SPECIFIC DOCUMENTATION FOR WEBSITE CERTIFICATES

Similar documents
CERTIFICATE POLICY ENTITY STAMP

SPECIFIC DOCUMENTATION FOR THE APPLICATION AND CODE SIGNATURE CERTIFICATE

Servidor Seguro SSL, Servidor Seguro SSL con Validación Extendida (SSL EV), Sede Electrónica, and Sede Electrónica con Validación Extendida (Sede EV)

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Servidor Seguro SSL, Servidor Seguro SSL con Validación Extendida (SSL EV), Sede Electrónica, and Sede Electrónica con Validación Extendida (Sede EV)

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

Signe Certification Authority. Certification Policy Degree Certificates

CERTIFICATION PRACTICE STATEMENT

Bugzilla ID: Bugzilla Summary:

CertDigital Certification Services Policy

THE BUSINESS VALUE OF EXTENDED VALIDATION

dataedge CA Certificate Issuance Policy

DRAFT REVISIONS BR DOMAIN VALIDATION

Summary of Updates CPS Revision 7 (Amendment from CPS Revision 6) 15 June 2018

CORPME TRUST SERVICE PROVIDER

SSL Certificates Certificate Policy (CP)

Technical Trust Policy

Telia CA response to Public WebTrust Audit observations 2018

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

June 2009 Addendum to the Comodo EV Certification Practice Statement v.1.03

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

CERTIFICATE POLICY CIGNA PKI Certificates

Certipost E-Trust Services. Certificate Policy. for Normalized E-Trust Physical and Legal Persons. Version 1.1. Effective date 12 January 2011

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

EIDAS-2016 CHAMBERS OF COMMERCE ROOT and GLOBAL CHAMBERSIGN ROOT Version 1.2.3

Validation Working Group: Proposed Revisions to

Certification Practice Statement certsign SSL EV CA Class 3. for SSL EV Certificates. Version 1.0. Date: 31 January 2018

ILNAS/PSCQ/Pr004 Qualification of technical assessors

Symantec Trust Network (STN) Certificate Policy

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

Digital Signatures Act 1

PKI Disclosure Statement Digidentity Certificates

CERTIFICATION PRACTICE STATEMENT OF KIR for TRUSTED NON-QUALIFIED CERTIFICATES

ACGISS Public Employee Certificates

QUICKSIGN Registration Policy

Administration of PEFC scheme

Person determining CPS suitability for the policy CPS approval procedures 1.6. DEFINITIONS AND ACRONYMS

DECISION OF THE EUROPEAN CENTRAL BANK

GlobalSign Certification Practice Statement

Trust Services Practice Statement

SAFE-BioPharma RAS Privacy Policy

ECA Trusted Agent Handbook

Digi-Sign Certification Services Limited Certification Practice Statement (OID: )

SSL.com Certificate Policy and Certification Practice Statement SSL.COM CP/CPS VERSION 1.4

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

Junio 2015 Version 1.0

Certification Practice Statement. for OV SSL. Version 1.2. Date: 6 September 2017

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

ON THE PROVISION OF CERTIFICATES FOR WEBSITE AUTHENTICATION BY BORICA AD

ETSI TR V1.1.1 ( )

Candidate Manual Certified Commissioning Firm (CCF) Program

HPE DATA PRIVACY AND SECURITY

AUDIT GUIDELINES FOR A GOV TSP TSP OF THE BASQUE ADMINISTRATION

Electronic signature framework

Please the completed POL to the following address:

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

thawte Certification Practice Statement Version 3.4

GlobalSign Certification Practice Statement

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Certification Practice Statement. esfirma

Candidate Handbook Certified Commissioning Firm (CCF) Program

AlphaSSL Certification Practice Statement

September OID: Public Document

SWAMID Person-Proofed Multi-Factor Profile

Guidance of NOP Certification system Page 1/8

DirectTrust Accredited Trust Anchor Bundle Standard Operating Procedure

IT Security Evaluation and Certification Scheme Document

Certification Practice Statement

Orion Registrar, Inc. Certification Regulations Revision J Effective Date January 23, 2018

eidas Regulation eid and assurance levels Outcome of eias study

But where'd that extra "s" come from, and what does it mean?

