Statement Certification Practice Statement Date: [PUBLICATION DATE] Version: v. X.X Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...3 1.2

More information

GlobalSign CA Certificate Policy

GlobalSign CA Certificate Policy GlobalSign CA Certificate Policy Date: December 17 th 2007 Version: v.3.0 Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...4 1.1.1 GlobalSign Rootsign...5 1.1.2

More information

Vodafone Group CA Automated Code- Signing Certificate Policy

Vodafone Group CA Automated Code- Signing Certificate Policy Vodafone Group CA Automated Code- Signing Certificate Policy Publication Date: 05/05/09 Copyright 2009 Vodafone Group Table of Contents Acknowledgments...1 1. INTRODUCTION...2 1.1 Overview...3 1.2 Document

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc. THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Equens Certificate Policy

Equens Certificate Policy Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3.

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3. California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority Version 3.4 April 2015 Table of Contents 1.0 INTRODUCTION... 8 1.1 OVERVIEW... 8 1.2

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT

More information

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised

More information

VeriSign Trust Network Certificate Policies

VeriSign Trust Network Certificate Policies VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT

More information

KIBS Certification Practice Statement for non-qualified Certificates

KIBS Certification Practice Statement for non-qualified Certificates KIBS Certification Practice Statement for non-qualified Certificates Version 1.0 Effective Date: September, 2012 KIBS AD Skopje Kuzman Josifovski Pitu 1 1000, Skopje, Republic of Macedonia Phone number:

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE. 2015 Notarius Inc.

CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE. 2015 Notarius Inc. CERTIFICATION POLICY QUEBEC CERTIFICATION CENTRE 2015 Notarius Inc. Document Version: 4.5 OID: 2.16.124.113550 Effective Date: July 17, 2015 TABLE OF CONTENTS 1. GENERAL PROVISIONS...8 1.1 PURPOSE...8

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

Fraunhofer Corporate PKI. Certification Practice Statement

Fraunhofer Corporate PKI. Certification Practice Statement Fraunhofer Corporate PKI Certification Practice Statement Version 1.1 Published in June 2012 Object Identifier of this Document: 1.3.6.1.4.1.778.80.3.2.1 Contact: Fraunhofer Competence Center PKI Fraunhofer

More information

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...

More information

epki Root Certification Authority Certification Practice Statement Version 1.2

epki Root Certification Authority Certification Practice Statement Version 1.2 epki Root Certification Authority Certification Practice Statement Version 1.2 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1 1.1.1 Certification Practice Statement...

More information

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) [Draft] Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) Version: 1.00 August, 2015 Bangladesh Bank Page 2 of 42 Document Reference Title Document Type Bangladesh Bank

More information

Symantec Trust Network (STN) Certificate Policy

Symantec Trust Network (STN) Certificate Policy Symantec Trust Network (STN) Certificate Policy Version 2.8.5 Effective Date: September 8, 2011 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 http//:www.symantec.com

More information

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Version 2.2 Document OID: 1.3.6.1.4.1.36355.2.1.2.2 February 2012 Contents

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Trusted Certificate Service

Trusted Certificate Service TCS Server and Code Signing Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service TCS Server CAs, escience Server CA, and Code Signing CA Certificate Practice Statement Version 2.0

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

EuropeanSSL Secure Certification Practice Statement

EuropeanSSL Secure Certification Practice Statement EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE

More information

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the

More information

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 - X.509 PKI EMAIL SECURITY GATEWAY Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 Commerzbank AG - Page 1 Document control: Title: Description : RFC Schema: Authors: Commerzbank

More information

Advantage Security Certification Practice Statement

Advantage Security Certification Practice Statement Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :

More information

Symantec External Certificate Authority Key Recovery Practice Statement (KRPS)

Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Version 2 24 April 2013 (Portions of this document have been redacted.) Symantec Corporation 350 Ellis Street Mountain View,

More information

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None CERTIFICATION PRACTICE STATEMENT Document version: 1.2 Date: 15 September 2007 OID for this CPS: None Information in this document is subject to change without notice. No part of this document may be copied,

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012 Certipost Trust Services Version 1.2 Effective date 03 May 2012 Certipost NV ALL RIGHTS RESERVED. 2 13 Definitions : Activation Data Certificate Certificate Holder Certificate Public Registry Certificate

More information

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates)

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates) (CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014 1. INTRODUCTION... 10 1.1. Overview... 10 1.2. Document Name and Identification... 11 1.3. Participants...

