X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities"

Transcription

1 X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities Version 5.1 May 2014

2 Notice to all parties seeking to rely Reliance on a Certificate issued under this Certificate Policy, identified by subarcs of the object identifier for DRCA CP and for any Sub CA that is signed by the DRCA, is only permitted as set forth in this document. Use of this document constitutes acceptance of the terms and conditions set out in this document. The acceptance of a Certificate by a Relying Party for a prohibited purpose is at the Relying Party s risk. Engaging in a prohibited Certificate use is a breach of this Certificate Policy and Defence disclaims any and all liability in such circumstances. The conditions applicable to each type of Defence Certificate will vary. Document Management This document is controlled by: Changes are authorised by: The Defence Public Key Infrastructure Policy Board Defence Public Key Infrastructure Policy Board; and Gatekeeper Competent Authority Change History Signatures Version Issue Date Description/ Amendment Changed by May 2007 Initial Release GJF 3.0 Nov 2011 Released (Minor amendments, hard tokens, PIV and CCEB compliance) Dec 2011 Updated for OCSP Verizon Business 3.2 May 2012 Updated for TSS, ACP185, OCSP 3.3 June 2012 AGIMO & AGS review. Minor amendments 4.0 July 2012 Released SJP 5.0 May 2014 Review and update for release 5.1 May 2014 Added SHA2 references CG Appointment Organisation Signature DPKIPB Chair Dept. of Defence SJP AKK AKK CDMC Ops Man Gatekeeper Competent Authority Dept. of Finance DRCA & Sub CA CP, Version 5.1 ii

3 Contents 1. INTRODUCTION Overview Document name and identification PKI participants Certification authorities Registration authorities Subscribers Relying Parties Other participants Certificate usage Appropriate certificate uses Prohibited certificate uses Policy administration Organisation administering the document Contact person Authority determining CPS suitability for the policy CPS approval procedures Definitions, acronyms and interpretation PUBLICATION AND REPOSITORY RESPONSIBILITIES Repositories Publication of certification information Time or frequency of publication Access controls on repositories IDENTIFICATION AND AUTHENTICATION Naming Types of names Need for names to be meaningful Anonymity or pseudonymity of Subscribers Rules for interpreting various name forms Uniqueness of names Recognition, authentication, and role of trademarks Initial identity validation Method to prove possession of private key Authentication of Organization Identity Authentication of individual identity Non verified Subscriber information Validation of authority Criteria for interoperation Identification and authentication for re key requests Identification and authentication for routine re key Identification and authentication for re key after revocation Identification and authentication for revocation request CERTIFICATE LIFE CYCLE OPERATIONAL REQUIREMENTS Certificate application Who can submit a certificate application Enrolment process and responsibilities Certificate application processing Performing identification and authentication functions Approval or rejection of certificate applications DRCA & Sub CA CP, Version 5.1 iii

4 DRCA & Sub CA CP, Version Time to process certificate applications Certificate issuance CA actions during certificate issuance Notification to Subscriber by the CA of issuance of certificate Certificate acceptance Conduct constituting certificate acceptance Publication of the certificate by the CA Notification of certificate issuance by the CA to other entities Key pair and certificate usage Subscriber private key and certificate usage Relying Party public key and certificate usage Certificate renewal Circumstance for certificate renewal Who may request renewal Processing certificate renewal requests Notification of new certificate issuance to Subscriber Conduct constituting acceptance of a renewal certificate Publication of the renewal certificate by the CA Notification of certificate issuance by the CA to other entities Certificate re key Circumstance for certificate re key Who may request certification of a new public key Processing certificate re keying requests Notification of new certificate issuance to Subscriber Conduct constituting acceptance of a re keyed certificate Publication of the re keyed certificate by the CA Notification of certificate issuance by the CA to other entities Certificate modification Circumstance for certificate modification Who may request certificate modification Processing certificate modification requests Notification of new certificate issuance to Subscriber Conduct constituting acceptance of modified certificate Publication of the modified certificate by the CA Notification of certificate issuance by the CA to other entities Certificate revocation and suspension Circumstances for revocation Who can request revocation Procedure for revocation request Revocation request grace period Time within which CA must process the revocation request Revocation checking requirement for Relying Parties CRL issuance frequency (if applicable) Maximum latency for CRLs (if applicable) On line revocation/status checking availability On line revocation checking requirements Other forms of revocation advertisements available Special requirements re key compromise Circumstances for suspension Who can request suspension Procedure for suspension request Limits on suspension period Certificate status services End of subscription...20 iv

5 4.12 Key escrow and recovery Key escrow and recovery policy and practices Session key encapsulation and recovery policy and practices FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS Physical controls Procedural controls Personnel controls Audit logging procedures Records archival Key changeover Compromise and disaster recovery CA or RA termination TECHNICAL SECURITY CONTROLS Key pair generation and installation Key pair generation Private Key delivery to Subscriber Public key delivery to certificate issuer CA public key delivery to Relying Parties Key sizes Public key parameters generation and quality checking Key usage purposes (as per X.509 v3 key usage field) Private key protection and cryptographic module engineering controls Cryptographic module standards and controls Private Key (n out of m) multi person control Private Key escrow Private Key backup Private Key archival Private Key transfer into or from a cryptographic module Private Key storage on cryptographic module Method of activating private key Method of deactivating private key Method of destroying private key Cryptographic Module Rating Other aspects of key pair management Public key archival Certificate operational periods and key pair usage periods Activation data Activation data generation and installation Activation data protection Other aspects of activation data Computer security controls Life cycle technical controls Network security controls Time stamping CERTIFICATE, CRL AND OCSP PROFILES Certificate profile Version Numbers Certificate Extensions Algorithm Object Identifiers Name Forms Name Constraints Certificate Policy Object Identifier Usage of Policy Constraints Extension DRCA & Sub CA CP, Version 5.1 v

6 DRCA & Sub CA CP, Version Policy Qualifiers Syntax and Semantics Processing Semantics for the Critical Certificate Policies Extension CRL profile Version Numbers CRL and CRL Entry Extensions OCSP profile Version Numbers OCSP Extensions COMPLIANCE AUDIT AND OTHER ASSESSMENTS Frequency or circumstances of assessment Identity/qualifications of assessor Assessor s relationship to assessed entity Topics covered by assessment Actions taken as a result of deficiency Communication of results OTHER BUSINESS AND LEGAL MATTERS Fees Certificate issuance or renewal fees Certificate access fees Revocation or status information access fees Fees for other services Refund policy Financial responsibility Insurance coverage Other assets Insurance or warranty coverage for end entities Confidentiality of business information Privacy of personal information Privacy plan Information treated as private Information not deemed private Responsibility to protect private information Notice and consent to use private information Disclosure pursuant to judicial or administrative process Other information disclosure circumstances Intellectual property rights Representations and warranties Disclaimers of warranties Limitations of liability Indemnities Term and termination Term Termination Effect of termination and survival Individual notices and communications with participants Amendments Dispute resolution provisions Governing law Compliance with applicable law Miscellaneous provisions Other provisions...29 APPENDIX A. REFERENCES APPENDIX B. CERTIFICATE AND CRL PROFILES AND FORMATS vi

