The TSP is responsible for ensuring that the subscriber supplies the certificate signing request (CSR) securely. The secure delivery must take place in the following manner:

• the entry of the CSR on the TSP's application developed especially for that purpose, using an SSL connection with a PKIoverheid SSL certificate or similar or; |

• the entry of the CSR on the HTTPS website of the TSP that uses a PKIoverheid SSL certificate or similar or; |

• sending the CSR by e-mail, along with a qualified electronic signature of the certificate manager that uses a PKIoverheid qualified certificate or similar or; |

• entering or sending a CSR in a way that is at least equivalent to the aforementioned ways. |

The TSP has to verify that the subscriber is an existing and legal organization, and who the Authorised Representative (or Representation) of the subscriber is.

As evidence that it is an existing and legal organization and of the correctness and existence of the Authorised Representative (or Representation) registered by the subscriber, the TSP has to request and verify at least the following supporting documents:

• For government organizations, a recently certified excerpt (no more than 1 month old) from the Chamber of Commerce's Trade Register or a law, deed of incorporation or a general governmental decree. If registration in the Trade Register has nog yet taken place, a copy of the corresponding page from the most recent version of the Staatsalmanak where the Authorised Representative (or Representation) is mentioned; |

• For bodies governed by private law with and without a legal personality with a recently certified excerpt (maximum 1 month old) from the Chamber of Commerce's Trade Register where the Authorised Representative (or Representation) is mentioned. |

  The TSP must verify if the Organization and Authorised Representative appear on the latest EU list of prohibited terrorists and terrorist organizations, published by the European Council

  These lists can be found on the web page:

  http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001E0931:NL:NOT

  These are decisions concerning updating the list of people, groups and entities referred to in articles 2, 3 and 4 of Common Position 2001/931/GBVB concerning the use of specific measures to combat terrorism.

  The TSP must not issue EV SSL certificates to an organization or its Authorized Representative that appears on this list.

The certificate manager is a person whose identity has to be established in conjunction with an organizational entity. Proof has to be submitted of:

• full name, including surname, first name, initials or other first (names) (if applicable) and surname prefixes (if applicable); |

• date of birth and place of birth, a nationally applicable registration number, or other characteristics of the certificate manager that can be used in order to, as far as possible, distinguish this person from other persons with the same name; |

• proof that the certificate manager is entitled to receive a certificate for a certificate holder on behalf of the legal personality or other organizational entity. |

To detail the provisions in 3.2.3- pkio22, the identity of the certificate manager can only be established using the valid documents referred to in article 1 of the Compulsory Identification Act. The TSP has to check the validity and authenticity of these documents.

The TSP must also establish whether the certificate manager appears on the latest EU list of prohibited terrorists and terrorist organizations:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2011:028:0057:0059:EN:PDF

The TSP may not issue an EV SSL certificate to an organization or its certificate manager that is included on this list.

Regulated Profession Certificates SHALL be issued only to subscribers

• which have a profession which either |

  • is included in the EU Regulated Professions Database (Directive 2005/36/EC), or |

  • is included in this limitative list: |

    • Notaris (Civil Law Notary); |

    • Toegevoegd Notaris (Added Notary); |

    • Gerechtsdeurwaarder (Court Bailiff); |

    • Those who have been entered into a register as meant in article 3 of the Professions in the individual healthcare Act (Wet op de beroepen in de individuele gezondheidszorg (Wet BIG)); |

    • Those who practice a profession of which the education is mandated through article 34, section 1 and article 36a of the Professions in the individual healthcare Act (Wet op de beroepen in de individuele gezondheidszorg (Wet BIG)); |

    • Waarnemend gerechtsdeuraarder (Acting Court Bailiff); |

    • Toegevoegd gerechtsdeurwaarder (Additional Court Bailiff); |

    • Kandidaat gerechtsdeurwaarder (Junior Court Bailiff); |

    • Zeevarende (Seafarer); |

    • (Hoofd)bewaarder ((Head) Registrar); |

    • Gemandateerd bewaarder Mandated Registrar; |

    • Technisch Medewerker schepen (Ships Technician); |

    • Inspecteur Scheepsregistraties (Ship Registration Inspector); |

    • Belastingdeurwaarder (Government-appointed Tax Bailiff); |

    • Rijksdeurwaarder (Government Bailiff); |

    • Gemeentelijk Belastingdeurwaarder (Municipal Tax Bailiff), and |

• have been validated to be allowed to practice said profession through |

  • a trustworthy document (e.g. licence card, certificate, diploma), or |

  • against a register of a relevant regulatory body. |

The TSP MUST check that the FQDNs supplied by the subscriber (see definition in Part 4) included in a certificate are:

• Actually in the name of the subscriber OR; |

• Authorized by the registered domain owner OR; |

• That the subscriber can show that it exercises (technical) control over the FQDN in question. |

  This must be done for every FQDN that is included in a certificate. The TSP must limit itself to the methods as prescribed in the applicable version of the Baseline Requirements of the CABForum (chapter 3.2.2.4). The TSP must also adhere to the requirements in the EV Guidelines (EVCG) chapter 11.

