SPECIFIC DOCUMENTATION FOR THE APPLICATION AND CODE SIGNATURE CERTIFICATE

Transcription

1 SPECIFIC DOCUMENTATION FOR THE APPLICATION AND CODE SIGNATURE CERTIFICATE IZENPE 2013 This document is the property of IZENPE and may be reproduced only in its entirety.

2 1 Introduction This document includes the specific documentation for the Application and Code Signature certificates issued by Ziurtapen eta Zerbitzu Enpresa-Empresa de Certificación y Servicios, Izenpe, S.A. (henceforth called Izenpe). The purpose of this document is to detail and complete the information already provided more generically in the IZENPE Certification Practice Statement. 1.1 Description of certificates Concerning the certificate type, - Application This is a certificate used by a computer application to ensure authenticity and integrity. - Code signature This is a certificate that guarantees author's identity for software applications and the integrity of its contents, given that this certificate is used to sign code. 1.2 Identification In order to identify these certificates, Izenpe has assigned you the following object identifier (OID). CERTIFICATE Application certificate Code signing certificate OID 1.3 Community and scope of use The following will be considered an applicant: - the application's Technical Manager for the Application certificate. - the Organisation Manager regarding the Code signature certificate. 2 of 7

3 2 Operational requirements 2.1 Certificate application Processing the certificate and applicant identity accreditation, Due to their non recognised status, Izenpe does not require applicant identity accreditation to issue this type of certificate. The certificate will not be processed in person, handing in to Izenpe 1. Signed issue application 2. Photocopy of the following current documentation, a) Identity card (DNI), passport or driving licence, for national citizens. b) For foreign citizens: I. Members of the European Union or States belonging to the European Economic Area, must present: II. - Their national identity document, or equivalent in their country, or passport. - And a certificate issued by the Register of EU Nationals. Non EU citizens must present their Foreigner Identification Number (NIE) and current passport. Documentation accrediting the applicant entity The applicant, through the Issue Request, will prove the accuracy and truth of the information contained therein. 2.2 Certificate issue and certificate delivery Once the signed application and the public key have been handed in, Izenpe will issue the certificate. Concerning the certificate type, - Application Beforehand, the applicant generates a key pair in the actual server giving Izenpe the public key plus the application form. Izenpe will deliver the certificate to the applicant at the address given in the Issue Application. - Code signature Izenpe will deliver the certificate, the PIN and the personal unblocking code (PUK) to the applicant. The applicant should return the Delivery and Acceptance Sheet duly signed to Izenpe. 3 of 7

4 2.3 Revocation of Certificates The revocation of a certificate can be requested by: - The subscriber. This assumes that the following are authorised to request the certificate revocation: Legal Representative from the subscribing entity, the Personnel Manager or a third party authorised by either of the above. - The applicant. - Izenpe. The IZENPE administrators and Registration Offices are authorised to request the revocation of end-entity subscriber certificates. Procedure The revocation applicant must complete the Revocation Request form and submit it to IZENPE by the same means as anticipated for the certificate request. The Registration Office will record the applicant s identification through the Revocation Request. Revocation Causes Causes can be viewed in the Certification Practice Statement Renewal of Certificates To renew a certificate, whether due to revocation or expiration, the subscriber must apply for a new certificate, following the established process for issuance of certificates. 4 of 7

5 3 Management of Changes The modifications made to this document will be approved by the Izenpe Security Committee. These modifications will be included in a Specific Documentation Update Document whose maintenance is guaranteed by Izenpe. The updated versions of the specific documentation can be consulted at the following address 5 of 7

6 4 Certificate and CRL profiles 4.1 Application certificate profile Uses: signature, ssl Field/Extension Optional/Critical Contents Version Version 3 serialnumber signature issuer Validity Unique sequential number sha-1withrsaencryption Same as the subject field on the issuing CA certificate 3 years Subject ST L EA CN OU O C subjectpublickeyinfo Province Town/City Name of the application Department Name of the entity ES Minimum RSA 1024 bits extensions issueraltname subjectaltname extendedkeyusage netscapecerttype subjectkeyidentifier authoritykeyidentifier certificatepolicies policyidentifier cpsuri usernotice crldistributionpoints Optional Same as the subjectaltname on the issuing CA certificate Same as the subjectaltname extension of the request, if indicated clientauth, protection SSL_Client, SMIME_Client Public key identifier Only include keyidentifier field ( under development) Bermeen mugak ezagutzeko Ziurtagirian konfiantza izan aurretik kontratua irakurri. Limitations of liability at Consult the contract before relying on the certificate. authorityinfoaccess ocsp keyusage Critical digitalsignature, nonrepudiation, keyencipherment 6 of 7

7 4.2 Code signature certificate profile Field/Extension Optional/Critical Contents Version Version 3 serialnumber signature issuer Validity Unique sequential number sha-1withrsaencryption Same as the subject field on the issuing CA certificate 3 years Subject ST Optional Province L Optional Town/City EA CN Entity/application name OU Optional Department O Name of the entity C subjectpublickeyinfo ES Minimum RSA 1024 bits extensions issueraltname subjectaltname extendedkeyusage netscapecerttype subjectkeyidentifier authoritykeyidentifier certificatepolicies policyidentifier cpsuri usernotice crldistributionpoints authorityinfoaccess Optional Same as the subjectaltname on the issuing CA certificate Same as the subjectaltname extension of the request, if indicated codesigning ObjectSigning Public key identifier Only include keyidentifier field ( under development) Bermeen mugak ezagutzeko Ziurtagirian konfiantza izan aurretik kontratua irakurri. Limitations of liability at Consult the contract before relying on the certificate. ocsp keyusage Critical digitalsignature, nonrepudiation 7 of 7