SPECIFIC DOCUMENTATION FOR WEBSITE CERTIFICATES



Similar documents
CERTIFICATION PRACTICE STATEMENT UPDATE

SPECIFIC DOCUMENTATION FOR CORPORATE CERTIFICATES

Bugzilla ID: Bugzilla Summary:

Certification Practice Statement of CERTUM s Certification Services

TeliaSonera Server Certificate Policy and Certification Practice Statement

Class 3 Registration Authority Charter

Ford Motor Company CA Certification Practice Statement

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0

CERTIFICATION POLICY OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

WEBTRUST FOR CERTIFICATION AUTHORITIES SSL BASELINE REQUIREMENTS AUDIT CRITERIA V.1.1 [Amended 1 ] CA/BROWSER FORUM

WebTrust SM/TM for Certification Authorities WebTrust Principles and Criteria for Certification Authorities Extended Validation Code Signing

ETSI TR V1.1.1 ( )

Transnet Registration Authority Charter

Microsoft Trusted Root Certificate: Program Requirements

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

Certification Practice Statement

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5

TELSTRA RSS CA Subscriber Agreement (SA)

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

BUYPASS CLASS 3 SSL CERTIFICATES Effective date:

Extended SSL Certificates

SSL CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT

Trusted Certificate Service

APPLICATION FOR DIGITAL CERTIFICATE

Danske Bank Group Certificate Policy

CERTIFICATE POLICIES (CP) Legal Person Certificate ICE SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. CP

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS Aristotle University of Thessaloniki PKI ( WHOM IT MAY CONCERN

Eskom Registration Authority Charter

Certum QCA PKI Disclosure Statement

HKUST CA. Certification Practice Statement

Ericsson Group Certificate Value Statement

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates)

Comodo Certification Practice Statement

Based on: CA/Browser Forum. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.1.

Government CA Government AA. Certification Practice Statement

ALTERNATIVES TO CERTIFICATION AUTHORITIES FOR A SECURE WEB

WEBTRUST SM/TM FOR CERTIFICATION AUTHORITIES EXTENDED VALIDATION AUDIT CRITERIA Version 1.1 CA/BROWSER FORUM

SSL Certificates: A Simple Solution to Website Security

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

EuropeanSSL Secure Certification Practice Statement

Netrust SSL Web Server Certificate New Application Enrolment Guide

ETSI TS V2.4.1 ( )

Qualified Electronic Signatures Act (SFS 2000:832)

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

SSLPost Electronic Document Signing

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Independent Accountants Report

thawte Certification Practice Statement

SSL.com Certification Practice Statement

e-tuğra CERTIFICATE POLICY E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. Version: 3.1 Validity Date: September, 2013 Update Date: 30/08/2013

Certificate Policy and Certification Practice Statement

Gandi CA Certification Practice Statement

SSL Certificates Enrollment, Collection, Installation and Renewal Release Date: May, 2015

Citizen CA Certification Practice statement

Vodafone Group CA Web Server Certificate Policy

SMKI Recovery Procedure

epki Root Certification Authority Certification Practice Statement Version 1.2

KIBS Certification Practice Statement for non-qualified Certificates

Managing CA-Signed Certificates

Swiss Government Root CA II. Document OID:

VeriSign Trust Network Certificate Policies

Certification Practice Statement (ANZ PKI)

Internet Security Research Group (ISRG)

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

TC TrustCenter Certificate Policy Definitions for EV Certificates

How to check if I care for the safety of my Clients?

CA/Browser Forum. Guidelines For The Issuance And Management Of Extended Validation Certificates

ACT. of 15 March 2002

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

Revelian Pty Ltd ABN Privacy Policy Effective 1 September 2014

CERTIFICATION PRACTICE STATEMENT (CPS) SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version 2.0

Analysis of the Global SSL Certificate Market. The Growing Need for Value-added Solutions

Trustwave Holdings, Inc

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)

understanding SSL certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES

Extended Validation SSL Certificates

Symantec Trust Network (STN) Certificate Policy

Basics of SSL Certification

Advantage Security Certification Practice Statement

Real Casa de la Moneda. Fábrica Nacional de Moneda y Timbre

Transcription:

SPECIFIC DOCUMENTATION FOR WEBSITE CERTIFICATES IZENPE 2015 This document is the property of IZENPE and may only be reproduced in its entirety.

