Certification Policy for Legal Representatives of Sole and Joint and Several Directors Certificates. Certificate Profile

Transcription

1 Registro Nacional de Asociaciones. Número CIF G and Joint and Several Directors Certificates. Certificate Profile ANF Autoridad de Certificación Paseo de la Castellana, Madrid (Spain) Telephone: (Calls from Spain) Internacional (+34) Fax: (+34) Web:

2 Security Level Public Important Notice This document is property of ANF Autoridad de Certificación Distribution and reproduction is prohibited without written authorization from ANF Autoridad de Certificación Copyright ANF Autoridad de Certificación 2017 Address: Paseo de la Castellana, Madrid (Spain) Telephone: (Calls from Spain) International (+34) Fax: (+34) Web: 2

3 Legal Representative of Sole and Joint and Several Directors Certificates () (SIGNATURE) (ENCRYPTION) TOKEN BY SOFTWARE - HSM TOKEN Field Value Crít Mandatory Version 2 = (V3) Serial number SignatureAlgorithm sha256withrsaencryption SignatureHashAlgor ithm sha256 Common Name (CN) e.g. ANF Assured ID CA1 SERIALNUMBER G Organisation Identifier This is the VAT number. At present ANF AC does not include it Address (E) info@anf.es Issuer Organisational Unit (OU) Organizational unit within the Certification Services Provider responsible for the certificate issuance Organisation (O) e.g. ANF Autoridad de Certificacion Locality (L) State (ST) e.g. Barcelona (see current address at e.g. Barcelona Country (C) e.g. ES AuthorityCertIssuer AuthorityCertSerial Number Identifier of the issuer entity key Authority KeyIdentifier Issuer Alternative Name Valid from NotBefore Valid until Hash with SHA1 of the public key used to sign the certificate 3

4 NotAfter Subject Country (C) Subject's country = subscriber Locality (L) Subject's city State (ST) Subject's state Address (E) SERIAL NUMBER (SN) OrganizationIdentifier Subject's E.g.: IDCES G. 3 characters to indicate the document number (IDC= national identity document) + 2 characters to identify the country (ES) + ID number The certificate must include at least= Serial Number or OrganizationIdentifier (VAT number), e.g. VATES-B Z OrganizationName (O) e.g. Company name. S.L. Given Name (G) SurName (SN) First name of the legal representative, according to identity document (National/Foreign Citizens ID Card / Passport) Surname(s) of the legal representative. First surname, blank space, second surname of the person responsible for the certificate in accordance with the National ID Card or in case of a foreigner the passport Subject Common Name (CN) (all fields encoded using UTF-8) Legal Representative of a Sole and Joint and Several Directors Certificate () Organisational Unit (OU) SIGNATURE Legal Representative of a Sole and Joint and Several Directors Certificate (SIGNATURE). ENCRYPTION Legal Representative of a Sole and Joint and Several Directors Certificate (ENCRYPTION). e.g. Description Title (T) Reg: XXX / Sheet: XXX /Volume: XXX /Section: XXX /Book: XXX /Page: XXX / Date: dd-mm-yyyy / Inscription: XXX Notary: Name Surname1 Surname2/ Protocol Num: XXX / Granting Date: dd-mm-yyyy In Official Gazette: Gazette: XXX/ / Date: dd-mm-yyyy / Resolution number: XXX e.g. Sole Administrator SubjectAlternativeName

5 DNSName Directory Name e.g.: e.g.: SubjectAlternativeN ame e.g.: passport e.g.: Spanish SubjectDirectoryAttributes TelephoneNumber Facsimile StreetAddress PostalAddress PostalCode e.g.: SHA256-gsq33wq/udldyk5ZN84paMeYx e.g.: alizador AR=OID ) Full name of the country to which the issuance corresponds SubjectDirect oryattributes e.g. Qualified certificate e.g. Purchase contracts signing e.g e.g. euros Automatically completed by AR Manager Automatically completed by AR Manager Automatically completed by AR Manager Automatically completed by AR Manager

6 e.g.: AR Manager desktop v Subject Key Identifier SubjectPublic KeyInfo e.g e.g Hash in SHA1 of the public key used to sign the certificate RSA (2048) Access to issuer entity information AccessMethod [1] [1] Access to authority information Access method = On line certificate status protocol ( ) AccessLocation [1] Alternative name: 6

7 URL address= AccessMethod [2] AccessLocation [2] URL address= [1] CRL distribution point CRL distribution points crldistributionpoint [1] Distribution point name: Full name: URL address DistributionPoint [2] DistributionPoint [3] QcCompliance Present if the certificate is issued with the recognized qualification. Annex I eidas ONLY if the device is SSCD QcSSCD Only included in the SIGNATURE type Secure Signature Creation Device (SSCD) ONLY in the profile (SIGNATURE), QcType- esign SIGNATURE QcType 1 QcType 1is outlined ETSI EN Qualified Certificate Statement TSI EN , antes ETSI TS QcPDS QcLimitValue URL which allows Access to all the PKI policies in English. Https protocol ETSI EN Limit amount of liability assumed by the issuer expressed in EUROS Integer: =15 ([ETSI EN ] QcRetentionPeriod Describes the conservation period of all information, relevant to the use of a certificate, after its expiration) semnaticsid-natural To indicate the semantics of a natural person defined by the EN PolicyIdentifier () [1] Certificates policy: Policy identifier =

8 (SIGNATURE) Cryptographic software token [1] Certificates policy: Policy identifier = [1] Certificates policy: (ENCRYPTION) Policy Certificate Policies (SIGNATURE) HSM token identifier = [1] Certificates policy: Policy identifier = PolicyIdentifier PolicyCPSLocation User notice () (SIGNATURE) [1,1] Policy certifier information: Policy certifier ID =CPS Certifier: [1,2] Policy certifier information: Policy certifier ID = User notice Certifier: Notice text = Certificate in compliance to electronic signature legislation. Before accepting it verify integrity, limitations, validity, and authorized uses. PolicyIdentifie r ONLY FOR SIGNATUR E TYPE HSM TOKEN qcp-natural-qscd ( ) SOFTWARE TOKEN qcp-natural ( ) PrivateOrganization Fields conditioned by the use of the certificate BusinessCategory JurisdictionOfIncorporationL ocalityname JurisdictionOfIncorporationSt ateorprovincename JurisdictionOfIncorporationC ountryname GovernmentEntity BusinessEntity Non-commercialEntity Locality Province Country Basic Constraints Type of matter =End entity Route Length Restriction =None 8

9 CA = FALSE Certificate Type: SIGNATURE Non-repudiation (c0) Key usage Certificate Type: Electronic signature, Non-repudiation (c0) Certificate Type: ENCRYPTION KeyEncipherment, dataencipherment Extended key usage Signature / Authentication Client Authentication Secure mail Identification algorithm sha1 Signature Value Digital Fingerprint Descriptive Name Automatically completed by AR Manager 9