ING Public Key Infrastructure Technical Certificate Policy

Schedule EHR Access Services

SSL/TSL EV Certificates

Rules for LNE Certification of Management Systems

TIME STAMP POLICY (TSA)

Certificate Policy (ETSI EN ) Version 1.1

StartCom Ltd. (Start Commercial Limited) StartSSL Certificates & Public Key Infrastructure Eilat, Israel

FPKIPA CPWG Antecedent, In-Person Task Group

UDRP Pilot Project. 1. Simplified way of sending signed hardcopies of Complaints and/or Responses to the Provider (Par. 3(b), Par. 5(b) of the Rules)

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

A Bill Regular Session, 2017 HOUSE BILL 1259

LET S ENCRYPT SUBSCRIBER AGREEMENT

SCI QUAL INTERNATIONAL PTY LTD ENQUIRY & APPLICATION/RENEWAL FORM FOR CERTIFICATION

Mohammed Ahmed Al Amer Chairman of the Board of Directors. Issued on: 16 Rabi' al-awwal 1437 (Arabic calendar) Corresponding to: 27 December 2015

Volvo Group Certificate Practice Statement

ACCV Certification Practice Statement (CPS)

PRODUCT CERTIFICATION SCHEME FOR ENERGY DRINKS

VeriSign Trust Network European Directive Supplemental Policies

HYDRANTID SSL ISSUING CA CERTIFICATE POLICY/CERTIFICATION PRACTICE STATEMENT

ELECTRIC RULE NO. 25 Sheet 1 RELEASE OF CUSTOMER DATA TO THIRD PARTIES

e-authentication guidelines for esign- Online Electronic Signature Service

OISTE-WISeKey Global Trust Model

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION

Unisys Corporation April 28, 2017

Certification Policy & Practice Statement

Inspection and Certification for Individual Farms, Smallholder Group Certification S S R A N A S R S C I E N T I S T

Certificados Empleado Público

SERVICE DESCRIPTION. Population Register Centre s online services

Transcription:

SPECIFIC DOCUMENTATION FOR WEBSITE CERTIFICATES June 2015 Version 1.0 IZENPE This document is the property of IZENPE and may only be reproduced in its entirety.

ÍNDICE 1 INTRODUCTION... 3 1.1 DESCRIPTION OF CERTIFICATES... 3 1.2 IDENTIFICATION... 5 1.3 COMMUNITY AND SCOPE OF USE... 5 1.4 GENERAL PROVISIONS... 5 2 OPERATIONAL REQUIREMENTS... 6 2.1 LIST OF REQUIRED DOCUMENTATION... 6 2.2 APPLICATION PROCEDURE... 6 2.3 ISSUE AND DELIVERY OF THE CERTIFICATE... 9 2.4 FEE... 9 2.5 VERIFICATION OF CERTIFICATE... 10 2.6 REVOCATION OF CERTIFICATES... 10 2.7 RENEWAL OF THE CERTIFICATE... 11 2.8 AUDITS AND INCIDENTS... 11 3 MANAGEMENT OF CHANGES... 13 4 CERTIFICATE PROFILES AND REVOKED CERTIFICATE LISTS... 14 4.1 DV SSL CERTIFICATE... 14 4.2 OV SSL CERTIFICATE... 15 4.3 SITE CERTIFICATE... 16 4.4 SITE EV CERTIFICATE... 17 4.5 EV SSL CERTIFICATE... 18 5 CHANGE CONTROL... 19 5.1 FROM VERSION 0 TO VERSION 1.0... 19 Additional requirements... 19 Clarifications... 19 Editorial changes... 19 Requirements eliminated... 19 YEAR ELIMINATED ON COVER... 19 June 2015 Page 2 of 19 Version 1.0

1 Introduction This document includes the Specific Documentation for certificates issued by Ziurtapen eta Zerbitzu Enpresa-Empresa de Certificación y Servicios, Izenpe, S.A. (henceforth Izenpe) for different types of websites. The purpose of this document is to detail and complete for this type of certificates the information provided in a more generic form in the Izenpe Certification Practice Statement, in the specific documents of the CA/Browser Forum (Baseline Requirements and EV guidelines for issuing certificates for websites) and in the ETSI specifications (www.etsi.org). Thus, Izenpe adheres to the following certification policies established by ETSI: DVCP (Domain Validation Certificates Policy): in the DV SSL certificates. OVCP (Organizational Validation Certificates Policy): in the OV SSL and Site certificates. EVCP (Extended Validation Certificates Policy): in the Site EV and EV SSL certificates. In the scope of the Google Certificate Transparency project, the EV SSL and Site EV certificates issued will be published in the Izenpe CT Log service and that of other log server providers with which Izenpe has signed agreements in order to comply with Google requirements. 1.1 Description of certificates Izenpe issues these certificates to enable subscribers to offer added security to their web services. As for the type of certificate issued by Izenpe, SSL DV SSL OV SSL EV SSL ELECTRONIC SITE Site Site EV The purpose of this type of certificate is to establish data communications in web servers with SSL/TLS. They enable the exchange of encrypted communication between the user and website, facilitating the keys needed to encrypt the information sent over the Internet. SSL CERTIFICATES, Depending on the validation the certificate can be, DOMAIN VALIDATED SSL (DV SSL), This certificate, considered a non-qualified certificate, is used to verify the ownership of the domain that hosts the website, providing a reasonable guarantee to the Internet browser user. These certificates remain valid for 1, 2, or 3 years. ORGANIZATION VALIDATED SSL (OV SSL), June 2015 Page 3 of 19 Version 1.0

