High Assurance SSL Sub CA Addendum to the Comodo Certification Practice Statement v.3.0



Similar documents
Dual Use Certificate Addendum to the Comodo Certification Practice Statement v.3.0

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

Comodo Certification Practice Statement

Comodo Certification Practice Statement

Certificate Warranty Plan Addendum to the Comodo Certification Practice Statement v.3.0

Comodo Certification Practice Statement

DigiCert Certification Practice Statement

EBIZID CPS Certification Practice Statement

Comodo Extended Validation (EV) Certification Practice Statement

Comodo Extended Validation (EV) Certification Practice Statement

Domain Control Validation in Comodo Certificate Manager

Comodo Certification Practice Statement

TELSTRA RSS CA Subscriber Agreement (SA)

Enterprise Public Key Infrastructure (EPKI) Manager. Version 3.5

Web Host Reseller Program

Securing Service Access with Digital Certificates

Tel: Tel: +44 (0) Comodo Group.

The IVE also supports using the following additional features with CA certificates:

Public Key Infrastructure

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

Key Management and Distribution

Class 3 Registration Authority Charter

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

COMODO RELYING PARTY WARRANTY

Chapter 7 Managing Users, Authentication, and Certificates

3.Practices and procedures. v

Enterprise Public Key Infrastructure (EPKI) Manager Version 3.0

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

4. Representation. Subscriber represents that it has read, understands, and agrees to schedule 1.

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Tel: (877) COMODO-5 Tel: +44 (0) Comodo Group.

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

CERTICOM RELYING PARTY WARRANTY

Comodo Certificate Manager. Comodo Enterprise

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

TeliaSonera Server Certificate Policy and Certification Practice Statement

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Comodo Certificate Manager Software Version 4.6

Configuring Secure Socket Layer HTTP

Transnet Registration Authority Charter

Certification Practice Statement

IBM Client Security Solutions. Client Security User's Guide

Certificate Policy and Certification Practice Statement

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

EuropeanSSL Secure Certification Practice Statement

Using etoken for Securing s Using Outlook and Outlook Express

Public Key Infrastructure for a Higher Education Environment

Eskom Registration Authority Charter

COMODO CERTIFICATE SUBSCRIBER AGREEMENT

Comodo Certificate Manager Version 5.4

Microsoft Trusted Root Certificate: Program Requirements

Configuring Digital Certificates

Technical Certificates Overview

SSL.com Certification Practice Statement

Gandi CA Certification Practice Statement

Djigzo S/MIME setup guide

Certification Service Provider of the Ministry of Employment and Social Securityp. Profile for Electronic seal certificate

Certificate technology on Pulse Secure Access

This section includes troubleshooting topics about certificates.

Certificate technology on Junos Pulse Secure Access

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

Administration Guide Certificate Server May 2013

Integrated SSL Scanning

Comodo Certificate Manager Software Version 4.5

StartCom Certification Authority

Integrated SSL Scanning

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

Danske Bank Group Certificate Policy

User Guide. MailMarshal Secure 5.5. August 2006

Certification Practice Statement

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

thawte Certification Practice Statement Version 2.3

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS)

Websense Content Gateway HTTPS Configuration

Neutralus Certification Practices Statement

Certification Service Provider of the Ministry of Employment and Social Security. Profile for Electronic Office certificate

Ford Motor Company CA Certification Practice Statement

ASA 8.x Manually Install 3rd Party Vendor Certificates for use with WebVPN Configuration Example

GEOSURE PROTECTION PLAN

Key Management and Distribution

Bugzilla ID: Bugzilla Summary:

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Security Digital Certificate Manager

Extended Validation (EV) SSL Certificates. Key to Online Success for you and your customers

InCommon Certification Practices Statement. Server Certificates

Vodafone Group CA Web Server Certificate Policy

Comodo Certificate Manager Software Version 5.0

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Security Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -

Understanding Digital Certificates and Secure Sockets Layer (SSL)

SSL Certificates Enrollment, Collection, Installation and Renewal Release Date: May, 2015

Comodo US 3401 E. McDowell Rd, Suite B, Phoenix AZ Tel: (877) COMODO-5 Fax: (720)

Comodo 2048 bit SSL Certificates. Security for your online business now and long into the future

