EFOS End Entity HSA Person 2-4 Certificates

Transcription

1 EFOS End Entity HSA Person 2-4 Certificates Auntication certificate Field Value Comments Source V3 (2) Serial Number Unique number Issuer Signature Algorithm ( ) Issuer Unique X.500 DN. CN = SEE RIGHT -> O = Swedish Social Insurance Agency C = SE CN = HSA Person 2 v1 HSA Person 3 v1 HSA Person 4 v1 Validity Period Up to 60 months expressed in UTC format based on templates Subject SerialNumber Given Subject: Address ( ) Subject:serialNumber ( ) subject:given ( ) This field N contain address of Subject Subject s HSA-id in following format: Alphanumerical and up to 31 characters long. It consists of an organization unique prefix and a suffix unique to each function in that organization. The two parts are separated by a hyphen Subject s marked Given IF it exists Fetched from HSA Directory Fetched from HSA Directory All Given s of subject if marking of Given is absent and First s exists This field is empty if Given and First s are absent Försäkringskassan, IT-avdelningen 1 (7)

2 Sur Common Organization Locality Country Subject Public Key Information Issuer s Signature subject: surname ( ) subject:common ( ) cn = Common name subject:organizationna me ( ) subject:locality ( ) subject:country ( ) 2048-bit RSA key modulus, rsaencryption ( ) ( ) all of Subject s surnames. Subject s common name. Subject s full legal organization name as listed in official records. locality/municipality of headoffice for listed in official records country code for listed in official records. In ISO3166 format Combination of Given and Surname Authority Key Subject Key Card Number Key Usage Extended Key Usage Value Octet String Same as Issuer's subject key identifier Octet String Calculated by from public key in PKCS#10 hash of Public Key hash of subjectpublickey in this certificate 19 digits 19 digits. c=yes; Digital Signature, Key Encipherment (a0) Client Auntication ( ) AND/ Smart Card Logon ( ) Critical Client Auntication It N also contain smartcardlogon AND/ Card Supplier based on templates Certificate Policies AND/ Secure ( ) [1]Certificate Policy protection if subject has a mailbox and/or UPN at organization. HSA Person 2 v1 OID Z HSA Person 3 v1 OID Z based on templates Försäkringskassan, IT-avdelningen 2 (7)

3 Subject Alternative CRL Distribution Point Programs principle = [2]Certificate Policy = SEE RIGHT-> [2,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: repository.efos.se UPN = username@domain.suf fix AND/ RFC822 = mailbox@domain.suffix Not present c = no; CRL HTTP URL = SEE RIGHT -> ( ) [1] Program Certificate Client Auntication AND/ [2] Program Certificate Smart Card Logon HSA Person 4 v1 OID Z Where Z points to specific issuance routine that was used IF present this field N contain The subject s User Principal AND/ The subject s Address as RFC822 Person2v1.crl Person3v1.crl Person4v1.crl Client Auntication AND N contain smartcardlogon and/or protection if subject has a mailbox and/or UPN at organization. Fetched from HSA Directory based on templates Authority Information Access AND/ [3] Program Certificate Secure [1]Åtkomst till information om utfärdare Åtkomstmetod=Utgivare av certifikatutfärdare ( ) URL= SEE RIGHT- > [2]Åtkomst till information om utfärdare Person2v1.crt Person3v1.crt Person4v1.crt Försäkringskassan, IT-avdelningen 3 (7)

4 Åtkomstmetod=Statuspr otokoll för onlinecertifikat ( ) URL= Försäkringskassan, IT-avdelningen 4 (7)

5 Signing certificate Field Value Comments Source V3 (2) Serial Number Unique number Issuer Signature Algorithm ( ) Issuer Unique X.500 DN. CN = SEE RIGHT-> O = Swedish Social Insurance Agency C = SE CN = HSA Person 2 v1 HSA Person 3 v1 HSA Person 4 v1 Validity Period Up to 60 months expressed in UTC format based on templates Subject SerialNumber Given Subject:serialNumber ( ) subject:given ( ) Subject s HSA-id in following format: Alphanumerical and up to 31 characters long. It consists of an organization unique prefix and a suffix unique to each function in that organization. The two parts are separated by a hyphen Subject s name marked Given IF it exists HSA Directory All Given s of subject if marking of Given is absent and First s exists This field is empty if Given s and First s are absent Sur Common subject: surname ( ) subject:common ( ) cn = Common name all of Subject s surnames. Subject s common name. Combination of Given and Surname Försäkringskassan, IT-avdelningen 5 (7)

6 Organization Locality Country Subject Public Key Information Issuer s Signature subject:organizationnam e ( ) subject:locality ( ) subject:country ( ) 2048-bit RSA key modulus, rsaencryption ( ) ( ) Subject s full legal organization name as listed in official records. locality/municipality of headoffice for listed in official records country code for listed in official records. In ISO3166 format Authority Key Subject Key Card Number Key Usage Extended Key Usage Value Octet String Same as Issuer's subject key identifier Octet String Calculated by from public key in PKCS#10 hash of Public Key hash of subjectpublickey in this certificate 19 digits 19 digits. c=yes; nonrepudiation (40) ( ) Critical Card Supplier based on templates Certificate Policies [1]Certificate Policy = [2]Certificate Policy =SEE RIGHT -> [2,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: repository.efos.se HSA Person 2 v1 OID Z HSA Person 3 v1 OID Z HSA Person 4 v1 OID Z Where Z points to specific issuance routine that was used based on templates CRL Distribution Point c = no; CRL HTTP URL = SEE RIGHT -> ( ) Person2v1.crl Person3v1.crl Försäkringskassan, IT-avdelningen 6 (7)

7 Programs principle Authority Information Access [1] Program Certificate [1]Åtkomst till information om utfärdare Åtkomstmetod=Utgivare av certifikatutfärdare ( ) URL= SEE RIGHT -> [2]Åtkomst till information om utfärdare Person4v1.crl Person2v1.crt Person3v1.crt Person4v1.crt based on templates Åtkomstmetod=Statusprot okoll för onlinecertifikat ( ) URL= Försäkringskassan, IT-avdelningen 7 (7)