  The verified data may be reused in a subsequent application, provided that it is not older than 13 months. If the data is older than 13 months, the above check must be carried out again.

  The TSP must also keep a record of the validation method (s) used for the included FQDNs per certificate.

  This verification may not be outsourced by the TSP to external (sub) contractors.

If an FQDN is included in the certificate, the TSP MUST check whether the FQDNs supplied by the subscriber (see definition in Part 4), included in a certificate, are:

• Actually in the name of the subscriber OR; |

• Authorized by the registered domain owner OR; |

• That the subscriber can show that it exercises (technical) control over the FQDN in question. |

  The verified data may be reused in a subsequent application, provided that it is not older than 39 months. If the data is older than 39 months, the above check must be carried out again

  This must be done for every FQDN that is included in a certificate. The TSP must limit itself to:

                                                                                                                                                                                  |

• the methods as prescribed in the applicable version of the Baseline Requirements of the CABForum (chapter 3.2.2.4) OR; |

• an alternative method approved in advance by the PA. |

  The TSP must also keep a record of the validation method (s) used for the included FQDNs per certificate.

  This verification may not be outsourced by the TSP to external (sub) contractors.

The TSP MUST check whether the FQDNs supplied by the subscriber (see definition in Part 4) or IP addresses, included in a certificate, are:

• Actually in the name of the subscriber OR; |

• Authorized by the registered domain owner OR; |

• That the subscriber can show that he exercises (technical) control over the FQDN in question. |

  This must be done for every FQDN that is included in a certificate. The TSP must limit itself to the methods as prescribed in the applicable version of the Baseline Requirements of the CABForum (chapter 3.2.2.4 for FQDNs and 3.2.2.5 for IP addresses).

  The foregoing also holds that "Any Other Method" from 3.2.2.5 may not be used (for both 3.2.2.4.8 and for IP addresses).

  The verified data may be reused in a subsequent application, provided that it is no older than 398 days. If the data is older than 398 days, the above check must be carried out again.

  The TSP must also keep a record of the validation method (s) used for the included FQDNs per certificate. This verification may not be outsourced by the TSP to external (sub) contractors.

In terms of organization-linked certificate holders, the TSP has to check that:

• the proof that the certificate holder, authorized to receive a certificate on behalf of the subscriber, is authentic; |

• the name and identity markers mentioned in this proof correspond with the certificate holder's identity established under 3.2.3-pkio21. |

  In terms of profession-linked certificate holders, the TSP has to check that:

                                                                                                                                                                 |

• the proof, that the certificate holder is authorised to practise the recognized profession, is authentic; |

• the name and identity markers mentioned in this proof correspond with the certificate holder's identity established under 3.2.3-pkio21. |

The TSP has to verify that:

• the proof that the certificate holder is authorized to receive a certificate on behalf of the subscriber, is authentic; |

• the certificate manager has received permission from the subscriber to perform the actions that he has been asked to perform (if the certificate manager performs the registration process). |

The TSP has to verify that:

• the proof that the certificate holder is authorized to receive a certificate on behalf of the subscriber, is authentic; |

• the certificate manager has received the consent of the subscriber to perform the actions that he has been asked to perform (if the certificate manager performs the registration process). |

• the requested certificate in combination with the permanently stored data in the certificate holder (device) contain information to be able to trace the following unequivocally: |

  - the device's identity (e.g. manufacturer and serial number); |

  - the proof that the device and its production process conform to the framework of standards established by the party responsible for establishing the framework. |

Subscriber is a legal personality (organization-linked certificates):

The agreement that the TSP enters into with the subscriber has to state that the subscriber is responsible for immediately informing the TSP of any relevant changes that have been made to the relationship between the subscriber and the certificate holder, by means of a revocation request. Relevant changes can, in this respect, for instance be termination of employment and suspension.

Subscriber is a natural person (occupation-linked certificates):

The agreement that the TSP enters into with the subscriber has to state that the subscriber is responsible for immediately informing the TSP of any relevant changes that have been made by means of a revocation request. A relevant change in this respect is, in any case, no longer having legal proof as outlined in 3.2.5-pkio29.