SharePoint Password Change & Expiration 3.0 User Guide

Transcription:

High Assurance SSL Sub A Addendum to the omodo ertification Practice Statement v.3.0 omodo A, Ltd. High Assurance SSL Sub-A Addendum to Version 3.0 Amendments 21 ctober 2008 3rd Floor, ffice Village, Exchange Quay, Trafford Road Salford, Manchester, M5 3EQ, United Kingdom www.comodogroup.com

Begining ctober 29, 2008, omodo A Ltd. ( omodo ) will begin to issue High Assurance SSL ertificates from its omodo High Assurance Secure Server A intermediary certificate. The purpose of this Addendum to the omodo ertification Practice Statement ( APS ) is to amend version 3.0 of the omodo ertification Practice Statement ( PS ) to include the hierarchy and crl addresses for the certificate chain. All provisions of the PS not specifically amended or added herein remain in full force and effect and where applicable shall apply to the new product offerings. nly the amended portions in this APS are included herein. Nothing in the PS shall be deemed omitted, deleted or amended unless expressly stated in this APS. Headings from the PS are included to identify the location of the Amended information and are not intended to be duplicative. 1 General 1.8 omodo PKI Hierarchy 1.8.2 1-5 year certificates (InstantSSL and EnterpriseSSL) Entrust ertificates Entrust.net Secure Server ertification Authority (serial number = 37 4a d2 43, expiry = 25 MAY 2019) Entrust omodo Intermediate - TBA (serial number = TBA, expiry = TBA) GTE ertificates End Entity SSL/End Entity Secure Email (serial number = x, expiry = 1, 2 or 3 years from issuance) GTE ybertrust Root (serial number = 01A5, expiry = 14 August 2018) omodo lass 3 Security Services A (serial number = 0200 029A, expiry = 27 August 2012) End Entity SSL/End Entity Secure Email (serial number = x, expiry = 1, 2 or 3 years from issuance) UTN/AddTrust certificates InstantSSL and EnterpriseSSL A Visible on IE compatible browsers as follows: UTN-USERFIRST-Hardware (serial number = 44 be 0c 8b 50 00 24 b4 11 d3 36 2a fe 65 0a fd, expiry = 09 July 2019 19:19:22) End Entity SSL/End Entity Secure Email (serial number = x, expiry = 1 month or up to 10 year(s) from issuance) ross signed and therefore visible on Netscape compatible browsers as follows: AddTrust External A Root (serial number = 01, expiry = 30/05/2020 10:48:38)

UTN-USERFirst-Hardware (serial number = 48 4b ac f1 aa c7 d7 13 43 d1 a2 74 35 49 97 25, expiry = 30 May 2020 11:48:38) End Entity SSL/End Entity Secure Email (serial number = x, expiry = 1 month or up to 10 year(s) from issuance) omodo ertification Authority ertificates Visible on IE compatible browsers as follows: MD ertification Authority (serial number = 4e 81 2d 8a 82 65 e0 0b 02 ee 3e 35 02 46 e5 3d, expiry = 31 Dec ember 2029 23:59:59 MD High Assurance Secure Server A (serial number = 08 0a 57 82 2c c6f5 e1 4f 19 b7 09 55 c8 03 42, expiry = 31 December 2029 23:59:59) End Entity SSL ertificate (serial number = x, expiry = 1 month or up to 5 year(s) from issuance) ross signed and therefore visible on Netscape compatible browsers as follows: AddTrust External A Root (serial number = 01, expiry = 30/05/2020 10:48:38) MD ertification Authority (serial number = 4e 81 2d 8a 82 65 e0 0b 02 ee 3e 35 02 46 e5 3d, expiry = 31 Dec ember 2029 23:59:59 MD High Assurance Secure Server A (serial number = 08 0a 57 82 2c c6f5 e1 4f 19 b7 09 55 c8 03 42, expiry = 31 December 2029 23:59:59) End Entity SSL ertificate (serial number = x, expiry = 1 month or up to 5 year(s) from issuance) 1.8.5 omodo SG / Platinum SG / Multi-Domain certificates UTN ertificates Visible on IE compatible browsers as follows: UTN - DATAorp SG (serial number = 44 be 0c 8b 50 00 21 b4 11 d3 2a 68 06 a9 ad 69, expiry = 24 June 2019 20:06:40) End Entity SSL (serial number = x, expiry = 1 month or up to 10 year(s) from issuance) ross signed and therefore visible on Netscape compatible browsers as follows: AddTrust External A Root (serial number = 01, expiry = 30/05/2020 10:48:38) UTN - DATAorp SG (serial number = 53 7b 76 56 4f 29 7f 14 dc 69 43 e9 22 ad 2c 79, expiry = 30 May 2020 11:48:38) End Entity SSL (serial number = x, expiry = 1 month or up to 10 year(s) from issuance) omodo ertification Authority ertificates Visible on IE compatible browsers as follows: UTN - DATAorp SG (serial number = 44 be 0c 8b 50 00 21 b4 11 d3 2a 68 06 a9 ad 69, expiry = 24 June 2019 20:06:40)

MD ertification Authority (serial number = 4e 81 2d 8a 82 65 e0 0b 02 ee 3e 35 02 46 e5 3d, expiry = 31 Dec ember 2029 23:59:59 MD High Assurance Secure Server A (serial number = 08 0a 57 82 2c c6f5 e1 4f 19 b7 09 55 c8 03 42, expiry = 31 December 2029 23:59:59) End Entity SSL ertificate (serial number = x, expiry = 1 month or up to 5 year(s) from issuance) ross signed and therefore visible on Netscape compatible browsers as follows: AddTrust External A Root (serial number = 01, expiry = 30/05/2020 10:48:38) UTN - DATAorp SG (serial number = 53 7b 76 56 4f 29 7f 14 dc 69 43 e9 22 ad 2c 79, expiry = 30 May 2020 11:48:38) MD ertification Authority (serial number = 4e 81 2d 8a 82 65 e0 0b 02 ee 3e 35 02 46 e5 3d, expiry = 31 Dec ember 2029 23:59:59 1.12 Relying Parties MD High Assurance Secure Server A (serial number = 08 0a 57 82 2c c6f5 e1 4f 19 b7 09 55 c8 03 42, expiry = 31 December 2029 23:59:59) End Entity SSL ertificate (serial number = x, expiry = 1 month or up to 5 year(s) from issuance) To verify the validity of a digital certificate they receive, relying parties must refer to the ertificate Revocation List (RL) or SP response prior to relying on information featured in a certificate to ensure that omodo has not revoked the certificate. The RL location is detailed within the certificate. SP responses are sent through the omodo SP responder. 2.1.1 Root A Signing Key Protection and Recovery 90 omodo ertification Authority 153 omodo High Assurance Secure Server A High Assurance SSL ertificates Intermediate for High Assurance SSL ertificates 31 Dec 2029 2048 31 Dec 2029 2048 2.3 omodo Directories, Repository and ertificate Revocation Lists omodo manages and makes publicly available directories of revoked certificates using ertificate Revocation Lists (RLs). All RLs issued by omodo are X.509v2 RLs, in particular as profiled in RF3280. Users and relying parties are strongly urged to consult the directories of

revoked certificates at all times prior to relying on information featured in a certificate. omodo updates and publishes a new RL every 24 hours or more frequently under special circumstances. The RL for end entity certificates can be accessed via the following URLs: http://crl.comodo.net/lass3securityservices_3.crl http://crl.comodoca.com/lass3securityservices 3.crl http://crl.comodoca.com/omodohighassurancesecureservera.crl omodo operates an SP service at http://ocsp.comodo.com. omodo s SP responder conforms to RF 2560. Revocation information is made immediately available through the SP services. The SP responder and responses are available 24x7. 2.12.4 ertificate Policy (P) omodo Secure Server ertificates InstantSSL / ProSSL / PremiumSSL / PremiumSSL Wildcard / EliteSSL /GoldSSL / PlatinumSSL / PlatinumSSL Wildcard / PremiumSSL Legacy / PremiumSSL Legacy Wildcard / PlatinumSSL Legacy / PlatinumSSL Legacy Wildcard / PlatinumSSL SG Legacy / PlatinumSSL SG Legacy Wildcard / omodo SG SSL / omodo SG SSL Wildcard / Trial SSL / Intranet SSL / ther SSL ertificates Signature Algorithm Issuer (option 1) (not for any SG type) Issuer (option 2) (not for any SG type) Issuer (option 3) for SG types only. Issuer (option 4) (not for any SG type) Issuer (option 5) Sha1 N N L S N L S N N omodo lass 3 Security Services A (c) 2002 omodo Limited Terms and onditions of use: http://www.comodo.net/repository omodo Trust Network omodo Limited GB UTN-USERFIRST-Hardware http://www.usertrust.com The USERTRUST Network Salt Lake ity UT US UTN - DATAorp SG http://www.usertrust.com The USERTRUST Network Salt Lake ity UT US omodo lass 3 Security Services A (c) 2006 omodo A Limited Terms and onditions of use: http://www.comodo.com/repository omodo Trust Network omodo A Limited GB omodo High Assurance Secure Server A 2008 omodo A Limited

