InfoCert Certificate Service Provider

Similar documents
Certificate Path Validation

Certificate Policy for OCES personal certificates (Public Certificates for Electronic Services)

Certificate Policy for. SSL Client & S/MIME Certificates

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Certificate Policy for OCES Employee Certificates (Public Certificates for Electronic Services) Version 5

Certificate Policy for OCES company certificates (Public Certificates for Electronic Services)

Neutralus Certification Practices Statement

ETSI TS V1.1.1 ( )

X.509 Certificate Generator User Manual

PKI NBP Certification Policy for ESCB Signature Certificates. OID: version 1.5

ETSI EN V2.1.1 ( )

Danske Bank Group Certificate Policy

PKI NBP Certification Policy for ESCB Encryption Certificates. OID: version 1.2

Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.

Land Registry. Version /09/2009. Certificate Policy

Certificate Policy for OCES Personal Certificates ("Offentlige Certifikater til Elektronisk Service") Version 4

Certipost Trust Services. Certificate Policy. for Lightweight Certificates for EUROCONTROL. Version 1.2. Effective date 03 May 2012

Certification services for electronic security certificates

TeliaSonera Root CA v1 Certificate Practice Statement. Published by: TeliaSonera AB

Certificate Policy. SWIFT Qualified Certificates SWIFT

ETSI TS V1.1.1 ( ) Technical Specification

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

APNIC Trial of Certification of IP Addresses and ASes

Understanding digital certificates

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

HMRC Secure Electronic Transfer (SET)

Certification Practice Statement

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

Programme of Requirements part 3h: Certificate Policy Server certificates Private Services Domain (G3)

Ericsson Group Certificate Value Statement

TELSTRA RSS CA Subscriber Agreement (SA)

Specifying the content and formal specifications of document formats for QES

PROCEDURE FOR UPDATING LISTS THROUGH WEB INTERFACE

ARTL PKI. Certificate Policy PKI Disclosure Statement

PUBLIC-KEY CERTIFICATES

E-TUGRA INFORMATIC TECHNOLOGIES AND SERVICES CORP (E-TUGRA)

ETSI TS V1.4.3 ( )

SECURITY IN ELECTRONIC COMMERCE MULTIPLE-CHOICE QUESTIONS

TR-GRID CERTIFICATION AUTHORITY

A PKI For IDR Public Key Infrastructure and Number Resource Certification

Public-Key Infrastructure

Consiglio Nazionale del Notariato

Long term electronic signatures or documents retention

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June Version: 1.0

NIST Test Personal Identity Verification (PIV) Cards

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

TR-GRID CERTIFICATION AUTHORITY

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

The IVE also supports using the following additional features with CA certificates:

SecureStore I.CA. User manual. Version 2.16 and higher

SWITCHaai Metadata CA. Certificate Policy and Certification Practice Statement

SECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS

Class 3 Registration Authority Charter

StartCom Certification Authority

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

REVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September OID for this CP:

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

Metropolitan Police Service Enterprise PKI. Root Certificate Authority, Certificate Policy. Version th February 2012 NOT PROTECTIVELY MARKED

E-Lock ProSigner vs. In-built Acrobat 6.0 signatures

Signature policy for TUPAS Witnessed Signed Document

PKI and OpenSSL part 1 X.509 from the user s and the client software s point of view

Certification Practice Statement for Extended Validation Certificates

Certification Practice Statement

Ciphermail S/MIME Setup Guide

Certificates and network security

TACC ROOT CA CERTIFICATE POLICY

ETSI TS V1.1.2 ( ) Technical Specification

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy

ENTRUST CERTIFICATE SERVICES

How To Understand And Understand The Certificate Authority (Ca)

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

Asymmetric cryptosystems fundamental problem: authentication of public keys

CERTIFICATION PRACTICE STATEMENT UPDATE

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

PostSignum CA Certification Policy applicable to qualified personal certificates

Windows Server 2008 PKI and Certificate Security

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

Authentication Applications

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

ING Public Key Infrastructure Certificate Practice Statement. Version June 2015

Cyber Security Practical considerations for implementing IEC 62351

HKUST CA. Certification Practice Statement

Network Security: Public Key Infrastructure

QUOVADIS ROOT CERTIFICATION AUTHORITY CERTIFICATE POLICY/ CERTIFICATION PRACTICE STATEMENT. OIDs:

OpenCA v (ten-ten 2 )

Transcription:

InfoCert Certificate Service Provider Certificate policy for test certificates OID: 1.3.76.36.1.1.21 OID:1.3.76.36.1.1.21 V.1.0 del 02/04/2009 pag. 1 di 8

Table of Contents 1. Introduction...3 1.1. Changes...3 1.2. Scope of the certificates...3 1.3. Terms and definitions...3 1.4. Responsability...3 1.5. Contacts...4 1.6. Normative references...4 2. Service features...5 2.1. Certificate Service provider...5 2.2. Subjects...5 2.3. Timing...5 3. Procedures...6 3.1. Key pair generation and certificate issuing...6 3.2. Delivery of the P12 file...7 3.3. Validity...7 3.4. Revocation of a certificate...7 Revocation...7 CRL issuing...8 OID:1.3.76.36.1.1.21 V.1.0 del 02/04/2009 pag. 2 di 8

1. Introduction The present document states the rules and the operational procedures to be followed for the issuing of X.509 certificates with test purposes. Requiring a certificate under this policy entails the complete acceptance of the rules stated hereafter. References to this policy are inside the certificates, in compliance with the applicable standard (see the Normative reference section). The relying parties using this certificates for a signature verification are so informed about the purposes of the certificates and the limitations of liability. InfoCert can change this document at any time. Any new version supersedes the previous one. For a certificate, the applicable policy is the one in force at the time of its issuing, till the certificate expiration. Version and issuing date are on the footer of each page. This policy has the OID:1.3.76.36.1.1.21 InfoCert 1.3.76.36 Certification-Service-Provider 1.3.76.36.1 Certificate-policy 1.3.76.36.1.1 Test certificates 1.3.76.36.1.1.21 This policy is published on the web site:http://www.firma.infocert.it 1.1. Changes Versione/Release n : Descrizione modifiche: Motivazioni : 1.0 Data Versione/Release : 02/04/2009 None First issue 1.2. Scope of the certificates The key pairs and the certificates generated and issued under this policy are for test purposes only and do not have any legal value. InfoCert assumes NO LIABILITY for the usage of key pairs and certificates issued under this policy. Any information included in the certificate is for test purposes only. 1.3. Terms and definitions Refers to the Normative Reference section 1.4. Responsability InfoCert is responsible of this document. OID:1.3.76.36.1.1.21 V.1.0 del 02/04/2009 pag. 3 di 8

1.5. Contacts InfoCert S.p.A. Responsabile Certificazione Digitale e Sistemi Corso Stati Uniti 14 35127 Padova Phone: +39 049828 8111 Fax: +39 049 828 8406 Web: http://www.firma.infocert.it e-mail: firma.digitale@infocert.it 1.6. Normative references [1] ETSI TS 102 042 Policy requirements for certification authorities issuing public key certificates Aprile 2002 [2] RFC 5280 (2008): "Internet X.509 Public Key Infrastructure Certificate and CRL Profile [3] RFC 3161 (2001): Internet X.509 Public Key Infrastructure Time Stamp Protocol (TSP) [4] RFC 2527 (1999): Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework [5] Information Technology Open Systems Interconnection The Directory: Authentication Framework; ITU-T Recommendation X.509 (1997) ISO/IEC 9594-8 [6] PKCS 12 v1.0: Personal Information Exchange Syntax OID:1.3.76.36.1.1.21 V.1.0 del 02/04/2009 pag. 4 di 8