Before issuing an EV SSL certificate, the TSP has to have received a fully completed application, signed by the certificate manager on behalf of the subscriber. The application must contain the following information:

• the name of the organization; |

• the domain name (FQDN); |

• Chamber of Commerce number or Government Identification Number; |

• subscriber's address consisting of: |

  • street name and house number; |

  • town or city; |

  • province; |

  • country; |

  • postcode; |

  • general telephone number. |

• certificate manager's name. |

The certificate SHALL contain at least 3 SCTs from separate Certificate Transparency logs.

The SCTs come from a log that is either qualified or awaiting qualification at the time of certificate issue. A qualified log is defined as a CT log that complies with Chromium's Certificate Transparency Log Policy and has been included by Chromium.

SCTs have to come from at least 2 different CT log operators, AND at least one of which SHALL be Google.

Certificates will be revoked when:

• the subscriber indicates that the original request for a certificate was not allowed and the subscriber does not grant permission retroactively; |

• the TSP has sufficient evidence that the subscriber's private key (associated with the corresponding certificate) has been compromised or there is a suspicion of compromise, inherent security weakness, or that the certificate has been misused in another way . A key is considered compromised in the event of unauthorized access or suspected unauthorized access to the private key, lost or presumably lost private key, SSCD, SUD or QSCD, stolen or presumably stolen key, SSCD, SUD or QSCD or destroyed key, SSCD, SUD or QSCD if applicable; |

• a subscriber does not fulfill his obligations as set out in this CP or the corresponding CPS of the TSP or the agreement that the TSP has with the subscriber; |

• the TSP is informed or otherwise becomes aware of a material change in the information contained in the certificate. An example of this is: change of the name of the certificate holder (service); |

• the TSP determines that the certificate has not been issued in accordance with this CP or the associated CPS of the TSP or the agreement that the TSP has with the subscriber; |

• the TSP determines that information in the certificate is incorrect or misleading; |

• the TSP ceases its activities and the CRL and OCSP services are not continued by another TSP; |

• the PA of PKIoverheid determines that the technical content of the certificate entails an irresponsible risk for subscribers, relying parties and third parties (e.g. browser parties); |

• one of the events occurs, as described in chapter 6.2 of the Mozilla Root Store Policy. |

Certificates will be revoked when:

• the subscriber indicates that the original request for a certificate was not allowed and the subscriber does not grant permission retroactively; |

• the TSP has sufficient evidence that the subscriber's private key (associated with the corresponding certificate) has been compromised or there is a suspicion of compromise, or there is an inherent security weakness, or that the certificate has been misused in another way . A key is considered compromised in the event of unauthorized access or suspected unauthorized access to the private key, lost or presumably lost private key, SSCD, SUD or QSCD, stolen or presumably stolen key, SSCD, SUD or QSCD or destroyed key, SSCD, SUD or QSCD if applicable; |

• a subscriber does not meet his obligations as set out in this CP or the corresponding CPS of the TSP or the agreement that the TSP has concluded with the subscriber; |

• the TSP is informed or otherwise becomes aware of a material change in the information contained in the certificate. An example of this is: change of the name of the certificate holder (service); |

• the TSP determines that the certificate has not been issued in accordance with this CP or the associated CPS of the TSP or the agreement that the TSP has concluded with the subscriber; |

• the TSP determines that information in the certificate is incorrect or misleading; |

• the TSP ceases its activities and the CRL and OCSP services are not continued by another TSP; |

• the PA of PKIoverheid determines that the technical content of the certificate entails an irresponsible risk for subscribers, relying parties and third parties (e.g. browser parties). |

• one of the events occurs, as described in chapter 6.2 of the Mozilla Root Store Policy. The TSP must adhere to the revocation deadlines as stated in chapter 6.1 of the previous document. |

Certificates must be revoked when:

• the subscriber states that the original request for a certificate was not allowed and the subscriber does not provide consent with retrospective force; |

• the TSP has sufficient proof that the subscriber's private key (that corresponds with the public key in the certificate) is compromised or if compromise is suspected, or if there is inherent security vulnerability, or if the certificate has been misused in any other way. A key is considered to be compromised in the event of unauthorized access or suspected unauthorized access to the private key, if the private key, SSCD, SUD or QSCD, is lost or suspected to be lost, if the key, SSCD, SUD or QSCD, is stolen or suspected to be stolen, or if the key or SSCD, SUD or QSCD is destroyed; |

• a subscriber does not fulfil its obligations outlined in this CP or the corresponding CPS of the TSP or the agreement that the TSP has entered into with the subscriber; |

• the TSP is informed or otherwise becomes aware of a substantial change in the information that is provided in the certificate. An example of that is: a change in the name of the certificate holder; |