Validity Subject Authority Key Identifier Key Usage (Nonritical) Extended Key Usage (Additional usages for SG types only) Netscape ertificate Type Basic onstraint ertificate Policies Terms and onditions of use: http://www.comodo.com/repository omodo Trust Network omodo A Limited GB 1 year / 2 year / 3 year / 4 year / 5 year N ommon Name InstantSSL / ProSSL/PremiumSSL / PremiumSSL Wildcard / EliteSSL /GoldSSL / PlatinumSSL / PlatinumSSL Wildcard / PremiumSSL Legacy / PremiumSSL Legacy Wildcard / PlatinumSSL Legacy / PlatinumSSL Legacy Wildcard / PlatinumSSL SG Legacy / PlatinumSSL SG Legacy Wildcard / omodo SG SSL / omodo SG SSL Wildcard / ther SSL ertificate name / Powered SSL product name (0 or 1 Hosted by [Web Host Reseller Subscriber Name] of) Issued through [EPKI Manager Subscriber Name] (for Intranet SSL only) (for Trial SSL only) L STREET S Postalode Provided by [Powered SSL Subscriber Name] INTRANET USE NLY N WARRANTY ATTAHED MPANY NT VALIDATED TEST USE NLY - N WARRANTY ATTAHED rganization rganization Unit Locality Street State Zip or Postal ode ountry KeyID only is specified. Digital Signature, Key Encipherment(A0) Server Authentication (1.3.6.1.5.5.7.3.1) lient Authentication (1.3.6.1.5.5.7.3.2) Microsoft SG (1.3.6.1.4.1.311.10.3.3) Netscape SG (2.16.840.1.113730.4.1) SSL lient Authentication, SSL Server Authentication(c0) Subject Type = End Entity Path Length onstraint = None [1] ertificate Policy: PolicyIdentifier = 1.3.6.1.4.1.6449.1.2.1.3.4 [1,1]Policy Qualifier Info: Policy Qualifier Id = PS Qualifier: https://secure.comodo.net/ps

RL Distribution Policies [1]RL Distribution Point Distribution Point Name: Full Name: URL=<Primary DP URL> [2]RL Distribution Point Distribution Point Name: Full Name: URL=<Secondary DP URL> (only when the Issuing A is omodo lass 3 Security Services A ) Authority Information Access (omitted when Issuing A is omodo lass 3 Security Services A ) (non-critical) Thumbprint Algorithm Thumbprint [3]RL Distribution Point Distribution Point Name: Full Name: RF822 Name=<RL Request Email Address> [1]Authority Info Access Access Method = id-ad-caissuers (1.3.6.1.5.5.7.48.2) URL=<Primary AIA URL> [2]Authority Info Access Access Method = id-ad-ocsp (1.3.6.1.5.5.7.48.1) URL = http://ocsp.comodo.com SHA1 omodo MD Signature Algorithm Issuer (ption 1) Issuer (ption 2) Validity Subject Sha1 N UTN - DATAorp SG http://www.usertrust.com The USERTRUST Network L Salt Lake ity S UT US N omodo High Assurance Secure Server A 2008 omodo A Limited Terms and onditions of use: http://www.comodo.com/repository omodo Trust Network omodo A Limited GB 1 Year / 2 Year / 3 Year N ommon Name [Name Windows displays as Issued To Typically Entity Name like field] Hosted by [Web Host Reseller Subscriber Name] Issued through [EPKI Manager Subscriber Name] Provided by [Powered SSL Subscriber Name] rganisation rganisation Unit L Locality S Street ountry N Domain Name 1