1 Introduction This document includes the Specific Documentation for certificates issued by Ziurtapen eta Zerbitzu Enpresa-Empresa de Certificación y Servicios, Izenpe, S.A. (henceforth Izenpe) for different types of websites. The purpose of this document is to detail and complete for this type of certificates the information provided in a more generic form in the Izenpe Certification Practice Statement, in the specific documents of the CA/Browser Forum (Baseline Requirements and EV guidelines for issuing certificates for websites) and in the ETSI specifications (www.etsi.org). Thus, Izenpe adheres to the following certification policies established by ETSI: DVCP (Domain Validation Certificates Policy): in the DV SSL certificates. OVCP (Organizational Validation Certificates Policy): in the OV SSL and Office certificates. EVCP (Extended Validation Certificates Policy): in the EV Office and EV SSL certificates. In the scope of the Google Certificate Transparency project, the EV SSL and EV Office certificates issued will be published in the Izenpe CT Log service and that of other log server providers with which Izenpe has signed agreements in order to comply with Google requirements. 1.1 Description of certificates Izenpe issues these certificates to enable subscribers to offer added security to their web services. As for the type of certificate issued by Izenpe, SSL DV SSL OV SSL EV SSL ELECTRONIC OFFICE Office EV Office The purpose of this type of certificate is to establish data communications in web servers with SSL/TLS. They enable the exchange of encrypted communication between the user and website, facilitating the keys needed to encrypt the information sent over the Internet. SSL CERTIFICATES, Depending on the validation the certificate can be, DOMAIN VALIDATED SSL (DV SSL), This certificate, considered a non-qualified certificate, is used to verify the ownership of the domain that hosts the website, providing a reasonable guarantee to the Internet browser user. These certificates remain valid for 1, 2, or 3 years. ORGANIZATION VALIDATED SSL (OV SSL), 2 OF 17_2015_v1.0

This certificate, considered non-qualified, is used to validate the domain ownership and the organization, providing the Internet browser user with a reasonable guarantee that the website being accessed belongs to the organization identified in the certificate. These certificates remain valid for 1, 2, or 3 years. VALIDATION EXTENDED SSL (EV SSL), This certificate, considered non-qualified, is used to validate the domain ownership and the organization, providing the Internet browser user with a robust guarantee that the website being accessed belongs to the organization identified in the certificate. These certificates remain valid for 1 or 2 years. ELECTRONIC OFFICE CERTIFICATES IZENPE, in accordance with Act 11/2007, of 22 June, on Electronic Access of Citizens to Public Services, issues the following types of certificates: ELECTRONIC OFFICE, This is a certificate issued with the authentication identifying the Public Administration, government agency or entity that owns the office. According to the assurance levels defined in the Identification and digital signature scheme, the Electronic Office certificate issued by IZENPE holds an intermediate level. These certificates remain valid for 1, 2, or 3 years ELECTRONIC OFFICE WITH EXTENDED VALIDATION EV (EV Office), In addition to the characteristics defined in the Electronic Office certificate, extended validation (EV) provides a higher level of authentication for Public Administration, government agency or administrative entity owing to a more exhaustive validation. According to the assurance levels defined in the Identification and digital signature scheme, the Electronic Office certificate issued by IZENPE holds an intermediate level. These certificates remain valid for 1 or 2 years. 3 OF 17_2015_v1.0

1.2 Identification In order to identify certificates, IZENPE has assigned them the following object identifiers (OID). CERTIFICATE OID DV SSL 1.3.6.1.4.1.14777.1.2.4 OV SSL 1.3.6.1.4.1.14777.1.2.1 EV SSL 1.3.6.1.4.1.14777.6.1.1 Electronic office 1.3.6.1.4.1.14777.1.1.3 EV Electronic office 1.3.6.1.4.1.14777.6.1.2 1.3 Community and scope of use The following will be considered users, Certificate applicant, person applying for the certificate in the name of an organization. Certificate subscriber, organization identified in the certificate. Scope of use The certificates will be used in the scope of the competences of the organization/public Administration, government agency or entity holding the certificate. 1.4 General provisions Identification obligations IZENPE, either directly or through the User Entities with which it has signed the corresponding legal agreement, checks the identity and any other personal information concerning certificate applicants and subscribers. The legal instrument between the parties will include compliance with the indications in the CA/Browser Forum documents. Certificate subscriber obligations The subscriber's obligations are specified in the Certification Practice Statement in the section on Obligations of the Subscriber. 4 OF 17_2015_v1.0

2 Operational Requirements 2.1 List of required documentation Issue application duly completed and signed. The applicant shall accept the applicable Terms of Use and Subscriber Contract on the date of signing the Application published on www.izenpe.com. Organization tax code TIN. Accreditation, CERTIFICATE PUBLIC ADMINISTRATION/PUBLIC SECTOR OTHER ORGANIZATIONS OV SSL Office EV SSL EV Office Proof of the organization's validity, Certification issued by Secretary/Lawyer Or reference in the Official Gazette in the 39 months prior to the issue application. Documentation not required in the case of a valid recognized corporate or entity certificate issued to the requesting organization by Izenpe, provided the certificate has been issued in the last 39 months. Proof of the organization's validity and of the applicant's competence to perform administration acts or enter into contracts on behalf of the organization. Certification issued by Secretary/Lawyer. Or reference in the Official Gazette in the 13 months prior to the issue application. Documentation not required in the case of a valid recognized corporate or entity certificate issued to the requesting organization by Izenpe, provided the certificate has been issued in the last 13 months. Proof of the organization's validity, Original certification from the corresponding Register. Or a simple notice. Documentation not required in the case of a valid recognized corporate or entity certificate issued to the requesting organization by Izenpe, provided the certificate has been issued in the last 39 months. Proof of the organization's validity and of the applicant's power to perform administration acts or enter into contracts on behalf of the organization, Original certification from the corresponding Register. Or a simple notice. Documentation not required in the case of a valid recognized corporate or entity certificate issued to the requesting organization by Izenpe, provided the certificate has been issued in the last 13 months. Note. All certificates, once despatched, are valid for 13 months. 5 OF 17_2015_v1.0

2.2 Procedure Request The APPLICANT shall submit the Issue Application and required documentation, By post to: IZENPE, S.A., C/ BEATO TOMAS DE ZUMARRAGA, 71-1ª PLANTA 01008 VITORIA-GASTEIZ. By email to: certservidor@izenpe.net. Or by completing the application provided for this purpose on the Izenpe website. By signing the Issue Application, the applicant agrees to the Terms of Use and the Subscriber Contract. Validation of documentation, DV SSL OV SSL EV SSL Office EV Office OV SSL EV SSL Office EV Office Verification that the applicant is entitled to use the domain or subdomain General domains (.com,.net,.org,.info,.biz, etc.): whois.icann.org.es domains: www.nic.es.eu domains: www.eurid.eu.eus domain: whois.nic.eus The registrant should coincide with the applicant organization. If not, the applicant must provide proof of the subscriber's right to use the domains. Email verification of the applicant's knowledge that the certificate is being processed. Verification by the CAA if they are registered and in all cases compliance with RFC 6844 guidelines. Verification of postal address at, Data Protection Agencies. Telephone operator pages. Eudel, for towns in the Basque Country. In the event of discrepancy between the documentation provided and the check run, Izenpe will verify that the address given on the Application is stable location of the applicant organization's operations. In the case of OV SSL certificates wildcards will be allowed in subdomains or host names, provided the applicant entity can prove its legitimate control of the complete domain name. Otherwise the request will be rejected. For example, *.co.uk or *.local cannot be issued, but *.example.com can be issued to the company Example, Inc. Proof of the applicant's competence to perform administrative acts or enter into contracts on behalf of the organization. EV SSL EV Office Check that the landline (not mobile) number is relevant to the applicant entity. Sources of verification: Telephone operator pages, Data Protection Agencies or Eudel for municipalities in the Basque Country. Subsequent verification by phone. Verification that the domain does not appear on risk lists in, The internal databases of Izenpe. 6 OF 17_2015_v1.0

And/or in the McAfee TrustedSource Web Database Double signature for documentation verification by, The Legal Office and the Technical Department Validation of the verifications made by the Head of the Technical Department. NOTE. Izenple may perform additional verifications such as: confirmation of the request by the organisation or authorisation for the applicant to process the certificate in the name of the organization and the annual review of its compliance by means of external audit. In cases where the validation cannot be carried out as determined, this will be justified in the documentation verification document. Once the documentation has been checked, Izenpe will report the verifications it has made by way of a documentation verification document. Only on EV certificates is validation dual. It will not be necessary to make the above verifications if the information has already been validated within the previous 13 months for EVs and 39 months for the rest. 7 OF 17_2015_v1.0