• the TSP determines that the certificate has not been issued in line with this CP or the corresponding CPS of the TSP or the agreement that the TSP has entered into with the subscriber; |

• the TSP determines that information in the certificate is incorrect or misleading; |

• the TSP ceases its work and the CRL and OCSP services are not taken over by a different TSP. |

• the PA of PKIoverheid determines that the technical content of the certificate entails an irresponsible risk to subscribers, relying parties and third parties (e.g. browser parties). |

To detail the provisions of IETF RFC 6960, OCSP responses have to be signed digitally by either:

• the private (CA) key with which the certificate is signed of which the status is requested, or; |

• a responder appointed by the TSP which holds an OCSP Signing certificate issued for this purpose by the TSP, or; |

• a responder that holds an OCSP Signing certificate that falls under the hierarchy of the PKI for the government. |

Logging has to take place on at least:

• Routers, firewalls and network system components; |

• Database activities and events; |

• Transactions; |

• Operating systems; |

• Access control systems; |

• Mail servers. |

  At the very least, the TSP has to log the following events:

                                                             |

• CA key life cycle management; |

• Certificate life cycle management; |

• Threats and risks such as: |

  • Successful and unsuccessful attacks on the PKI system; |

  • Activities of staff on the PKI system; |

  • Reading, writing and deleting data; |

  • Profile changes (Access Management); |

  • System failure, hardware failure and other abnormalities; |

  • Firewall and router activities; |

  • Entering and leaving the CA space. |

    At the very least, the log files have to register the following:

                                                           |

• Source addresses (IP addresses if available); |

• Destination addresses (IP addresses if available); |

• Time and date; |

• User IDs (if available); |

• Name of the incident; |

• Description of the incident. |

The TSP has to draw up a business continuity plan (BCP) for, at the very least, the core services dissemination service, revocation management service and revocation status service, the aim being, in the event of a security breach or emergency, to inform, reasonably protect and to continue the TSP services for subscribers, relying parties and third parties (including browser parties). The TSP has to test, assess and update the BCP annually. At the very least, the BCP has to describe the following processes:

• Requirements relating to entry into force; |

• Emergency procedure/fall-back procedure; |

• Requirements relating to restarting TSP services; |

• Maintenance schedule and test plan that cover the annual testing, assessment and update of the BCP; |

• Provisions in respect of highlighting the importance of business continuity; |

• Tasks, responsibilities and competences of the involved agents; |

• Intended Recovery Time or Recovery Time Objective (RTO); |

• Recording the frequency of back-ups of critical business information and software; |

• Recording the distance of the fall-back facility to the TSP's main site; and |

• Recording the procedures for securing the facility during the period following a security breach or emergency and for the organization of a secure environment at the main site or fall-back facility. |

Subject key generation of a qualified digital seal certificate for the use of mass automated signing of standardised data is allowed in ETSI 319 411-2. ETSI does not stipulate the applicable security requirements. Subject key generation within PKIoverheid is possible under the following conditions:

The contract between the TSP and the subscriber contains an assertion that the subscriber will generate, store and use the private key on a qualified device for electronic signatures – such as a HSM – which meets the requirements of {7} CWA 14169 Secure signature-creation devices or EN 419 211 for Qualified signature-creation devices "EAL 4+" or equivalent security criteria such as FIPS 140-2 level 3.

The subscriber shall hand over evidence to this effect with the certificate request by submitting the certification of the secure device and, if applicable, a screenshot of the settings of the secure device on FIPS140-2 level 3.

• The contract between the TSP and the subscriber contains an assertion in which the subscriber states that the private key (and associated activation data, such as a PIN code) related to the public key is generated in the qualified device and is kept secret and protected in future. |

  The subscriber shall hand over evidence to this effect of the PKI ceremony script which is used during the implementation of the qualified device for electronic signatures and the generation of the key pair.

                                                                                                                                                                                                                                                                                                                                                                                                             |

• The TSP is present during the PKI ceremony for the commissioning of the qualified device for electronic signatures and the generation of the key pair. This enables the TSP to check the effectiveness of the security measures. |

                                                                                                                                                                                                                                                                                                                                                                                                             |

• During registration the Subscriber submits a written statement of demonstrably satisfying the requirements and/or conditions placed either on the use of the qualified device for electronic signatures, or by the certification of the device on the environment in which it is administrated and the administration itself. |

                                                                                                                                                                                                                                                                                                                                                                                                             |

• The Subscriber submits a written statement that the certificate holder has explicitly mandated the system administrators of the qualified device for electronic signatures for the administration and that access to this device is always subject to dual control. |