7 B.1 DRCA Signature/Authentication Certificate...31 B.2 DRCA CRL...33 B.3 SUB CA SIGNATURE/AUTHENTICATION CERTIFICATE...34 B.4 SUB CA CRL...36 Table of Tables Table 1 Signature OIDs Table 2 Algorithm OIDs Table 3 Level of Assurance OIDs Table 4 References Table 5 Defence Root Certification Authority Signature/Authentication Certificate Profile Table 6 Defence Root CA CRL Profile Table 7 Sub CA Signature/Authentication Certificate Profile Table 8 Sub CA CRL Profile DRCA & Sub CA CP, Version 5.1 vii

8 1. INTRODUCTION Certificate policies are, in the X.509 version 3 digital certificate standard, the named set of rules regarding the applicability of a certificate to a particular community and/or class of applications with common security requirements. A CP may be used by a Relying Party to help in deciding whether a certificate, and the binding therein, are sufficiently trustworthy and otherwise appropriate for a particular application. This Certificate Policy (CP) identifies the rules to manage the Australian Government Department of Defence (Defence) Root Certificate Authority (CA) certificates, Subordinate Certificate Authority (Sub CA) certificates and associated core component certificates. It includes the obligations of the Public Key Infrastructure (PKI) entities, and how the parties, indicated below, use them. It does not describe how to implement these rules as that information is in the Defence PKI Certification Practice Statement (CPS), or documents referenced by the CPS. In general, the rules identify the minimum standards in terms of performance, security and/or quality. The headings in this CP follow the framework set out in the Internet Engineering Task Force Request for Comment (RFC) 3647: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. A document hierarchy applies: the provisions of any applicable contract such as a Subscriber Agreement, Deed of Agreement or other relevant contract override the provisions of this CP. The provisions of this CP prevail over the provisions of CPS to the extent of any direct inconsistency. The provisions of CPS govern any matter on which this CP is silent. (Note: where sub titled sections of the framework provide no additional information to detail provided in the CPS they have not been further extrapolated in this document.) This section identifies and introduces the set of provisions, and indicates the types of entities and applications applicable for this Defence Root Certification Authority (DRCA) and Sub CA Certificate Policy (CP). 1.1 Overview The DRCA is used to self sign the Root CA certificate, digitally sign Sub CA certificates to validate their properties and sign and issue the certificates used by operational servers and operation personnel. The DRCA is the highest point of trust within the Defence PKI hierarchy and all other CA and RA entities in the hierarchy rely on this trust anchor. A Sub CA certificate is signed by the DRCA and signs the certificates used by operational servers and operation personnel as well as signing the certificates issued to end entities. This CP only allows the DRCA and any Sub CA private keys to reside on a hardware security module (HSM). Any operations certificates required for PKI core components are required to be stored in accordance with the PKI Key Management Plan (KMP). Except for Resource Custodians (RC) this CP allows Operators keys and certificates to only reside on a hardware based token with an embedded cryptographic engine. Before issuing Operators keys and certificates, the applicant is required to perform a face to face identity verification that complies with the Gatekeeper Evidence of Identity (EOI) policy for a High Assurance certificate and be cleared to the required level in accordance with the PKI System Security Plan (SSP). DRCA & Sub CA CP, Version of 36

9 1.2 Document name and identification The title for this CP is the X.509 Certificate Policy for the Department of Defence Root Certificate Authority and Subordinate Certificate Authorities. The Object Identifier (OID) for the DRCA CP is: {iso (1) iso member (2) australia (36) government (1) department of defence (334) pki (1) certificate policy (1) certificate authority (1) root (1)} In addition, this CP is issued for any Sub CA that is signed by the DRCA. In these circumstances, the OID is: {iso (1) iso member (2) australia (36) government (1) department of defence (334) pki (1) certificate policy (1) certificate authority (1) subordinate (2) } 1.3 PKI participants Certification authorities The Certification Authority (CA), or CAs, that issue certificates under this CP are Defence CAs. This CP relates to: i. the self signed DRCA authentication certificates that the DRCA issues to itself; ii. the authentication and confidentiality certificates signed by the DRCA and issued to SubCAs; iii. the authentication and confidentiality certificates issued by the SubCAs for the core operational infrastructure, e.g. the Registration Authority (RA) server; the Key Archive Server (KAS); and iv. all operator certificates used for the purpose of maintenance and issuance responsibilities, such as CA operators (CAO), RA Auditors (RAA), Registration Officers (ROs) and Resource Custodians (RCs) Registration authorities The Registration Authority (RA), or RAs, that perform the registration functions under this CP are authorised by the Defence PKI Policy Board (DPKIPB). For those certificates issued in accordance with the Gatekeeper accreditation, a Gatekeeper accredited RA must be used. An RA is formally bound to perform the registration functions in accordance with this CP and other relevant Approved Documents Subscribers No end entity Subscribers are issued certificates under this CP. Certificates issued by the DRCA or Sub CA to the operators of core components will not be used as a validation mechanism for that individual. All such certificates will only be valid for use within the PKI core components 1. An entity issued a certificate under this CP must have access, authority or privilege to Defence assets or systems. Defence assets and systems may act as a Relying Party, with respect to chain of trust aspects, having granted access, authority or privilege to an individual. 1 The exception to this rule is ROs using the Card Management System (CMS), who use their Individual - High Assurance certificate to log in to the CMS in conjunction with Issuer rights in the system. DRCA & Sub CA CP, Version of 36

10 1.3.4 Relying Parties Other than the chain of trust aspects there are no Relying Parties for the certificates issued under this CP. This chain of trust is created by the DRCA signing the Sub CA certificate that signs the certificate issued to the end entity and the issuance of Certificate Revocation Lists (CRLs). Relying Parties are bound by the relevant CP that an end entity certificate is issued under Other participants Other participants include: i. the DPKIPB refer to the Certification Practice Statement (CPS) for their responsibilities which specifically include: a) review and approval of this CP; b) presiding over the PKI audit process; c) approving mechanisms and controls for the management of the accredited infrastructure (CA/RA); d) approval of operational standards and guidelines to followed. ii. Accreditation agencies to provide independent assurance that the facilities, practices and procedures used to issue certificates comply with this CP, the CPS and other relevant documentation (policy and legal). iii. Directory Service providers to provide a repository for certificates and certificate status information issued under this CP. 1.4 Certificate usage Appropriate certificate uses Certificates issued under this CP, in conjunction with their associated private keys, allow the DRCA to: i. self sign the DRCA certificate; ii. digitally sign a Sub CA certificate; iii. sign the operational certificates required by the PKI, including OCSP responder; and iv. sign its own internal log files. Certificates issued under this CP, in conjunction with their associated private keys, allow a Sub CA to: i. digitally sign end entity certificates; ii. digitally sign a certificate for any CA subservient to the Sub CA; iii. sign the operational certificates required by the PKI; and iv. sign its own internal log files. All other core component certificates will only be valid for use within the PKI and used for the authentication and confidentiality (as appropriate) of core component activities Prohibited certificate uses The prohibited uses for certificates issued under this CP are: i. for the DRCA, to sign certificates issued to end entity Subscribers; ii. to sign the certificate of a non DPKIPB approved CA; iii. iv. to validate the identity of a PKI operator (CMS ROs excepted); and to establish a Sub CA to conduct any transaction, or communication, which is any or all of the following: 2 NB. ROs operating the CMS use their Individual High Assurance certificate to log in to the system. DRCA & Sub CA CP, Version of 36