This certificate, considered non-qualified, is used to validate the domain ownership and the organization, providing the Internet browser user with a reasonable guarantee that the website being accessed belongs to the organization identified in the certificate. These certificates remain valid for 1, 2, or 3 years. VALIDATION EXTENDED SSL (EV SSL), This certificate, considered non-qualified, is used to validate the domain ownership and the organization, providing the Internet browser user with a robust guarantee that the website being accessed belongs to the organization identified in the certificate. These certificates remain valid for 1 or 2 years. ELECTRONIC SITE CERTIFICATES IZENPE, in accordance with Act 11/2007, of 22 June, on Electronic Access of Citizens to Public Services, issues the following types of certificates: ELECTRONIC SITE, This is a certificate issued with the authentication identifying the Public Administration, government agency or entity that owns the office. According to the assurance levels defined in the Identification and digital signature scheme, the Electronic Site certificate issued by IZENPE holds an intermediate level. These certificates remain valid for 1, 2, or 3 years ELECTRONIC SITE WITH EXTENDED VALIDATION EV (Site EV), In addition to the characteristics defined in the Electronic Site certificate, extended validation (EV) provides a higher level of authentication for Public Administration, government agency or administrative entity owing to a more exhaustive validation. According to the assurance levels defined in the Identification and digital signature scheme, the Electronic Site certificate issued by IZENPE holds an intermediate level. These certificates remain valid for 1 or 2 years. June 2015 Page 4 of 19 Version 1.0

1.2 Identification In order to identify certificates, IZENPE has assigned them the following object identifiers (OID). CERTIFICATE OID DV SSL 1.3.6.1.4.1.14777.1.2.4 OV SSL 1.3.6.1.4.1.14777.1.2.1 EV SSL 1.3.6.1.4.1.14777.6.1.1 Electronic Site 1.3.6.1.4.1.14777.1.1.3 EV Electronic Site 1.3.6.1.4.1.14777.6.1.2 1.3 Community and scope of use The following will be considered users, Certificate applicant, person applying for the certificate in the name of an organization. Certificate subscriber, organization identified in the certificate. Scope of use. The certificates will be used in the scope of the competences of the organization/public Administration, government agency or entity holding the certificate. 1.4 General provisions Identification obligations IZENPE, either directly or through the User Entities with which it has signed the corresponding legal agreement, checks the identity and any other personal information concerning certificate applicants and subscribers. The legal instrument between the parties will include compliance with the indications in the CA/Browser Forum documents. Certificate subscriber obligations The subscriber's obligations are specified in the Certification Practice Statement in the section on Obligations of the Subscriber. June 2015 Page 5 of 19 Version 1.0

2 Operational Requirements 2.1 List of required documentation Issue application duly completed and signed with: o o Handwritten signature Electronic signature: with qualified certificate of Izenpe or national ID that identifies the applicant The applicant shall accept the applicable Terms of Use and Subscriber Contract on the date of signing the Application published on www.izenpe.com. Organization tax code TIN. Authentication and validity of the applicant entity (see section 2.2 Application Procedure) Verification of the Applicant s authority to use the name of the entity (see section 2.2 Application Procedure) 2.2 Application procedure The APPLICANT shall submit the Issue Application and required documentation to, o By post to: IZENPE, S.A., C/ BEATO TOMAS DE ZUMARRAGA, 71-1ª PLANTA 01008 VITORIA-GASTEIZ. o o By email to: certservidor@izenpe.net. Or by completing the application provided for this purpose on the Izenpe website. By signing the Issue Application, the applicant agrees to the Terms of Use and the Subscriber Contract. Validation of documentation, DV SSL OV SSL EV SSL Site Site EV The registrant should coincide with the applicant organization. If not, the applicant must provide proof of the subscriber's right to use the domains. Verification that the applicant is entitled to use the domain or subdomain:.es domains: www.nic.es.eu domains: www.eurid.eu.eus domains: whois.nic.eus Any other domain: whois.icann.org Verification by the CAA if they are registered and in all cases compliance with RFC 6844 guidelines. In the case of DV SSL, OV SSL and Site certificates wildcards will be allowed in subdomains or host names, provided the applicant entity can prove its legitimate control of the complete domain name. Otherwise the request will be rejected. For example, *.co.uk or *.local cannot be issued, but *.example.com can be issued to the company Example, Inc. June 2015 Page 6 of 19 Version 1.0