If the TSP generates the private key for the subscriber, this MUST be supplied encrypted to the subscriber to safeguard the integrity and confidentiality of the private key. The following measures must then be taken into account:

• The TSP MUST generate the private key for the subscriber in the secured environment to which the PKIoverheid PoR and the corresponding audit apply; |

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |

• Once the private key has been generated for the subscriber, it MUST be stored encrypted using a strong algorithm (in accordance with the requirements of ETSI TS 119 312) within the TSP's secured environment; |

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |

• When storing this key, the TSP MUST apply the P12 standard, where the privacy mode and the integrity mode are used. To this end, the TSP MAY encrypt the P12 file with a personal PKI certificate of the subscriber/certificate manager. If this is not available, the TSP MUST use a password supplied by the subscriber. This password MUST be supplied by the subscriber through the TSP's website, for which an SSL/TLS connection is used, or via a similar procedure which guarantees the same trustworthiness and security; |

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |

• If a password is used to encrypt the P12, this password has to contain at least 8 positions including at least one number and two special characters; |

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |

• The TSP MAY NEVER send the password that is used to encrypt/decrypt the P12 in cleartext over a network or store it on a server. The password MUST be encrypted using a strong algorithm (in accordance with the requirements of ETSI TS 119 312); |

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |

• The P12 file MUST be sent to the subscriber over an SSL/TLS secured network, or be supplied out-of-band on a data carrier (e.g. USB stick or CD-Rom). |

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |

• If the P12 is supplied out-of-band, this must be additionally encrypted with a key other than the P12 file. In addition, the P12 MUST be delivered to the subscriber using a certified courier, or by a representative of the TSP in a seal bag. The courier must be certified in accordance with the requirements dictated in part 2 under paragraph 2.2 for the specific service applicable here. |

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |

• If the P12 file is sent over a SSL/TLS secured network the TSP MUST ensure that the P12 file is successfully downloaded no more than once. Access to the P12 file when transferring via SSL/TLS has to be blocked after three attempts. |

Instead of the TSP generating the keys, the certificate manager MAY generate the keys of the services authenticity and encryption certificates in a SUD using PKCS#10 to deliver the CSR to the TSP for signing, under the following conditions:

• The agreement between the TSP and the subscriber stipulates that the certificate manager generates, saves and uses the private key on a secure device that conforms to the requirements of CWA 14169 for a Secure signature-creation devices or EN 419 211 for Qualified signature-creation devices “EAL 4+" or comparable security criteria. |

  With the request the subscriber must prove that the secure device used for key generation conforms to CWA 14169 for a Secure signature-creation devices or EN 419 211 for Qualified signature-creation devices EAL 4+"" or comparable security criteria.

  The TSP must then verify that the SUD in question conforms (comparable to “The subscriber MUST prove that the organization may use this name.”)

                                                                                                                                                                                                                                                                                                                                                                                                 |

• On registration the certificate manager must at least produce a written statement that measures have been taken in the environment of the system that generates/contains the keys. The measures must be of such quality that is practically impossible to steal or copy the keys unnoticed. |

  The agreement between the subscriber and the TSP must stipulate that the TSP has the right to perform an audit on the measures taken (conform 6.2.11-pkio107)

                                                                                                                                                                                                                                                                                                                                                                                                 |

• The agreement between the subscriber and the TSP must contain the following condition. The subscriber must declare that the private key (and the corresponding access information such as a PIN code), relating to the public key in het SUD in question has, in an appropriate manner, been generated under the control of the certificate manager and will be kept secret and protected in the future. |

[OID 2.16.528.1.1003.1.2.2.2 and 2.16.528.1.1003.1.2.5.2],

[OID 2.16.528.1.1003.1.2.2.1 and 2.16.528.1.1003.1.2.5.1] and

[OID 2.16.528.1.1003.1.2.3.2 and 2.16.528.1.1003.1.2.3.1].

The certificate holder's private key has to be delivered to the certificate holder, if required through the subscriber, in a manner such that the secrecy and the integrity of the key is not compromised and, once delivered to the certificate holder, the private key can be maintained under the certificate holder’s sole control.

Instead of using a hardware-based SUD, the keys of a services certificate can be protected by software if compensating measures are taken in the system's environment that contains the keys. The compensating measures must be of such a quality that it is practically impossible to steal or copy the key unnoticed.

When registering, the manager of the services certificates that uses this option for software-based storage has, at the very least, to submit a written declaration to state that compensating measures have been taken that fulfil the condition stipulated to this end. The agreement between the subscriber and TSP must state that the TSP is entitled to check the measures that have been taken.