11 a) Unrelated to Defence business; b) Illegal; c) Unauthorised; d) Unethical, or e) Contrary to Defence policy. Engaging in a prohibited certificate use is a breach of the responsibilities and obligations agreed to by the PKI operators and Defence disclaims any and all liability in such circumstances. 1.5 Policy administration Organisation administering the document Contact person Authority determining CPS suitability for the policy CPS approval procedures 1.6 Definitions, acronyms and interpretation Acronyms and terms used in this CP are defined in the CPS. Note that defined terms in this CP appear in italics the first time they are used and otherwise are not identified in this manner when appearing later throughout the CP. Defined terms may be upper or lower case. The interpretation clause in part 3 of Appendix B of the CPS also applies to this CP. 2. PUBLICATION AND REPOSITORY RESPONSIBILITIES 2.1 Repositories 2.2 Publication of certification information Defence publishes the issuing CA certificate, and the issuing CA s latest CRL in its repository. This information is available to Relying Parties both internal and external of Defence. Defence provides for Subscribers and Relying Parties the URL of a website which Defence uses to publish: i. this CP; ii. the CP for any end entity certificates; and iii. the CPS. DRCA & Sub CA CP, Version of 36

12 2.3 Time or frequency of publication Published documentation is updated on approved changes. Defence CAs publish new certificates and CRLs as operationally required (see and relevant CP). 2.4 Access controls on repositories 3. IDENTIFICATION AND AUTHENTICATION 3.1 Naming Types of names Every certificate issued under this CP: i. must have a clear distinguishable and unique Distinguished Name (DN) in the certificate subjectname field; ii. the common name components of the name are unique to the PKI name space; iii. the DN will be approved by the DPKIPB; iv. the DRCA DN must be composed of ADOCA <Serial>; and v. the SubCAs DN must be composed of ADOCA <Serial>. The DN is in the form of a X.501 printable string and is not blank Need for names to be meaningful Names used to identify the PKI core components are based on their PKI role and serial number. Additionally, names are used to identify individual operators to allow for system auditing Anonymity or pseudonymity of Subscribers Not applicable Rules for interpreting various name forms No stipulation as there is only one form Uniqueness of names Names are unique within the Defence PKI name space Recognition, authentication, and role of trademarks 3.2 Initial identity validation Method to prove possession of private key Private Key generation of critical PKI core components is performed using Evaluation Assurance Level (EAL) 4 accredited Hardware Security Modules (HSMs). These private keys are generated internally which ensures that the private key is never exposed or accidentally released. To initiate the key DRCA & Sub CA CP, Version of 36

13 generation process the CA operator must use the HSM in the presence of the required staff as dictated by the Key Management Plan (KMP). All PKI Operators (DRCAOs, CAOs, RAAs, ROs etc) except RCs use hard token technology to generate and securely store private keys, with passphrase access controls. The key generation process requires the operator to enter their token s passphrase thereby proving the operator has possession of the token with the generated private key. Where soft tokens are used by RCs, certificate requests are submitted to the CA via PKCS#10 requests where proof of possession of the private key is ensured as the Key Pair is generated at the time the certificate request is created Authentication of Organization Identity To establish the DRCA or a Gatekeeper compliant Sub CA, the DPKIPB and the Gatekeeper Competent Authority must grant approval prior to the key generation ceremony. The establishment of other Defence Sub CAs requires DPKIPB approval prior to key generation. Generation of PKI core components must comply with the processes dictated in the KMP, which indicates that the key issuing process includes: i. identification of the infrastructure element and applicable Key Custodian; ii. witnessed generation of public and private keys; iii. generation of certificates; iv. verification by the Key Custodian that the key generation process was successful; and v. entry into the PKI Trusted Element Register of the applicable information concerning the newly generated key. Before issuing certificates to PKI Operators, the operator is required to perform a face to face identity verification that complies with the Gatekeeper Evidence of Identity (EOI) policy for a High Assurance certificate and be cleared to a minimum level of SECRET. In addition, the operator will need to be validated as being affiliated with Defence by confirmation of their existence in the Defence Directory Authentication of individual identity Not applicable Non verified Subscriber information Not applicable Validation of authority The PKI Operations Manager is responsible for ensuring that all PKI core components are validated in accordance with the PKI KMP Criteria for interoperation 3.3 Identification and authentication for re key requests Identification and authentication for routine re key The minimum identification and authentication requirements for routine re key are as per (Authentication of Organization Identity). Verification of the Operator s identity can occur as follows: i. as per initial registration; or DRCA & Sub CA CP, Version of 36

14 ii. use of a DPKIPB approved biometric. (Only if biometric was recorded during previous registration); or iii. proof of possession, and ability to exercise a current private key in which the DN matches a Federal or State Government issued photographic ID document. This method can only be used provided no more than 4 years has passed since the Operator has been identified using the Gatekeeper EOI policy for a High Assurance certificates, or uses an approved biometric. The DPKIPB may approve alternative methods to verify an operator s identity for special circumstances. These circumstances include: i. essential re key in locations where sufficient EOI is unavailable (e.g. Theatre of Operation); or ii. if such individuals do not have sufficient EOI documentation due to loss, theft or destruction of EOI documentation. Certificates issued under special circumstances will require authorisation by the DPKIPB based on the risks associated with the circumstances. This authorisation will impose a limit on the reuse of the method by the operator before reverting to standard method of verification (listed above). In addition, such certificates will have a defined validity period that is less than the normal certificate life of two years Identification and authentication for re key after revocation Re key is not allowed after revocation for CAs. For operators, Re Key after revocation shall occur in the same manner as for initial identity validation. 3.4 Identification and authentication for revocation request Revocation of certificates is in accordance with this section and 4.9 of this CP and the CPS. The PKI Operations Manager, or in their absence their nominated agent, must authenticate all requests for revocation of PKI core components and the reason for revocation. Prior to revocation, the operator verifies the authority of the requestor. The DPKIPB must approve all requests for revocation of the Defence CAs. Revocation of other PKI core components, including operator certificates, can be approved by the PKI Operations Manager or the Security Officer (SO). The revocation process provides an auditable record of this process, which includes at a minimum: i. the identity of the requestor; ii. the reason for requesting revocation; iii. the identity of the operator performing the revocation; and iv. the issuing CA name and serial numbers of the certificates authorised for revocation, or the reason for rejecting the revocation request. 4. CERTIFICATE LIFE CYCLE OPERATIONAL REQUIREMENTS 4.1 Certificate application Who can submit a certificate application People affiliated with Defence can submit a certificate application. Creation of CAs must be authorised by the DPKIPB. There is no subsequent submission of applications for the creation of PKI core components related to that CA. DRCA & Sub CA CP, Version of 36

15 4.1.2 Enrolment process and responsibilities The enrolment process and responsibilities are outlined in the PKI Operations Manual and KMP. 4.2 Certificate application processing Performing identification and authentication functions The PKI Operations Manager must ensure that each CA creation application is in accordance with the PKI KMP and undergoes: i. confirmation of approval for DRCA or Sub CA creation; and ii. validation of all information to be included in the certificate. As a minimum, two delegates nominated by the DPKIPB are required to witness the generation of CA keys. The PKI Operations Manager is not required to investigate or ascertain the authenticity of any document received by them as evidence of any matter required as part of the CA creation process unless they are aware, or should reasonably be aware, that the document is not authentic or they are otherwise required to do so by law Approval or rejection of certificate applications The DPKIPB approves or rejects CA certificate applications Time to process certificate applications No stipulation. 4.3 Certificate issuance CA actions during certificate issuance Notification to Subscriber by the CA of issuance of certificate Operators shall be notified when a certificate has been issued and of any requirements necessary to update the operator s token. 4.4 Certificate acceptance Conduct constituting certificate acceptance The PKI core components are deemed to have accepted a certificate when they exercise the private key Publication of the certificate by the CA The only certificates published will be the CA certificates. These will be published to the Defence repository and external repositories as per the CPS Notification of certificate issuance by the CA to other entities No stipulation. DRCA & Sub CA CP, Version of 36

16 4.5 Key pair and certificate usage Subscriber private key and certificate usage There are no end entity Subscribers to this CP. Certificate usage is defined above in 1.4 (Certificate Usage) and as such core components, other than CAs, may only be used within the PKI. Custodians shall protect private keys from access by other parties in accordance with the KMP. If the extended key usage extension is present and implies any limitation on the use of the certificate and/or private key, the CA will operate within those limitations Relying Party public key and certificate usage 1.4 (Certificate Usage) and (Relying Parties) detail the Relying Party public key and certificate usage and responsibilities. The interpretation and compliance with extended key usage attributes, and any associated limitations on the use of the certificate and/or private key, is in accordance with RFC Certificate renewal The DRCA and Sub CA certificates cannot be renewed; however, associated core components can be renewed Circumstance for certificate renewal The CPS defines the criteria for certificate renewals. Certificate renewal shall not permit an operator to avoid re key or the associated identification and authentication process. Renewal of revoked certificates is not permitted after revocation regardless of the reason for revocation Who may request renewal Same as per applications see (Who can submit a certificate application) Processing certificate renewal requests The process for certificate renewal is consistent with the enrolment process defined in 4.1 (Certificate Application), however identification and authentication complies with 3.3 (Identification and Authentication for Re Key Requests) Notification of new certificate issuance to Subscriber Operators shall be notified when a renewal certificate has been issued, and of any requirements necessary to update the operator s token Conduct constituting acceptance of a renewal certificate See (Conduct constituting certificate acceptance) Publication of the renewal certificate by the CA PKI core component renewed certificates will not be published. DRCA & Sub CA CP, Version of 36

17 4.6.7 Notification of certificate issuance by the CA to other entities Not applicable. 4.7 Certificate re key Circumstance for certificate re key See CPS for relevant circumstances. Loss or compromise of a current private key requires revocation Who may request certification of a new public key Certificate re key requests are made by an operator or the DPKIPB Processing certificate re keying requests The process for certificate re keying is consistent with the enrolment process defined in 4.1 (Certificate Application), however identification and authentication complies with 3.3 (Identification and Authentication for Re Key Requests) Notification of new certificate issuance to Subscriber The operator receives notification when a re keyed certificate is issued, or if a certificate request for re key is rejected. The DPKIPB receives notification of progress, issues and completion of DPKIPB initiated certificate rekeys Conduct constituting acceptance of a re keyed certificate See (Conduct constituting certificate acceptance) Publication of the re keyed certificate by the CA PKI core component re keyed certificates will not be published Notification of certificate issuance by the CA to other entities Not applicable. 4.8 Certificate modification Circumstance for certificate modification The circumstances permitted for certificate modification include: i. Details in the certificate relevant to the Operator have changed or been found to be incorrect; and ii. Interoperation with approved Third Party PKI, or Defence assets and systems, require certificate attributes or contents inserted, modified or deleted. The DPKIPB will determine other circumstances as appropriate Who may request certificate modification Certificate modification may be requested by: i. the DPKIPB, or ii. Operator DRCA & Sub CA CP, Version of 36

18 4.8.3 Processing certificate modification requests The process for certificate modification must comply with enrolment process defined in 4.1 (Certificate Application). The identification and authentication procedures must comply with 3.3 (Identification and Authentication for Re Key Requests) Notification of new certificate issuance to Subscriber The operator or key custodian receives notification when issued a modified certificate, or if rejection of a modification request occurs. The DPKIPB receives notification of progress, issues and completion of DPKIPB initiated certificate modifications Conduct constituting acceptance of modified certificate See (Conduct constituting certificate acceptance) Publication of the modified certificate by the CA See (Publication of the certificate by the CA) Notification of certificate issuance by the CA to other entities No stipulation. 4.9 Certificate revocation and suspension Circumstances for revocation Who can request revocation Procedure for revocation request Revocation requests for PKI core components are performed by an authorised Certificate Authority Operator (CAO) but must be validated by the PKI Operations Manager prior to initiation. The Disaster Recovery and Business Continuity Plan (DRBCP) details the revocation process for the DRCA and Sub CA in the event of an emergency. After verification, the CAO processes the revocation request using the PKI software, which captures an auditable record of the process. After a certificate is revoked, the CA includes the applicable certificate (certificate serial number) in the CRL that is signed by the CA and published in the repositories Revocation request grace period A grace period of one Operational Day is permitted. The DPKIPB, or an approved delegate, in exceptional circumstances (such as a security or law enforcement investigation), may approve a delay in the submission of a revocation request. An audit record of this approval is required, and must be submitted with the revocation request upon expiry of the approved delay. DRCA & Sub CA CP, Version of 36