OV SSL EV SSL Site Site EV Verification of the applicant entity s identity and validity: o Public entity: Name*: Official Gazette, certificate from secretary or o Commercial Registry CIF*: AGPD, Official Gazette or Commercial Registry o Private entity: Name*: original certification from the corresponding registry or simple notice CIF*: AGPD, original certification from the corresponding registry or simple notice Verification of the Applicant s authority to use the name of the entity: o Public entity*: Certification issued by Secretary/Lawyer, simple notice or reference in the Official Gazette withing 13 months prior to application for issuance o Private entity*: original certification from the corresponding registry or simple notice * Not required for valid recognized corporate or entity certificates issued to the applicant by Izenpe, provided the certificate has been issued in the previous 39 months (13 months for EVs) Email verification of the applicant's knowledge that the certificate is being processed. Verification of postal address at, o Data Protection Agencies. o Telephone operator pages. o Eudel, for towns in the Basque Country. o Commercial Registry In the event of discrepancy between the documentation provided and the check run, Izenpe will verify that the address given on the Application is a stable location of the applicant organization's operations. Verification of country: o Data Protection Agencies, Eudel, Telephone operator pages or Commercial Registry Verification of denial list in Izenpe internal databases. Verification of high-risk requests in Mcafee TrustedSource EV SSL Site EV Check that the landline (not mobile) number is relevant to the applicant entity. Sources of verification: Telephone operator pages, Data Protection Agencies or Eudel for municipalities in the Basque Country. Subsequent verification by phone. Double signature for documentation verification by, The Legal Office and the Technical Department Validation of the verifications made by the Chief Technical Officer. NOTE. June 2015 Page 7 of 19 Version 1.0

Izenpe may perform additional verifications such as: confirmation of the request by the organization or authorisation for the applicant to process the certificate in the name of the organization and the annual review of its compliance by means of external audit. In cases where the validation cannot be carried out as determined, this will be justified in the documentation verification document. Once the documentation has been checked, Izenpe will report the verifications it has made by way of a documentation verification document. Only on EV certificates is validation dual. It will not be necessary to make the above verifications if the information has already been validated within the previous 13 months for EVs and 39 months for the rest. Izenpe DOES NOT issue to IP addresses (ex: 1.2.3.4) PROCESO DE SOLICITUD Y EMISIÓN DE CERTIFICADOS SSL DV, SSL OV Y SEDE IZENPE Solicitante Solicitud Formulario de solicitud Telemática o presencial Completar formulario solicitud Envío a Izenpe documentación Contacto por email Contacto con entidad para subsanación de errores Validaciones Validaciones NO OK? SI Generación petición técnica Solicitud petición técnica Generación y entrega Prueba certificado y envío de hoja de entrega Emisión Envío certificado June 2015 Page 8 of 19 Version 1.0

PROCESO DE SOLICITUD Y EMISIÓN DE CERTIFICADOS SSL EV Y SEDE EV Solicitante Formulario Completar Área Jurídica Responsable de Seguridad Responsable de Área Técnica de solicitud formulario Solicitud Telemática o presencial solicitud Envío a Izenpe documentación Necesari Personación en RA SI o identificar Acreditación solicitante? Validación jurídica Contacto con la entidad para la subsanación de errores NO NO Docume ntación OK? SI Acreditación organización Firma acta jurídica Comprobaciones técnicas Validación técnica Contacto con entidad para subsanación de errores NO OK? SI Firma acta técnica Validación expediente completo Generación Sslicitud petición petición técnica técnica Generación y entrega Contacto con entidad para subsanación de errores Prueba certificado y envío de hoja de entrega NO OK? Emisión Envío certificado y contrato SI Archivo hoja entrega 2.3 Issue and delivery of the certificate Izenpe will ask the Technical Manager indicated on the Issue Application to generate the technical request and submit it by e-mail to Izenpe. If the Izenpe application is used, the Technical Manager will enter the technical request. Izenpe will send the certificate to the Technical Manager by email or via the application. The applicant must sign and return to Izenpe the Delivery and Acceptance Sheet. 2.4 Fee Once the certificate is issued, the applicable fee is due. The applicable fees are posted every year on the Izenpe website at www.izenpe.com and on the application provided for this purpose. June 2015 Page 9 of 19 Version 1.0