[OID 2.16.528.1.1003.1.2.2.2, 2.16.528.1.1003.1.2.5.2 and 2.16.528.1.1003.1.2.3.2]

The signature certificate has to be saved during the term of validity and furthermore during a period of at least seven years after the date on which the validity of the certificate expired.

Private keys used by a certificate holder and issued under the responsibility of this CP MAY NOT be used for more than two (2) years.

Certificates issued under the responsibility of this CP MAY NOT be valid for more than 397 days.

In the event that a certificate is replaced following revocation under section 4.9.1.1 of the Baseline Requirements, the private key of a certificate MAY NOT be reused, except in the case of revocation under point 7 (certificate not issued in accordance with BR or CP/CPS of TSP).

The certificate extension Extended Key Usage MUST be present, MUST NOT be marked “critical”, and MUST contain at least the following KeyPurposIds:

For an authenticity certificate:

client Authentication =1.3.6.1.5.5.7.3.2

document Signing =1.3.6.1.4.1.311.10.3.12

emailProtection = 1.3.6.1.5.5.7.3.4

For a signature certificate:

document Signing =1.3.6.1.4.1.311.10.3.12

emailProtection = 1.3.6.1.5.5.7.3.4

(mandatory for G3, optional for G2)

For an confidentiality certificate:

emailProtection =1.3.6.1.5.5.7.3.4

Encrypting File System =1.3.6.1.4.1.311.10.3.4

The KeyPurposeId id-kp-serverAuth MUST NOT be present and the KeyPurposeId id-kp-codeSigning MUST NOT be present.

Specifically for G2 certificates any other KeyPurposeId defined in an open or accepted standard corresponding to the key usage as indicated by the KeyUsage extension MAY be present. In the G3 and following generations this extension MAY NOT be present.

The above should take into account the EKUs included in the issuing TSP CA. If the issuing TSP CA is not provided with the mandatory EKUs stated above, these MAY NOT be included in the end-user certificate.

The certificate extension Extended Key Usage MUST be present, MUST NOT be marked “critical”, and MUST contain at least the following KeyPurposIds:

For a services authentication certificate:

• client Authentication =1.3.6.1.5.5.7.3.2 |

• document Signing =1.3.6.1.4.1.311.10.3.12 |

• emailProtection =1.3.6.1.5.5.7.3.4 |

  For a services confidentiality certificate:

                                                                                                                                                                                                                                                                  |

• Encrypting File System =1.3.6.1.4.1.311.10.3.4 |

• emailProtection = 1.3.6.1.5.5.7.3.4 |

  For a seal certificate

                                                                                                                                                                                                                                                                  |

• document Signing =1.3.6.1.4.1.311.10.3.12 |

• emailProtection = 1.3.6.1.5.5.7.3.4 |

  The KeyPurposeId id-kp-serverAuth MUST NOT be present, the KeyPurposeId id-kp-codeSigning MUST NOT be present, the KeyPurposeId AnyextendedKeyusage MUST NOT be present and any KeyPurposeId solely intended to identify a service based on its FQDN MUST NOT be present.

  Specifically for G2 certificates any other KeyPurposeId defined in an open or accepted standard corresponding to the key usage as indicated by the KeyUsage extension MAY be present. In the G3 and following generations this extension MAY NOT be present.

  The above should take into account the EKUs included in the issuing TSP CA. If the issuing TSP CA is not provided with the mandatory EKUs stated above, these MAY NOT be included in the end-user certificate.

The certificate extension Extended Key Usage MUST be present, MUST NOT be marked “critical”, and MUST contain at least the following KeyPurposIds:

For an Autonomous Devices – authenticity certificate:

Client Authentication =1.3.6.1.5.5.7.3.2

For an Autonomous Devices – confidentiality certificate:

emailProtection =1.3.6.1.5.5.7.3.4

Encrypting File System =1.3.6.1.4.1.311.10.3.4

For an Autonomous Devices – combination certificate:

client Authentication =1.3.6.1.5.5.7.3.2

document Signing =1.3.6.1.4.1.311.10.3.12

emailProtection =1.3.6.1.5.5.7.3.4

Encrypting File System =1.3.6.1.4.1.311.10.3.4

The KeyPurposeId id-kp-serverAuth MUST NOT be present, the KeyPurposeId id-kp-codeSigning MUST NOT be present, the KeyPurposeId AnyextendedKeyusage MUST NOT be present and any KeyPurposeId solely intended to identify a service based on its FQDN MUST NOT be present.

Specifically for G2 certificates any other KeyPurposeId defined in an open or accepted standard corresponding to the key usage as indicated by the KeyUsage extension MAY be present. In the G3 and following generations this extension MAY NOT be present.