PROCESO DE SOLICITUD Y EMISIÓN DE CERTIFICADOS SSL EV Y SEDE EV Solicitud Solicitante Formulario Completar de solicitud formulario solicitud Telemática Envío a Izenpe o presencial documentación Área Jurídica Responsable de Seguridad Responsable de Área Técnica Personación en RA SI Necesari o identificar? Acreditación solicitante Validación jurídica Contacto con la entidad para la subsanación de errores NO NO Docume ntación OK? SI Acreditación organización Firma acta jurídica Comprobaciones técnicas Validación técnica Contacto con entidad para subsanación de errores NO OK? SI Firma acta técnica Validación expediente completo Generación petición técnica Sslicitud petición técnica Generación y entrega Contacto con entidad para subsanación de errores Prueba certificado y envío de hoja de entrega NO OK? Emisión Envío certificado y contrato SI Archivo hoja entrega 2.3 Issue and delivery of the certificate Izenpe will ask the Technical Manager indicated on the Issue Application to generate the technical request and submit it by e-mail to Izenpe. If the Izenpe application is used, the Technical Manager will enter the technical request. Izenpe will send the certificate to the Technical Manager by email or via the application. The applicant must sign and return to Izenpe the Delivery and Acceptance Sheet. 2.4 Fee Once the certificate is issued, the applicable fee is due. The applicable fees are posted every year on the Izenpe website at www.izenpe.com and on the application provided for this purpose. 2.5 Verification of certificate The signatory will have 15 working days from the date of issuance to make sure the certificate works properly; if operational defects are detected, Izenpe must be notified. Only if operational defects are due to technical reasons, or to errors made by Izenpe in the data contained in the certificate, will Izenpe revoke the certificate and issue a new one at its own expense. 8 OF 17_2015_v1.0

2.6 Revocation of Certificates Revocation request The revocation of a certificate can be requested by: - The subscriber. The following individuals are authorized to request the revocation of a certificate: The legal representative of the subscriber entity, the personnel manager or a third party authorized or either of the two. - The applicant. - Izenpe is authorized to request the revocation of end-entity subscriber certificates for technical reasons, as provided in the CPS. Procedure The person requesting revocation will process the Revocation Application through Izenpe. The certificate can be revoked at any time. The applicant can revoke the certificate through the following channels: - In person: o o After scheduling an appointment with Izenpe at www.izenpe.com Or at the subscriber organization with whom Izenpe has subscribed the relevant legal instrument. - Over the phone, by calling 902542 542. The following are required for identification: o Applicant ID o Technical contact ID o Applicant email o Fully qualified domain name (FQDN) - Online at www.izenpe.com 9 OF 17_2015_v1.0

- Or by post, submitting a signed and notarized revocation request. Causes for revocation Causes can be found in the Certification Practice Statement available at www.izenpe.com In addition, in the case of certificates regulated in this specific documentation Izenpe, 1. Will present the subscriber, third parties and Internet browsers with clear instructions on how to report complaints or suspicions of private key compromise, certificate misuse or other kinds of fraud, compromise, misuse or improper behaviour related to certificates. 2. Will investigate problem reports within the 24 hours of their receipt and will decide whether or not to revoke them, considering at least the following criteria: - The nature of the case at hand; - The number of problem reports received for a certificate or web page. - The identity of those making the complaint. - Current legislation. 2.7 Renewal of the Certificate To renew a certificate the applicant must follow the certificate issuance process established, taking into account that the verifications are valid for 13 months. 2.8 Audits and incidents Criteria referring to audits and analysis of incidents, Ways in which to present complaints or suggestions, - By phone: 902 542 542 - E-mail: info@izenpe.com - A complaint and suggestion form is available atwww.izenpe.com - Completing the complaints or claims forms available at the registration points. Internal registry of incidents. 10 OF 17_2015_v1.0

Security incidents are managed by the Izenpe Security Committee. The annual auditing plan is performed in accordance with ETSI criteria. IZENPE reports cases it considers as incidents (cases of fraud, phishing, etc.) on the Anti- PhisingWorkGroup website (www.apwg.org and makes sure prior to issuance that the applicant or representative does not appear in the Izenpe internal security incident database. In any case, Izenpe reserves the right to deny issuance of certificates in suspicious situations. 11 OF 17_2015_v1.0

3 Management of Changes The modifications made to this document will be approved by the IZENPE Security Committee. These modifications will be included in a Specific Documentation Update Document whose maintenance is guaranteed by Izenpe. The updated versions of the specific documentation can be consulted at www.izenpe.com. 12 OF 17_2015_v1.0

4 Certificate profiles and revoked certificate lists 4.1 DV SSL certificate 13 OF 17_2015_v1.0

4.2 OV SSL certificate 14 OF 17_2015_v1.0

4.3 Office certificate 15 OF 17_2015_v1.0

4.4 EV Office certificate 16 OF 17_2015_v1.0

4.5 EV SSL certificate 17 OF 17_2015_v1.0

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information