2. Service features 2.1. Certificate Service provider Name InfoCert - Società per azioni Main site Via G.B. Morgagni 30H 00161 Roma Legal representative Dott. Daniele Vaccarino Phone +39 06442851 fax 390644285255 VAT number and Business register 7945211006 number Web site http://www.firma.infocert.it/ 2.2. Subjects The certificate subject can be a physical person, a legal entity (i.e. a company/corporation), a device, a website, other. 2.3. Timing The timing for the key pairs generation and for the issuing of the certificate will be agreed separately. OID:1.3.76.36.1.1.21 V.1.0 del 02/04/2009 pag. 5 di 8

3. Procedures Since the scope of the certificate is for test only, there are no strict rules for the issuing of the certificates. Who requires the certificate SHALL sign an agreement with InfoCert, explicitly accepting the rules stated in this policy. If the agreement foresees a payment, the certificate will be issued only after Infocert will have received the confirmation. Then, who requires the certificate SHALL send the data to fill in the certificate (fields in bold are mandatory): - Country - Common Name - Given Name - Surname - Title - Organization - locality - email - validity period (or end of validity time). The validity period CAN NOT be longer than 1 (one) year. The data SHALL be sent at the InfoCert contact ( 1.4), quoting the agreement and the payment data, if applicable. The agreement may also define alternative methods of payment and data provisioning. In any case, it is mandatory to supply the email address and phone number of a contact point person, to be contacted for any clarification. 3.1. Key pair generation and certificate issuing After receiving the foreseen data, InfoCert will check them and, in case of problem, will get in touch with the contact person indicated in the request. If everything is right, the contact person SHALL choose a passphrase for the protection of key pairs and certificates. InfoCert will generate the key pairs in its own premises. Then it will issue the corresponding certificate and will fill in the Subject Distinguished Name fields with the user supplied data. Key pair and certificate are then stored in a PKCS#12 file, encoded PEM, protected by the passphrase chosen by the contact point. The certificates are based on the RSA algorithm, with a 1024 bit key length. The certificate is compliant with the standard ITU X.509 v3 OID:1.3.76.36.1.1.21 V.1.0 del 02/04/2009 pag. 6 di 8

The applicant MAY indicate the required value for tha KeyUsage and the ExtendedKeyUsage extensions. The certificates KeyUsage attribute MAY have one or more of the following values: digitalsignature (0), nonrepudiation (1), -- recent editions of X.509 have renamed this bit to contentcommitment keyencipherment (2), dataencipherment (3), keyagreement (4) Given the scope of the certificate, all the combinations are admitted. If not specified the KeyUsage will take the values: digitalsignature + keyencipherment + keyagreement The related attribute ExtendedKeyUsage will have the fixed value: ClientAuthentication + Emailprotection. 3.2. Delivery of the P12 file The PKCS#12 file with extension p12 will be sent to the contact person, with a commonly agreed procedure. 3.3. Validity The certificates has a time limited validity, stated by the field (validity), with the attributes (not before) and (not after). NOTE The date are expressed in the UTC format (see RFC 5280) year-month-day-hour-minutes-seconds-timezone {YYYYMMDDHHMMSSZ} Outside of this time range, the certificate is not valid. 3.4. Revocation of a certificate The validity status of a certificate can be reduced by inserting it in the CRL Certificate Revocation List. A verification application compliant with the normative reference SHALL check the presence of the certificate in the CRL. A signature based on a certificate expired or revoked SHOULD be considered not valid. Revocation The revocation can be required by InfoCert or by the contact person The revocation SHOULD 1 be required in case of: 1 Usually the verb used here is SHALL, but given the test purposes, the option is recommended, not mandatory OID:1.3.76.36.1.1.21 V.1.0 del 02/04/2009 pag. 7 di 8

- suspect or sure compromise of private key; - certificate not usable; - end of contractual agreement - usage of the certificate outside the scope of this policy - order by a judiciary authority. The contact person can require the revocation by sending an email to the Infocert contact mail ( 1.4), specifying the serial number of the certificate and the revocation reason. CRL issuing The CRL is published on the Internet. The CRL Distribution Point extension of the certificate contains the URL where the CRL can be accessed. The CRL is published at least every day. OID:1.3.76.36.1.1.21 V.1.0 del 02/04/2009 pag. 8 di 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information