The above should take into account the EKUs included in the issuing TSP CA. If the issuing TSP CA is not provided with the mandatory EKUs stated above, these MAY NOT be included in the end-user certificate.

The Subject.CommonName field (if included) MUST contain a FQDN (Fully Qualified Domain Name). An FQDN MUST also appear in the SubjectAltName.DNsName field. An IP address MUST also appear in the SubjectAltName.iPAdress field.

A server certificate MAY contain multiple FQDNs from different domains on condition that these domains are registered in the name of the same subscriber or is authorization by the same subscriber.

This means that a TSP cannot combine FQDNs in one certificate that are both from different domains and are registered in the name of different owners.

The following is NOT allowed to be included in the Subject.Commonname field, SubjectAltName.iPAdress or the SubjectAltName.DNname field

• wildcard FQDNs |

• local domain names, |

• private IP addresses |

• internationalized domain names (IDNs) |

• null characters \ 0 |

• generic TopLevel Domain (gTLD) |

• Country code TopLevelDomein (ccTLD) |

The Subject.CommonName field MUST contain a FQDN (Fully Qualified Domain Name). An FQDN MUST also appear in the SubjectAltName.DNsName field.

An Extended Validation certificate MAY contain several FQDNs. Every FQDN MUST fall under the same main domain. (e.g., www.logius.nl, application.logius.nl, secure.logius.nl etc.).

The following is NOT permitted to include in the Subject.Commonname field or the SubjectAltName.DNname field

• wildcard FQDNs |

• local domain names, |

• private IP addresses |

• internationalized domain names (IDNs) |

• null characters \ 0 |

• generic TopLevel Domain (gTLD) |

• Country code TopLevelDomein (ccTLD) |

The Subject.CommonName SHOULD contain an FQDN (Fully Qualified Domain Name) or an IP address. An FQDN must also appear in the SubjectAltName.DNsName field. An IP address must also appear in the SubjectAltName.iPAdress field.

A server certificate may contain multiple FQDNs from different domains on condition that these domains are registered in the name of the same subscriber or are authorized by the same subscriber.

This means that a TSP cannot combine FQDNs in one certificate that are both from different domains and are registered in the name of different owners.

If it is not possible or desirable to include an FQDN in the subject.commonName field, but the field is necessary for the server to function properly, it is allowed to use the function of an organizational entity or the name with which the service, device or system is indicated.

The following is not permitted to be included in the Subject.Commonname field, SubjectAltName.iPadres or the SubjectAltName.DNname field

• wildcard FQDNs |

• local domain names, |

• private IP addresses |

• internationalized domain names (IDNs) |

• null characters \ 0 |

• generic TopLevel Domain (gTLD) |

• Country code TopLevelDomein (ccTLD) |

From ETSI TS 119 312, the TSP MUST choose from 1 of the following options for the Signature field in a certificate:

• sha256WithRSAEncryption: 1.2.840.113549.1.1.11 |

  ( OBJECT IDENTIFIER ::= { iso(1) |

  member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 11 }) |

                                                                                                                                                                               |

• ecdsa-with-SHA256: 1.2.840.10045.4.3.2 |

  {OBJECT IDENTIFIER ::= { iso(1) member-body(2)

  us(840)ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }}) |

                                                                                                                                                                               |

• sha384WithRSAEncryption : 1.2.840.113549.1.1.12 |

  {OBJECT IDENTIFIER ::= { iso(1) |

  member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 12 } |

                                                                                                                                                                               |

• ecdsa-with-SHA384:1.2.840.10045.4.3.3 |

  {OBJECT IDENTIFIER ::= { iso(1) member-body(2)

  us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 } |

The Authority Information Access field must contain the following entries:

Access Method = - Id-ad-ocsp (On-line Certificate Status Protocol - 1.3.6.1.5.5.7.48.1). This field must contain the URI where the OCSP responder can be found that is authorized by the issuing CA of the certificate to be checked;

Access Method = Certification Authority Issuer (1.3.6.1.5.5.7.48.2). This field must contain the URI where the certificate of the issuing CA can be found.

The serial number of all end-user certificates must meet the following requirements:

1. The value of the serial number MUST NOT be 0 (zero);

2. The value of the serial number MUST NOT be negative;

3. The value of the serial number MUST be unique within the population of end-user certificates issued under an issuing TSP CA;

4. The serial number MUST have a minimum length of 96 bits (12 octets);

5. The value of the serial number MUST contain at least 64 bits of unpredictable random data;

6. Said random data MUST be generated by a Cryptographically Secure Pseudorandom Number Generator (CSPRNG);

7. The serial number MUST NOT be longer than 160 bits (20 octets).

The serial number of all end-user certificates must meet the following requirements:

1. The value of the serial number MUST NOT be 0 (zero)

2. The value of the serial number MUST NOT be negative

3. The value of the serial number MUST be unique within the population of end-user certificates issued under an issuing TSP CA.

4. The serial number MUST have a minimum length of 96 bits (12 octets)

5. The value of the serial number MUST contain at least 64 bits of unpredictable random data

6. Said random data SHOULD be generated by a Cryptographically Secure Pseudorandom Number Generator (CSPRNG).

7. The serial number MUST NOT be longer than 160 bits (20 octets).

The extensions:certificatePolicies extension MUST contain the following fields and values:

• policyIdentifier field with value "2.16.528.1.1003.1.2.5.9"; |

• policyQualifiers:policyQualifierId field with value "id-qt 1" [RFC5280]; |

• policyQualifiers:qualifier:cPSuri field with value the HTTP URL for the TSP’s Certification Practice Statement. |

In addition to this PoR, issuing certificates SHALL undergo an audit in accordance with the following schemes:

1. ETSI EN 319 411-1 with policy NCP+ (ETSI CP OID 0.4.0.2042.1.2, mandating usage of SSCDs) for authenticity and confidentiality certificates, and

2. ETSI EN 319 411-2 with policy QCP-n-qscd (ETSI CP OID 0.4.0.194112.1.2, mandating usage of SSCDs) for non-repudiation certificates (eIDAS eSignatures), and

3. CA/Browser Forum Network and Certificate System Security Requirements.

In addition to this PoR, issuing certificates SHALL undergo an audit in accordance with the following schemes:

1. ETSI EN 319 411-1 with policy NCP+ (ETSI CP OID 0.4.0.2042.1.2, mandating usage of SSCDs) for authenticity and confidentiality certificates, and

2. ETSI EN 319 411-2 with policy QCP-l-qscd (ETSI CP OID 0.4.0.194112.1.3, mandating usage of SSCDs) for non-repudiation certificates (eIDAS eSeals), and

3. CA/Browser Forum Network and Certificate System Security Requirements.

In addition to this PoR, issuing certificates SHALL undergo an audit in accordance with the following schemes:

1. ETSI EN 319 411-1 with policy NCP+ (ETSI CP OID 0.4.0.2042.1.2, mandating usage of SSCDs) for authenticity and confidentiality certificates, and

2. CA/Browser Forum Network and Certificate System Security Requirements.

In addition to this PoR, issuing certificates SHALL undergo an audit in accordance with the following schemes:

1. ETSI EN 319 411-1 (latest published version applies) with policies NCP (ETSI CP OID 0.4.0.2042.1.1) and OVCP (ETSI CP OID 0.4.0.2042.1.7), and

2. CA/Browser Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (latest published version applies), and

3. CA/Browser Forum Network and Certificate System Security Requirements.

In addition to this PoR, issuing certificates SHALL undergo an audit in accordance with the following schemes:

1. ETSI EN 319 411-1 with policies NCP (ETSI CP OID 0.4.0.2042.1.1) and OVCP (ETSI CP OID 0.4.0.2042.1.7), and

2. CA/Browser Forum Network and Certificate System Security Requirements.

If the TSP issues or intends to issue qualified certificates under PKIoverheid, the following additional requirements SHALL apply:

1. the audit report states that the TSP meets the eIDAS (910/2014) regulation requirements, and

2. the issuing certificate with which the TSP wants to issue qualified certificates is on the Trusted Services List (TSL) of Agentschap Telecom (AT).

The PA informs TSPs about relevant changes to the Baseline Requirements and / or the Extended Validation Guidelines. TSPs must prove that they comply with stated changes by submitting a signed statement from or on behalf of the authorized director to the PA before the effective date of the change in question. The PA provides a template for this.

If a TSP cannot comply on time or does not submit a signed declaration on time, the PA reserves the right to (temporarily) suspend certificate issuance at the relevant TSP until the TSP can (demonstrably) comply with the stated change.

In the agreement between the TSP and the subscriber, a clause (a clause as specified in article 6:253 of the Civil Code) will be included in which the TSP champions the interests of a third party relying on the certificate. This clause addresses a liability of the TSP in accordance with article 6:196b, first up to and including third paragraph, of the Civil Code, with the proviso that:

1. for "a qualified certificate specified in article 1.1, division ss Telecommunications Act": "a confidentiality certificate from the PKIoverheid Autonomous Devices domain" is read;

2. for "signatory": "certificate holder" is read;

3. for "creation of electronic signatures": "creation of encrypted data" is read;

4. For "verification of electronic signatures": "decoding of encrypted data" is read.