19 4.9.5 Time within which CA must process the revocation request A CA shall process revocation requests for certificates issued under this CP promptly after receipt Revocation checking requirement for Relying Parties Before using a certificate, the Relying Party must validate it against the CRL. It is the Relying Party s responsibility to determine their requirement for revocation checking CRL issuance frequency (if applicable) CRLs for the DRCA are published when a Sub CA is revoked or monthly. CRLs for Sub CAs under this CP are published on each certificate revocation or at intervals no longer than 24 hours if there are no updates Maximum latency for CRLs (if applicable) The maximum latency between the generation and publication of CRLs is 3 days On line revocation/status checking availability Online Certificate Status Protocol service (OCSP) is available at: Refer to the relevant Certificate Profile in Appendix B if the certificate is issued with an OCSP access location reference (Authority Information Access extension), OCSP is available to the Relying Party as a certificate status checking method. The latest CRL is available from the published repositories; refer to 2.1 (Repositories) and the certificates CRL Distribution Point for further information On line revocation checking requirements No stipulation Other forms of revocation advertisements available Special requirements re key compromise No stipulation Circumstances for suspension This CP does not support certificate suspension Who can request suspension This CP does not support certificate suspension Procedure for suspension request This CP does not support certificate suspension Limits on suspension period This CP does not support certificate suspension. DRCA & Sub CA CP, Version of 36

20 4.10 Certificate status services 4.11 End of subscription 4.12 Key escrow and recovery Key escrow and recovery policy and practices Escrow, backup and archiving of private keys issued under this CP is permitted to enable the retrieval of keys in a disaster recovery situation. However, operator hard tokens shall not be backed up or cloned. Escrow, backup and archiving is to be undertaken in accordance with the PKI KMP. Retrieval will be undertaken in accordance with the PKI DRBCP recovery policy and practices Session key encapsulation and recovery policy and practices Symmetric keys are not required to be escrowed. 5. FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS 5.1 Physical controls 5.2 Procedural controls 5.3 Personnel controls 5.4 Audit logging procedures 5.5 Records archival 5.6 Key changeover DRCA & Sub CA CP, Version of 36

21 5.7 Compromise and disaster recovery 5.8 CA or RA termination 6. TECHNICAL SECURITY CONTROLS 6.1 Key pair generation and installation Key pair generation Key pair generation is via a combination of product and processes approved by the National Cryptographic Authority (NCA). Key pair generation is in accordance with the PKI KMP and as such: i. critical core components (e.g. CA, RA and KAS) generate keys within a HSM; ii. operators generate keys within a hard token or using EAL4 accredited software; and iii. non critical core components (e.g. Certificate Status Server, Registration Exchange) generate keys using EAL4 accredited software (and protect them within Personal Security Environment (PSE) files) Private Key delivery to Subscriber Private key delivery is in accordance with the PKI KMP. Private keys generated within hardware elements (tokens, HSMs) are not delivered. Soft tokens for core components are delivered direct to the PKI core component protected by a PSE file. RC keys are delivered on a PKCS#12 file, passphrase protected by the RC at the time of key generation Public key delivery to certificate issuer DRCA public keys are self generated and do not require delivery. SubCA public key delivery to the DRCA is a witnessed event, with the key being delivered via airgap in a PKCS#10 file, signed with the corresponding private key. Other PKI core components public keys are either delivered protected within the PKI software, or delivered to the issuer in a PKCS#10 file, signed with the corresponding private key CA public key delivery to Relying Parties Key sizes Keys used for this CP are in accordance with the PKI KMP and support either SHA1 or SHA2 for signing and RSA public key algorithm. The key sizes for: i. DRCA is a minimum of 2048 bits; ii. Sub CAs and components, other than operators, are a minimum 2048 bits; and iii. Operators are a minimum 1024 bits Public key parameters generation and quality checking DRCA & Sub CA CP, Version of 36

22 6.1.7 Key usage purposes (as per X.509 v3 key usage field) In addition to the key usage defined in 1.4, certificates include key usage extension fields to specify the purposes for which the Certificate may be used and also to technically limit the functionality of the certificate when used with the PKI software. Note that the CAs have key usages Digital Signature and Non Repudiation for the purpose of signing their own log entries. Key usages are specified in the Certificate Profile set forth in Appendix B. 6.2 Private key protection and cryptographic module engineering controls Cryptographic module standards and controls All cryptographic modules used with PKI core components have been evaluated under Common Criteria EAL4 and approved for the uses intended in this CP by the NCA and are listed on the Evaluated Products List Private Key (n out of m) multi person control Private Key escrow Escrow of private keys is permitted and occurs in accordance with the PKI KMP and the PKI DRBCP. Refer to CPS for escrow controls Private Key backup Private Key archival Private Key archival occurs in accordance with the PKI KMP and the PKI DRBCP Private Key transfer into or from a cryptographic module Private Key storage on cryptographic module Method of activating private key Activating private keys occurs by the CAO or RAO authenticating to the cryptographic module. For HSMs it is activated with the applicable physical key in the PIN Entry Device (PED). The session stays live until deactivated (see Method of deactivating private key) Method of deactivating private key Deactivation can be achieved via: i. shut down or restart of the system; ii. removal of the token; or iii. shut down of the service that operates the token. DRCA & Sub CA CP, Version of 36

23 Method of destroying private key Cryptographic Module Rating See (Cryptographic standards and controls). 6.3 Other aspects of key pair management Public key archival Certificate operational periods and key pair usage periods The DRCA certificate validity has a maximum period of 20 years to limit the key lifetime. A Sub CA certificate may have a validity period of up to ten years. Certificate lives and key pair usage for all other core components, other than Operators, complements the relevant CA they are associated with. Operator certificates have a maximum validity period of two years. 6.4 Activation data Activation data generation and installation To protect private keys, a passphrase is entered by the key custodian at the time of key generation. This passphrase is used to activate the key pair for usage. Other passphrases and PINs used within the PKI system are created by operators at the time of installation. All passwords must comply with Defence Password Policy. Lifecycle management of passphrases, passwords and PINs used in the system is in accordance with the PKI KMP and Defence Policy Activation data protection All passphrases used to activate core components are kept in accordance with Defence policy and PKI KMP Other aspects of activation data No stipulation. 6.5 Computer security controls 6.6 Life cycle technical controls 6.7 Network security controls DRCA & Sub CA CP, Version of 36