N Domain Name 2 N Domain Name 3 (etc to Domain Name 100) N ommon Name [Name Windows displays as Issued To Typically Entity Name like field] Enhanced Key Usage Server Authentication (1.3.6.1.5.5.7.3.1) lient Authentication (1.3.6.1.5.5.7.3.2) Microsoft SG (1.3.6.1.4.1.311.10.3.3) Netscape SG (2.16.840.1.113730.4.1) Key Usage (Nonritical) Digital Signature, Key Encipherment(A0) Netscape ertificate Type SSL lient Authentication, SSL Server Authentication(c0) Basic onstraint Subject Type=End Entity Path Length onstraint=none ertificate Policies [1]ertificate Policy: Policy Identifier=1.3.6.1.4.1.6449.1.2.1.3.4 [1,1]Policy Qualifier Info: Policy Qualifier Id=PS Qualifier: https://secure.comodo.net/ps RL Distribution Points [1]RL Distribution Point Distribution Point Name: Full Name: URL= <Primary DP URL> Authority Information Access (non-critical) [2]RL Distribution Point Distribution Point Name: Full Name: URL=<Secondary DP URL> [1]Authority Info Access Access Method = id-ad-caissuers (1.3.6.1.5.5.7.48.2) URL=<Primary AIA URL> [2]Authority Info Access Access Method = id-ad-ocsp (1.3.6.1.5.5.7.48.1) URL = http://ocsp.comodo.com Subject Alternate Name DNS Name=Domain Name 1 DNS Name=Domain Name 2 DNS Name=Domain Name 3.up to DNS Name=Domain Name 100 Thumbprint Algorithm Thumbprint 4.13.2 Effect of Revocation SHA1 Upon revocation of a certificate, the operational period of that certificate is immediately considered terminated. The serial number of the revoked certificate will be placed within the ertificate Revocation List (RL) and remains on the RL until some time after the end of the certificate s validity period. An updated RL is published on the omodo website every 24 hours; however, under special circumstances the RL may be published more frequently. In addition, omodo s systems are configured to pre-generate SP responses using the private key of the certificate. This provides real-time information regarding the validity of the ertificate making the revocation information immediately available through the SP.

5.12 Reliance on Unverified Digital Signatures Parties relying on a digital certificate must verify a digital signature at all times by checking the validity of a digital certificate against the relevant RL published by omodo or using the omodo SP responder. Relying parties are alerted that an unverified digital signature cannot be assigned as a valid signature of the subscriber. 5.19 bligations of a Relying Party A party relying on a omodo certificate accepts that in order to reasonably rely on a omodo certificate they must: Minimize the risk of relying on a digital signature created by an invalid, revoked, expired or rejected certificate; the relying party must have reasonably made the effort to acquire sufficient knowledge on using digital certificates and PKI. Study the limitations to the usage of digital certificates and be aware through the Relying Party agreement the maximum value of the transactions that can be made using a omodo digital certificate. Read and agree with the terms of the omodo PS and relying party agreement. Verify a omodo certificate by referring to the relevant RL and the RLs of intermediate A and root A or by checking the SP response using the omodo SP responder. Trust a omodo certificate only if it is valid and has not been revoked or has expired. Rely on a omodo certificate, only as may be reasonable under the circumstances listed in this section and other relevant sections of this PS. Document ontrol This document is the High Assurance SSL Sub-A Addendum to omodo PS Version 3.0, created on 16 ctober 2008 and signed off by the omodo ertificate Policy Authority. omodo A Limited 3rd Floor, ffice Village, Exchange Quay, Trafford Road, Salford, Manchester, M5 3EQ, United Kingdom URL: http://www.comodogroup.com Email: legal@comodogroup.com Tel: +44 (0) 161 874 7070 Fax: +44 (0) 161 877 1767 opyright Notice opyright omodo A Limited 2008. All rights reserved. No part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording or otherwise) without prior written permission of omodo Limited. Requests for any other permission to reproduce this omodo document (as well as requests for copies from omodo) must be addressed to: omodo A Limited 3rd Floor, ffice Village, Exchange Quay, Trafford Road,

Salford, Manchester, M5 3EQ, United Kingdom

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information