Logo of Logius. Logius is part of the Ministery of the Interior and Kingdom Relations
Home | Certificate Practice Statement (CPS) | Programme of Requirements (CP) | CA certificates | Certificate Revocation Lists (CRL) | Object Identifiers (OID)

Table of Contents

Profiles quick references

The following PKIoverheid Programme of Requirements (PoR) version 5.1 profile quick references can be found on this page:

Note: These tables are intended to be a helpful reference to the PKIoverheid certificate profile requirements, but are not part of the PoR itself and therefore are not normative. Great care is taken to ensure no inconsistencies exist between these tables and the PoR. Should you nevertheless come across any discrepancies, please notify the PKIoverheid PA and this page will be updated accordingly.

Subscriber Certificate profile quick reference

Field Presence Description
tbsCertificate SHALL See PoR Section 7.1.2.3.
    version SHALL See PoR Section 7.1.2.3.1.
    serialNumber SHALL See PoR Section 7.1.2.3.2.
    signature SHALL See PoR Section 7.1.2.3.3.
    issuer SHALL See PoR Section 7.1.2.3.4.
    validity SHALL See PoR Section 7.1.2.3.5.
        notBefore Varies See PoR Section 7.1.2.3.5.
        notAfter Varies See PoR Section 7.1.2.3.5.
    subject SHALL See PoR Section 7.1.2.3.6.
        countryName SHALL See PoR Section 7.1.4.2.2.4.
        stateOrProvinceName Varies See PoR Section 7.1.4.2.2.6.
        localityName Varies See PoR Section 7.1.4.2.2.5.
        organizationName Varies See PoR Section 7.1.4.2.2.7.
        surname Varies See PoR Section 7.1.4.2.2.2.
        givenName Varies See PoR Section 7.1.4.2.2.11.
        organizationalUnitName Varies See PoR Section 7.1.4.2.2.8.
        commonName Varies See PoR Section 7.1.4.2.2.1.
        serialNumber Varies See PoR Section 7.1.4.2.2.3.
        organizationIdentifier Varies See PoR Section 7.1.4.2.2.10.
        title Varies See PoR Section 7.1.4.2.2.9.
    subjectPublicKeyInfo SHALL See PoR Section 7.1.2.5.7.
    extensions SHALL See below.
        subjectKeyIdentifier Varies Critical: FALSE. See PoR Section 7.1.2.3.8.
        keyUsage SHALL Critical: TRUE. See PoR Section 7.1.2.3.9.
        subjectAltName Varies Critical: FALSE. See PoR Section 7.1.4.2.1.
            dNSName Varies See PoR Section 7.1.4.2.1.1.
            iPAddress Varies See PoR Section 7.1.4.2.1.2.
            otherName Varies See PoR Section 7.1.4.2.1.3.
            rfc822Name Varies See PoR Section 7.1.4.2.1.4.
        basicConstraints MAY Critical: TRUE. See PoR Section 7.1.2.3.11.
        cRLDistributionPoints SHALL Critical: FALSE. See PoR Section 7.1.2.3.12.
        certificatePolicies SHALL Critical: FALSE. See PoR Section 7.1.2.6.4.
        authorityKeyIdentifier SHALL Critical: FALSE. See PoR Section 7.1.2.3.14.
        extKeyUsage SHALL Critical: FALSE. See PoR Section 7.1.2.3.15.
        authorityInfoAccess MAY Critical: FALSE. See PoR Section 7.1.2.3.16.
        qcStatements Varies Critical: FALSE. See PoR Section 7.1.2.3.17.
signatureAlgorithm SHALL See PoR Section 7.1.3.2.
signature SHALL N/A

Delegated OCSP Responder Certificate profile quick reference

Field Presence Description
tbsCertificate SHALL See PoR Section 7.1.2.5.
    version SHALL See PoR Section 7.1.2.5.1.
    serialNumber SHALL See PoR Section 7.1.2.5.2.
    signature SHALL See PoR Section 7.1.2.5.3.
    issuer SHALL See PoR Section 7.1.2.5.4.
    validity SHALL See PoR Section 7.1.2.5.5.
        notBefore Varies See PoR Section 7.1.2.5.5.
        notAfter Varies See PoR Section 7.1.2.5.5.
    subject SHALL See PoR Section 7.1.4.4.
    subjectPublicKeyInfo SHALL See PoR Section 7.1.2.5.7.
    extensions SHALL See below.
        subjectKeyIdentifier Varies Critical: FALSE. See PoR Section 7.1.2.5.8.
        keyUsage SHALL Critical: TRUE. See PoR Section 7.1.2.5.9.
        subjectAltName Varies Critical: FALSE. See PoR Section 7.1.4.4.
        basicConstraints MAY Critical: TRUE. See PoR Section 7.1.2.5.11.
        cRLDistributionPoints SHALL Critical: FALSE. See PoR Section 7.1.2.5.12.
        certificatePolicies SHALL Critical: FALSE. See PoR Section 7.1.6.6.
        authorityKeyIdentifier SHALL Critical: FALSE. See PoR Section 7.1.2.5.14.
        extKeyUsage SHALL Critical: FALSE. See PoR Section 7.1.2.5.15.
        authorityInfoAccess MAY Critical: FALSE. See PoR Section 7.1.2.5.16.
        qcStatements Varies Critical: FALSE. See PoR Section 7.1.2.5.17.
        id-pkix-ocsp-nocheck SHALL Critical: Varies. See PoR Section 7.1.2.5.18.
signatureAlgorithm SHALL See PoR Section 7.1.3.2.
signature SHALL N/A

CRL profile quick reference

Field Presence Description
tbsCertList See PoR Section 7.2.
    version SHALL See PoR Section 7.2.1.
    signature SHALL See PoR Section 7.2.3.2.
    issuer SHALL See PoR Section 7.2.3.3.
    thisUpdate SHALL See PoR Section 7.2.3.4.
    nextUpdate SHALL See PoR Section 7.2.3.5.
    revokedCertificates Varies See PoR Section 7.2.3.6.
         crlEntryExtensions MAY See PoR Section 7.2.2.2.
    crlExtensions SHALL See PoR Section 7.2.2.1.
signatureAlgorithm SHALL See PoR Section 7.1.3.2.
signature SHALL N/A

OCSP Response profile quick reference

Note: The table below is included for reference purposes only.

Field Presence Description
responseStatus SHALL See PoR Section 7.3.3.1.
responseBytes Varies See PoR Section 7.3.3.2.
    responseType SHALL See PoR Section 7.3.3.2.
    response SHALL See PoR Section 7.3.3.2.
         BasicOCSPResponse SHALL See PoR Section 7.3.3.2.
              tbsResponseData SHALL See PoR Section 7.3.3.2.1.
                   version SHALL See PoR Section 7.3.1.
                   responderID SHALL See PoR Section 7.3.3.2.12.
                   producedAt SHALL See PoR Section 7.3.3.2.13.
                   responses SHALL See PoR Section 7.3.3.2.14.
                   responseExtensions SHALL See PoR Section 7.3.3.2.15.
               signatureAlgorithm SHALL See PoR Section 7.1.3.2.
               signature SHALL See PoR Section 7.3.3.2.3.
               certs SHALL See PoR Section 7.3.3.2.4.

Exported on: .