24 6.8 Time stamping 7. CERTIFICATE, CRL AND OCSP PROFILES Appendix B contains the formats for the certificates, and CRL profiles and formats relative to this CP. The certificates issued under this CP are: i. the Defence Root Certificate Authority; ii. sub CA certificates signed by the Defence Root Certificate Authority; iii. certificates issued to the PKI core components supporting a CA, such as the Registration Authority; and iv. certificates issued to the operators of the above components to ensure their abilities to undertake administration activities. 7.1 Certificate profile Version Numbers All certificates are X.509 Version 3 certificates Certificate Extensions See Appendix B Algorithm Object Identifiers Certificates under this CP will use one of the following OIDs for signatures. sha 1WithRSAEncryption {iso(1) member body(2) us(840) rsadsi(113549) pkcs(1) pkcs 1(1) 5} sha256withrsaencryption {iso(1) member body(2) us(840) rsadsi(113549) pkcs(1) pkcs 1(1) 11} Table 1 Signature OIDs Certificates under this CP will use one of the following OIDs for identifying the algorithm for which the subject key was generated. rsaencryption {iso(1) member body(2) us(840) rsadsi(113549) pkcs(1) pkcs 1(1) 1} Id ecpublickey {iso(1) member body(2) us(840) ansi x9 62(10045) public key type (2) 1} rsaencryption {iso(1) member body(2) us(840) rsadsi(113549) pkcs(1) pkcs 1(1) 1} Dhpublicnumber {iso(1) member body(2) us(840) ansi x942(10046) number type(2) 1} IdkeyExchangeAlgorithm {joint iso ccitt(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1) algorithms(1) 22} Table 2 Algorithm OIDs CAs shall certify only public keys associated with the crypto algorithms identified above, and shall only use the signature crypto algorithms described above to sign certificates, CRLs and any other PKI product, including other forms of revocation such as OCSP responses Name Forms The Common Name (CN) component is based on the name assigned by the DPKIPB to the CA being created presented as a printable string. DRCA & Sub CA CP, Version of 36

25 All other DN components are fixed and defined in Appendix B Name Constraints Name constraints are not present Certificate Policy Object Identifier CA Certificates issued under this policy shall assert the OID { } for DRCA certificates or { } for Sub CA certificates. The DRCA and SubCA certificates shall also assert the anypolicy OID of { }. The SubCA certificate shall also assert the following OIDs representing Levels of Assurance of certificates issued: Individual: Low Medium High Very High Resources: Low Medium High Table 3 Level of Assurance OIDs Usage of Policy Constraints Extension Policy constraints are not present Policy Qualifiers Syntax and Semantics The only policy qualifiers that are permitted are the CPS Pointer qualifier and the User notice qualifier. The CPS Pointer, if used, shall contain a HTTP URI link to the Certification Practice Statement (CPS) published by the CA, or to a webpage from which the CPS can then be downloaded. The User notice, if used, shall only contain the explicittext field Processing Semantics for the Critical Certificate Policies Extension This policy does not require the certificate policies extension to be critical. Relying Parties whose client software does not process this extension do so at their own risk. 7.2 CRL profile Version Numbers CRLs issued under this CP shall assert a version number as described in the X.509 standard [ISO9594 8]. CRLs shall assert Version CRL and CRL Entry Extensions Detailed CRL profiles covering the use of each extension are available in Appendix B. DRCA & Sub CA CP, Version of 36

26 7.3 OCSP profile Version Numbers OSCP is implemented using version 1 as specified under RFC OCSP Extensions Refer to CPS and Validation Authority (VA) CP for full OCSP profile. 8. COMPLIANCE AUDIT AND OTHER ASSESSMENTS 8.1 Frequency or circumstances of assessment 8.2 Identity/qualifications of assessor 8.3 Assessor s relationship to assessed entity 8.4 Topics covered by assessment 8.5 Actions taken as a result of deficiency 8.6 Communication of results 9. OTHER BUSINESS AND LEGAL MATTERS 9.1 Fees Certificate issuance or renewal fees No stipulation Certificate access fees There is no fee for accessing Certificates from approved repositories Revocation or status information access fees There is no fee for accessing a CRL from approved repositories. DRCA & Sub CA CP, Version of 36

X.509 Certificate Policy for the Australian Department of Defence Individual Software Certificates (Medium Assurance)

X.509 Certificate Policy for the Australian Department of Defence Individual Software Certificates (Medium Assurance) X.509 Certificate Policy for the Australian Department of Defence Individual Software Certificates (Medium Assurance) Version 4.0 May 2014 Notice to all parties seeking to rely Reliance on a Certificate

More information

X.509 Certification Practice Statement for the Australian Department of Defence

X.509 Certification Practice Statement for the Australian Department of Defence X.509 Certification Practice Statement for the Australian Department of Defence Version 5.1 December 2014 Document Management This document is controlled by: Changes are authorised by: Defence Public Key

More information

1.1.1 Additional requirements for Trusted Root Issuer CAs Appropriate Certificate Usage Prohibited Certificate Usage...

1.1.1 Additional requirements for Trusted Root Issuer CAs Appropriate Certificate Usage Prohibited Certificate Usage... 1.1.1 Additional requirements for Trusted Root Issuer CAs... 10 1.3.1 Certification Authorities ( Issuer CAs )... 11 1.3.2 Registration Authorities... 11 1.3.3 Subscribers... 12 1.3.4 Relying Parties...

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc. THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT

More information

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy Version: 1.0 Issued: August 2014 Status: Final PEXA Certification Authority Certificate Profile 1. Introduction Property

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

Fraunhofer Corporate PKI. Certification Practice Statement

Fraunhofer Corporate PKI. Certification Practice Statement Fraunhofer Corporate PKI Certification Practice Statement Version 1.1 Published in June 2012 Object Identifier of this Document: 1.3.6.1.4.1.778.80.3.2.1 Contact: Fraunhofer Competence Center PKI Fraunhofer

More information

TeliaSonera Server Certificate Policy and Certification Practice Statement

TeliaSonera Server Certificate Policy and Certification Practice Statement TeliaSonera Server Certificate Policy and Certification Practice Statement v.1.4 TeliaSonera Server Certificate Policy and Certification Practice Statement CA name Validation OID TeliaSonera Server CA

More information

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3.

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3. California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority Version 3.4 April 2015 Table of Contents 1.0 INTRODUCTION... 8 1.1 OVERVIEW... 8 1.2

More information

VeriSign Trust Network Certificate Policies

VeriSign Trust Network Certificate Policies VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-

More information

Equens Certificate Policy

Equens Certificate Policy Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)

More information

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :

More information

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB Document no 1/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev A TeliaSonera Public Root CA Certification Practice Statement Revision Date: 2006-11-17 Version: Rev A Published

More information

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...

More information

Symantec Trust Network (STN) Certificate Policy

Symantec Trust Network (STN) Certificate Policy Symantec Trust Network (STN) Certificate Policy Version 2.8.5 Effective Date: September 8, 2011 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 http//:www.symantec.com

More information

KIBS Certification Practice Statement for non-qualified Certificates

KIBS Certification Practice Statement for non-qualified Certificates KIBS Certification Practice Statement for non-qualified Certificates Version 1.0 Effective Date: September, 2012 KIBS AD Skopje Kuzman Josifovski Pitu 1 1000, Skopje, Republic of Macedonia Phone number:

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information

TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0)

TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0) TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0) Effective Date: 23 November 2012 1 Revision Record Rev Effective Date Issuer Note 1.0 1 Apr 2001 TaiCA PMA CP first issue 1.1 1

More information

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Version 2.2 Document OID: 1.3.6.1.4.1.36355.2.1.2.2 February 2012 Contents

More information

EuropeanSSL Secure Certification Practice Statement

EuropeanSSL Secure Certification Practice Statement EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE

More information

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4

More information

SWITCHaai Metadata CA. Certificate Policy and Certification Practice Statement

SWITCHaai Metadata CA. Certificate Policy and Certification Practice Statement SWITCHaai Metadata CA Certificate Policy and Certification Practice Statement Version 1.0, OID 2.16.756.1.2.6.7.1.0 July 15, 2008 Table of Contents 1. INTRODUCTION...6 1.1 Overview...6 1.2 Document name

More information

epki Root Certification Authority Certification Practice Statement Version 1.2

epki Root Certification Authority Certification Practice Statement Version 1.2 epki Root Certification Authority Certification Practice Statement Version 1.2 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1 1.1.1 Certification Practice Statement...

More information

Version 3.0. Effective Date: 15 october, 2008

Version 3.0. Effective Date: 15 october, 2008 Getronics Version 3.0 Effective Date: 15 october, 2008 Getronics Nederland B.V. Fauststraat 1 P.O. Box 9105 7300 HN Apeldoorn The Netherlands Phone: +31 (0)20 570 4511 http://www.pki.getronicspinkroccade.nl

More information

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) [Draft] Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) Version: 1.00 August, 2015 Bangladesh Bank Page 2 of 42 Document Reference Title Document Type Bangladesh Bank

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

PKI NBP Certification Policy for ESCB Signature Certificates. OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5

PKI NBP Certification Policy for ESCB Signature Certificates. OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5 PKI NBP Certification Policy for ESCB Signature Certificates OID: 1.3.6.1.4.1.31995.1.2.2.1 version 1.5 Security Department NBP Warsaw, 2015 Table of Contents 1. Introduction 1 1.1 Overview 1 1.2 Document

More information

SSL.com Certification Practice Statement

SSL.com Certification Practice Statement SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Trusted Certificate Service

Trusted Certificate Service TCS Server and Code Signing Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service TCS Server CAs, escience Server CA, and Code Signing CA Certificate Practice Statement Version 2.0

More information

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates)

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates) (CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014 1. INTRODUCTION... 10 1.1. Overview... 10 1.2. Document Name and Identification... 11 1.3. Participants...

More information

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2 PKI NBP Certification Policy for ESCB Encryption Certificates OID: 1.3.6.1.4.1.31995.1.2.3.1 version 1.2 Security Department NBP Warsaw, 2015 Table of Contents 1. Introduction 1 1.1 Overview 1 1.2 Document

More information

TC TrustCenter GmbH. Certification Practice Statement

TC TrustCenter GmbH. Certification Practice Statement TC TrustCenter GmbH Certification Practice Statement NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certification Practice Statement is published in conformance

More information

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 2.0 Effective Date: 14 April 2015 TABLE OF CONTENTS 1. INTRODUCTION 1.1 Overview 1.2 Document name and identification 1.3 PKI participants 1.3.1

More information

Advantage Security Certification Practice Statement

Advantage Security Certification Practice Statement Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro

More information

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized

More information

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...

More information

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00 Registration Practices Statement Grid Registration Authority Approved December, 2011 Version 1.00 i TABLE OF CONTENTS 1. Introduction... 1 1.1. Overview... 1 1.2. Document name and Identification... 1

More information

X.509 Certificate Policy for India PKI

X.509 Certificate Policy for India PKI X.509 Certificate Policy for India PKI Version 1.4 May 2015 Controller of Certifying Authorities Department of Information Technology Ministry of Communications and Information Technology Document Control

More information

CERTIFICATE POLICY KEYNECTIS SSL CA

CERTIFICATE POLICY KEYNECTIS SSL CA CERTIFICATE POLICY KEYNECTIS SSL CA Date: 05/02/2009 KEYNECTIS SSL CA CERTIFICATE POLICY Subject: KEYNECTIS SSL CA Certificate Policy Version number: 1.1 Number of pages: 49 Status of the Project Final

More information

TACC ROOT CA CERTIFICATE POLICY

TACC ROOT CA CERTIFICATE POLICY TACC ROOT CA CERTIFICATE POLICY AND CERTIFICATE PRACTICES STATEMENT (In RFC 3647 format) January 20, 2009 OID: 1.3.6.1.4.1.17940.5.1.1.1 Version 1.2 1 INTRODUCTION... 3 1.1 Overview...3 1.2 Document Name

More information

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015 ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document

More information

[COMPANY CA] Certification Practice Statement

[COMPANY CA] Certification Practice Statement Certification Practice Statement Date: [PUBLICATION DATE] Version: v. X.X Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...3 1.2

More information

Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Version 2.5

Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Version 2.5 Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Prepared by: United States Patent and Trademark Office Public Key Infrastructure Policy Authority This page is intentionally

More information

Certificate Policy and Certification Practice Statement

Certificate Policy and Certification Practice Statement DigiCert Certificate Policy and Certification Practice Statement DigiCert, Inc. Version 3.03 March 15, 2007 333 South 520 West Lindon, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com

More information

phicert Direct Certificate Policy and Certification Practices Statement

phicert Direct Certificate Policy and Certification Practices Statement phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a

More information

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2

Certificate Policy KEYNECTIS SSL CA CP. Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 Certificate Policy KEYNECTIS SSL CA CP Emmanuel Montacutelli 12/11/2014 DMS_CP_KEYNECTIS SSL CA CP_1.2 KEYNECTIS SSL CA CP Version 1.2 Pages 51 Status Draft Final Author Emmanuel Montacutelli OpenTrust

More information

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None CERTIFICATION PRACTICE STATEMENT Document version: 1.2 Date: 15 September 2007 OID for this CPS: None Information in this document is subject to change without notice. No part of this document may be copied,

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY The Boeing Company Boeing Commercial Airline PKI Basic Assurance CERTIFICATE POLICY Version 1.4 PA Board Approved: 7-19-2013 via e-mal PKI-233 BCA PKI Basic Assurance Certificate Policy Page 1 of 69 Signature

More information

Trusted Certificate Service (TCS)

Trusted Certificate Service (TCS) TCS Personal and escience Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service (TCS) TCS Personal CA, escience Personal CA, and Document Signing CA Certificate Practice Statement

More information

Vodafone Group CA Automated Code- Signing Certificate Policy

Vodafone Group CA Automated Code- Signing Certificate Policy Vodafone Group CA Automated Code- Signing Certificate Policy Publication Date: 05/05/09 Copyright 2009 Vodafone Group Table of Contents Acknowledgments...1 1. INTRODUCTION...2 1.1 Overview...3 1.2 Document

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June 2009. Version: 1.0

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June 2009. Version: 1.0 Document no 4/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev. 1.0 Telia hardware based e-legitimation v2 Certification Practice Statement Revision Date: 10 th June 2009

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) Version 2.24

X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) Version 2.24 X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA) Version 2.24 February 25, 2011 Signature Page Chair, Federal Public Key Infrastructure Policy Authority DATE Revision History

More information

Operational Research Consultants, Inc. Non Federal Issuer. Certificate Policy. Version 1.0.1

Operational Research Consultants, Inc. Non Federal Issuer. Certificate Policy. Version 1.0.1 Operational Research Consultants, Inc. Non Federal Issuer Certificate Policy Version 1.0.1 Operational Research Consultants, Inc. 11250 Waples Mill Road South Tower, Suite 210 Fairfax, Virginia 22030 June

More information

thawte Certification Practice Statement

thawte Certification Practice Statement thawte Certification Practice Statement Version 3.7.5 Effective Date: 4 June, 2012 (All CA/Browser Forum-specific requirements are effective on July 1, 2012) thawte Certification Practice Statement 2012

More information

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5 Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1

More information

Dexia Root CA Certification Practice Statement. Version 1.0

Dexia Root CA Certification Practice Statement. Version 1.0 Dexia Root CA Certification Practice Statement Version 1.0 Version History Version Description Date Author 0.1 Initial Draft 17 September 2001 Jan Raes 0.2 Minor adaptation after review PA 16 October 2001

More information

Visa Public Key Infrastructure Certificate Policy (CP)

Visa Public Key Infrastructure Certificate Policy (CP) Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential

More information

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 - X.509 PKI EMAIL SECURITY GATEWAY Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 Commerzbank AG - Page 1 Document control: Title: Description : RFC Schema: Authors: Commerzbank

More information

Trustwave Holdings, Inc

Trustwave Holdings, Inc Trustwave Holdings, Inc Certificate Policy and Certification Practices Statement Version 2.9 Effective Date: July 13, 2010 This document contains Certification Practices and Certificate Policies applicable

More information

Lockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP)

Lockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP) Lockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP) Version 8.10 April 2016 Copyright, Lockheed Martin, 2016 Questions or comments regarding the Lockheed Martin epki Certification

More information

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as

More information

GlobalSign CA Certificate Policy

GlobalSign CA Certificate Policy GlobalSign CA Certificate Policy Date: December 17 th 2007 Version: v.3.0 Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...4 1.1.1 GlobalSign Rootsign...5 1.1.2

More information

Version 2.4 of April 25, 2008

Version 2.4 of April 25, 2008 TC TrustCenter GmbH Certificate Policy for SAFE NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certificate Policy is published in conformance with international

More information

DigiCert. Certificate Policy. DigiCert, Inc. Version 4.03 May 3, 2011

DigiCert. Certificate Policy. DigiCert, Inc. Version 4.03 May 3, 2011 DigiCert Certificate Policy DigiCert, Inc. Version 4.03 May 3, 2011 Suite 200 Canopy Building II 355 South 520 West Lindon, UT 84042 USA Tel: 1 801 877 2100 Fax: 1 801 705 0481 www.digicert.com TABLE OF

More information

Vodafone Group CA Web Server Certificate Policy

Vodafone Group CA Web Server Certificate Policy Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name

More information

TECHNICAL STANDARDS FOR INTEROPERABILITY OF ELECTRONIC ID CARDS

TECHNICAL STANDARDS FOR INTEROPERABILITY OF ELECTRONIC ID CARDS Représentant les avocats d Europe Representing Europe s lawyers TECHNICAL STANDARDS FOR INTEROPERABILITY OF ELECTRONIC ID CARDS Technical standards for interoperability of electronic ID cards 1. Introduction

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

thawte Certification Practice Statement Version 2.3

thawte Certification Practice Statement Version 2.3 thawte Certification Practice Statement Version 2.3 Effective Date: July, 2006 thawte Certification Practice Statement 2006 thawte, Inc. All rights reserved. Printed in the United States of America. Revision

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

Government CA Government AA. Certification Practice Statement

Government CA Government AA. Certification Practice Statement PKI Belgium Government CA Government AA Certification Practice Statement 2.16.56.1.1.1.3 2.16.56.1.1.1.3.2 2.16.56.1.1.1.3.3 2.16.56.1.1.1.3.4 2.16.56.1.1.1.6 2.16.56.1.1.1.6.2 2.16.56.9.1.1.3 2.16.56.9.1.1.3.2

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

REVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September 2007. OID for this CP: 1.2.372.980003.1.1.1.1.

REVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September 2007. OID for this CP: 1.2.372.980003.1.1.1.1. REVENUE ON-LINE SERVICE CERTIFICATE POLICY Document Version 1.2 Date: 15 September 2007 OID for this CP: 1.2.372.980003.1.1.1.1.1 No part of this document may be copied, reproduced, translated, or reduced

More information

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS) Starfield Technologies, LLC Certificate Policy and Certification Practice Statement (CP/CPS) Version 3.8 April 15, 2016 i Starfield CP-CPS V3.8 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2

More information

TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1

TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1 TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1 1. Contact Information Enquiries or other communications about this statement should be addressed to: The Royal Bank of Scotland TrustAssured

More information

SECOM Trust.net Root1 CA

SECOM Trust.net Root1 CA CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT May 22, 2006 Version 2.00 SECOM Trust Systems Co.,Ltd. Revision History Version Date Description V1.00 2003.08.01 Initial Draft (Translated from Japanese

More information

Certificate Policy for. SSL Client & S/MIME Certificates

Certificate Policy for. SSL Client & S/MIME Certificates Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it

More information

DigiCert Certification Practice Statement

DigiCert Certification Practice Statement DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

Metropolitan Police Service Enterprise PKI. Root Certificate Authority, Certificate Policy. Version 6.1 10 th February 2012 NOT PROTECTIVELY MARKED

Metropolitan Police Service Enterprise PKI. Root Certificate Authority, Certificate Policy. Version 6.1 10 th February 2012 NOT PROTECTIVELY MARKED Metropolitan Police Service Enterprise PKI Root Certificate Authority, Certificate Policy Version 6.1 10 th February 2012 Version Control Issue Release Date Comments A 02/11/07 First draft release of CP

More information

Gatekeeper Compliance Audit Program

Gatekeeper Compliance Audit Program Gatekeeper Compliance Audit Program V2.0 DECEMBER 2014 Gatekeeper Compliance Audit Program V 2.0 DECEMBER 2014 Contents Contents 2 1. Guide Management 4 1.1. Change Log 5 1.2. Review Date 5 1.3. Conventions

More information