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4

More information

American International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2

American International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2 American International Group, Inc. DNS Practice Statement for the AIG Zone Version 0.2 1 Table of contents 1 INTRODUCTION... 6 1.1 Overview...6 1.2 Document Name and Identification...6 1.3 Community and

More information

Version 2.4 of April 25, 2008

Version 2.4 of April 25, 2008 TC TrustCenter GmbH Certificate Policy for SAFE NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certificate Policy is published in conformance with international

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized

More information

Version 3.0. Effective Date: 15 october, 2008

Version 3.0. Effective Date: 15 october, 2008 Getronics Version 3.0 Effective Date: 15 october, 2008 Getronics Nederland B.V. Fauststraat 1 P.O. Box 9105 7300 HN Apeldoorn The Netherlands Phone: +31 (0)20 570 4511 http://www.pki.getronicspinkroccade.nl

More information

SSL.com Certification Practice Statement

SSL.com Certification Practice Statement SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com

More information

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00 Registration Practices Statement Grid Registration Authority Approved December, 2011 Version 1.00 i TABLE OF CONTENTS 1. Introduction... 1 1.1. Overview... 1 1.2. Document name and Identification... 1

More information

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document

More information

GENERAL PROVISIONS...6

GENERAL PROVISIONS...6 Preface This Key Recovery Policy (KRP) is provided as a requirements document to the External Certification Authorities (ECA). An ECA must implement key recovery policies, procedures, and mechanisms that

More information

CERTIFICATE POLICY KEYNECTIS SSL CA

CERTIFICATE POLICY KEYNECTIS SSL CA CERTIFICATE POLICY KEYNECTIS SSL CA Date: 05/02/2009 KEYNECTIS SSL CA CERTIFICATE POLICY Subject: KEYNECTIS SSL CA Certificate Policy Version number: 1.1 Number of pages: 49 Status of the Project Final

More information

X.509 Certificate Policy for India PKI

X.509 Certificate Policy for India PKI X.509 Certificate Policy for India PKI Version 1.4 May 2015 Controller of Certifying Authorities Department of Information Technology Ministry of Communications and Information Technology Document Control

More information

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 Certificate Policy KEYNECTIS SSL CA CP Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 KEYNECTIS SSL CA CP Version 1.2 Pages 51 Status Draft Final Author Emmanuel Montacutelli OpenTrust

More information

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...

More information

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY The Boeing Company Boeing Commercial Airline PKI Basic Assurance CERTIFICATE POLICY Version 1.4 PA Board Approved: 7-19-2013 via e-mal PKI-233 BCA PKI Basic Assurance Certificate Policy Page 1 of 69 Signature

More information

Certum QCA PKI Disclosure Statement

Certum QCA PKI Disclosure Statement CERTUM QCA PKI Disclosure Statement v1.1 1 Certum QCA PKI Disclosure Statement Version 1.1 Effective date: 1 st of April, 2016 Status: valid Asseco Data Systems S.A. ul. Żwirki i Wigury 15 81-387 Gdynia

More information

EBIZID CPS Certification Practice Statement

EBIZID CPS Certification Practice Statement EBIZID EBIZID CPS Certification Practice Statement Version 1.02 Contents 1 General 7 1.1 EBIZID 7 1.2 Digital Certificates 7 1.3 User Interaction for Selecting a Certification Service 7 1.4 EBIZID Registration

More information

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA) E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA) QUALIFIED CERTIFICATE POLICY AND PRACTICE STATEMENT (CP-CPS) VERSION 1.0 DATE OF ENTRY INTO FORCE : JUNE, 2008 OID 2.16.792.3.0.4.1.1.2 E-TUGRA

More information

ETSI TR 103 123 V1.1.1 (2012-11)

ETSI TR 103 123 V1.1.1 (2012-11) TR 103 123 V1.1.1 (2012-11) Technical Report Electronic Signatures and Infrastructures (ESI); Guidance for Auditors and CSPs on TS 102 042 for Issuing Publicly-Trusted TLS/SSL Certificates 2 TR 103 123

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

Eskom Registration Authority Charter

Eskom Registration Authority Charter REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11

More information

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from

More information

DigiCert Certification Practice Statement

DigiCert Certification Practice Statement DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,

More information

thawte Certification Practice Statement

thawte Certification Practice Statement thawte Certification Practice Statement Version 3.7.5 Effective Date: 4 June, 2012 (All CA/Browser Forum-specific requirements are effective on July 1, 2012) thawte Certification Practice Statement 2012

More information

Visa Public Key Infrastructure Certificate Policy (CP)

Visa Public Key Infrastructure Certificate Policy (CP) Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential

More information

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU

More information

phicert Direct Certificate Policy and Certification Practices Statement

phicert Direct Certificate Policy and Certification Practices Statement phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a

More information

APPLICATION FOR DIGITAL CERTIFICATE

APPLICATION FOR DIGITAL CERTIFICATE Application ID Number (For Official Use only) APPLICATION FOR DIGITAL CERTIFICATE Instructions: 1. Please fill the form in BLOCK LETTERS ONLY. 2. All fields are mandatory. 3. Present one (1) copy and the

More information

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG) Internet Security Research Group (ISRG) Certificate Policy Version 1.0 Updated May 5, 2015 Approved by ISRG Policy Management Authority ISRG Web Site: https://letsencrypt.org Page 1 of 83 Copyright Notice

More information

Transnet Registration Authority Charter

Transnet Registration Authority Charter Registration Authority Charter Version 3.0 is applicable from Effective Date Inyanda House 21 Wellington Road Parktown, 2193 Phone +27 (0)11 544 9368 Fax +27 (0)11 544 9599 Website: http://www.transnet.co.za/

More information

Trustis FPS PKI Glossary of Terms

Trustis FPS PKI Glossary of Terms Trustis FPS PKI Glossary of Terms The following terminology shall have the definitions as given below: Activation Data Asymmetric Cryptosystem Authentication Certificate Certificate Authority (CA) Certificate

More information

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 2.0 Effective Date: 14 April 2015 TABLE OF CONTENTS 1. INTRODUCTION 1.1 Overview 1.2 Document name and identification 1.3 PKI participants 1.3.1

More information

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015 ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document

More information

Trustwave Holdings, Inc

Trustwave Holdings, Inc Trustwave Holdings, Inc Certificate Policy and Certification Practices Statement Version 2.9 Effective Date: July 13, 2010 This document contains Certification Practices and Certificate Policies applicable

More information

PostSignum CA Certification Policy applicable to qualified personal certificates

PostSignum CA Certification Policy applicable to qualified personal certificates PostSignum CA Certification Policy applicable to qualified personal certificates Version 3.0 7565 Page 1/60 TABLE OF CONTENTS 1 Introduction... 5 1.1 Review... 5 1.2 Name and clear specification of a document...

More information

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5 Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1

More information

X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities

X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities Version 5.1 May 2014 Notice to all parties seeking to rely Reliance

More information

Dexia Root CA Certification Practice Statement. Version 1.0

Dexia Root CA Certification Practice Statement. Version 1.0 Dexia Root CA Certification Practice Statement Version 1.0 Version History Version Description Date Author 0.1 Initial Draft 17 September 2001 Jan Raes 0.2 Minor adaptation after review PA 16 October 2001

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

Post.Trust Certificate Authority

Post.Trust Certificate Authority Post.Trust Certificate Authority Certification Practice Statement CA Policy and Procedures Document Issue date: 03 April 2014 Version: 2.7.2.1 Release Contents DEFINITIONS... 6 LIST OF ABBREVIATIONS...

More information

thawte Certification Practice Statement Version 2.3

thawte Certification Practice Statement Version 2.3 thawte Certification Practice Statement Version 2.3 Effective Date: July, 2006 thawte Certification Practice Statement 2006 thawte, Inc. All rights reserved. Printed in the United States of America. Revision

More information

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

Trusted Certificate Service (TCS)

Trusted Certificate Service (TCS) TCS Personal and escience Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service (TCS) TCS Personal CA, escience Personal CA, and Document Signing CA Certificate Practice Statement

More information

SECOM Trust.net Root1 CA

SECOM Trust.net Root1 CA CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT May 22, 2006 Version 2.00 SECOM Trust Systems Co.,Ltd. Revision History Version Date Description V1.00 2003.08.01 Initial Draft (Translated from Japanese

More information

BUYPASS CLASS 3 SSL CERTIFICATES Effective date: 11.06.2013

BUYPASS CLASS 3 SSL CERTIFICATES Effective date: 11.06.2013 CERTIFICATE POLICY BUYPASS CLASS 3 SSL CERTIFICATES Effective date: 11.06.2013 PUBLIC Version: 2.0 Document date: 11.05.2013 Buypass AS Nydalsveien 30A, PO Box 4364 Nydalen Tel.: +47 23 14 59 00 E-mail:

More information

X.509 Certification Practice Statement for the Australian Department of Defence

X.509 Certification Practice Statement for the Australian Department of Defence X.509 Certification Practice Statement for the Australian Department of Defence Version 5.1 December 2014 Document Management This document is controlled by: Changes are authorised by: Defence Public Key

More information