2.5 Verification of certificate The signatory will have 15 working days from the date of issuance to make sure the certificate works properly; if operational defects are detected, Izenpe must be notified. Only if operational defects are due to technical reasons, or to errors made by Izenpe in the data contained in the certificate, will Izenpe revoke the certificate and issue a new one at its own expense. 2.6 Revocation of Certificates Revocation request The revocation of a certificate can be requested by: - The subscriber. The following individuals are authorized to request the revocation of a certificate: The legal representative of the subscriber entity, the personnel manager or a third party authorized or either of the two. - The applicant. - Izenpe is authorized to request the revocation of end-entity subscriber certificates for technical reasons, as provided in the CPS. Procedure The person requesting revocation will process the Revocation Application through Izenpe. The certificate can be revoked at any time. The applicant can revoke the certificate through the following channels: - In person: o o After scheduling an appointment with Izenpe at www.izenpe.com Or at the subscriber organization with whom Izenpe has subscribed the relevant legal instrument. - Over the phone, by calling 902 542 542. The following are required for identification: o Applicant ID o Technical contact ID o Applicant email o Fully qualified domain name (FQDN) June 2015 Page 10 of 19 Version 1.0

- Online at www.izenpe.com - Or by post, submitting a signed and notarized revocation request. Causes for revocation Causes can be found in the Certification Practice Statement available at www.izenpe.com In addition, in the case of certificates regulated in this specific documentation Izenpe, 1. Will present the subscriber, third parties and Internet browsers with clear instructions on how to report complaints or suspicions of private key compromise, certificate misuse or other kinds of fraud, compromise, misuse or improper behaviour related to certificates. 2. Will investigate problem reports within the 24 hours of their receipt and will decide whether or not to revoke them, considering at least the following criteria: - The nature of the case at hand; - The number of problem reports received for a certificate or web page. - The identity of those making the complaint. - Current legislation. 2.7 Renewal of the Certificate To renew a certificate the applicant must follow the certificate issuance process established, taking into account that the verifications are valid for 13 months. 2.8 Audits and incidents Criteria referring to audits and analysis of incidents, Ways in which to present complaints or suggestions, - By phone: 902 542 542 - E-mail: info@izenpe.com - A complaint and suggestion form is available atwww.izenpe.com - Completing the complaints or claims forms available at the registration points. June 2015 Page 11 of 19 Version 1.0

Internal registry of incidents. Security incidents are managed by the Izenpe Security Committee. The annual auditing plan is performed in accordance with ETSI criteria. IZENPE reports cases it considers as incidents (cases of fraud, phishing, etc.) on the Anti- PhisingWorkGroup website (www.apwg.org and makes sure prior to issuance that the applicant or representative does not appear in the Izenpe internal security incident database. In any case, Izenpe reserves the right to deny issuance of certificates in suspicious situations. June 2015 Page 12 of 19 Version 1.0

3 Management of Changes The modifications made to this document will be approved by the IZENPE Security Committee. These modifications will be included in a Specific Documentation Update Document whose maintenance is guaranteed by Izenpe. The updated versions of the specific documentation can be consulted at www.izenpe.com. June 2015 Page 13 of 19 Version 1.0

4 Certificate profiles and revoked certificate lists 4.1 DV SSL certificate June 2015 Page 14 of 19 Version 1.0

4.2 OV SSL certificate June 2015 Page 15 of 19 Version 1.0

4.3 Site certificate June 2015 Page 16 of 19 Version 1.0

4.4 Site EV certificate June 2015 Page 17 of 19 Version 1.0

4.5 EV SSL certificate June 2015 Page 18 of 19 Version 1.0

5 Change control 5.1 From version 0 to version 1.0 Additional requirements Requirements added in section 2.2 Updated requirements Requirements updated in sections 2.1 and 2.2 Clarifications Requirements updated in section 2.2 Editorial changes Index added Footnoted added Requirements eliminated Requirements eliminated in sections 2.1 and 2.2 Year eliminated on cover June 2015 Page 19 of 19 Version 1.0

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback