Documents

S2v24

Description
This document describes VRK (PRC) CA-model and certificate contents of electronic identification document at Finland
Categories
Published
of 91
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
   18.12.2013 FINEID SPECIFICATION   Population Register Centre (VRK) Certification Authority Services P.O. Box 123 FIN-00531 Helsinki Finland http://www.fineid.fi   FINEID - S2 VRK (PRC) CA-model and certificate contents v2.4   FINEID SPECIFICATION 18.12.2013 FINEID - S2 /v2.4 i  Authors  Name Initials Organization E-mail Antti Partanen AP VRK antti.partanen@vrk.fi Mika Pohjolainen MP VRK mika.pohjolainen@vrk.fi Sauli Toriseva ST VRK sauli.toriseva@vrk.fi Document history Version Date Editor Changes Status 2.4 18.12.2013 AP Editorial corrections Accepted 2.4 3.12.2013 AP Information about new ‘G2’ CAs added,  Netscape Certificate Extensions deprecated, Root and intermediate CA’s CDP and AIA reference table added (chapter 9.2), notes added concerning sha256 hash algorithm, updated new postal address of VRK, Information about VRK Gov. CA for Multiplatform Citizen Qualified Certificates CA removed Draft 2.3 7.6.2011 ST, AP Information about new CAs added, transition from teletext to utf8 encoding,  pseudonym attribute description added, ldap-CDP syntax modified, description of serialNumber and UPN attribute content Accepted 2.2 31.08.2007 MP Definition of subjectAltName extension’s Principal Name updated. Accepted 2.1 05.07.2005 AP, MP Information about VRK Gov. CA for Multiplatform Citizen Qualified Certificates CA added, implementation of qcStatements extension updated, minor editorial corrections and updates Accepted 2.0 24.03.2003 AP Accepted 0.9 18.03.2003 AP Draft 0.1 28.10.2002 AP Initial draft Contents 0.1. Introduction ................................................................................................................. 1   0.2. About FINEID specifications in general ..................................................................... 1   1. FINEID S2 ........................................................................................................................ 3   2. About VRK’s certificates ................................................................................................ 3   3. Root CA model ................................................................................................................. 5   4. Root certificate ................................................................................................................. 6   5. Intermediate CA certificates .......................................................................................... 6   5.1. CA certificates ............................................................................................................. 7   6. Certificate contents .......................................................................................................... 8     FINEID SPECIFICATION 18.12.2013 FINEID - S2 /v2.4 ii 6.1. Basic certificate fields ................................................................................................. 8   6.2. Certificate Fields ......................................................................................................... 9   6.2.1. tbsCertificate ......................................................................................................... 9   6.2.2. signatureAlgorithm ............................................................................................... 9   6.2.3. signatureValue ...................................................................................................... 9   6.3. TBSCertificate ........................................................................................................... 10   6.3.1. version ................................................................................................................. 10   6.3.2. serialNumber ....................................................................................................... 10   6.3.3. signature .............................................................................................................. 10   6.3.4. issuer ................................................................................................................... 11   6.3.5. validity ................................................................................................................ 12   6.3.6. subject ................................................................................................................. 13   6.3.6.1. Citizen certificates ........................................................................................ 14   6.3.6.2. User certificates for organizational usage .................................................... 15   6.3.6.3. User certificates for Healthcare Professional usage ..................................... 15   6.3.6.4. Service certificates ........................................................................................ 16   6.3.6.4.1.  Server certificates  ................................................................................. 16   6.3.6.4.2.  System signature certificates  ............................................................... 17   6.3.6.4.3.  Service certificates for email usage  ..................................................... 18   6.3.7. subjectPublicKeyInfo .......................................................................................... 19   6.3.8. Certificate extensions .......................................................................................... 19   6.3.8.1. authorityKeyIdentifier .................................................................................. 20   6.3.8.2. subjectKeyIdentifier ..................................................................................... 21   6.3.8.3. keyUsage ...................................................................................................... 21   6.3.8.4. certificatePolicies ......................................................................................... 22   6.3.8.5. subjectAltName ............................................................................................ 24   6.3.8.6. Basic Constraints .......................................................................................... 25   6.3.8.7. extendedKeyUsage ....................................................................................... 26   6.3.8.8. cRLDistributionPoints .................................................................................. 27   6.3.9. Private extensions ............................................................................................... 28   6.3.9.1. authorityInfoAccess ...................................................................................... 28   6.3.9.2. netscape-cert-type ......................................................................................... 29   6.3.9.3. qcStatements ................................................................................................. 30   7. Certificate and Authority Revocation Lists ................................................................ 31   7.1. CertificateList Fields ................................................................................................. 31   7.1.1. tbsCertList ........................................................................................................... 32     FINEID SPECIFICATION 18.12.2013 FINEID - S2 /v2.4 iii 7.1.2. signatureAlgorithm ............................................................................................. 32   7.1.3. signatureValue .................................................................................................... 32   7.2. Certificate List To Be Signed ................................................................................ 32   7.2.1. Version ................................................................................................................ 32   7.2.2. Signature ............................................................................................................. 33   7.2.3. Issuer Name ........................................................................................................ 33   7.2.4. This Update ......................................................................................................... 33   7.2.5. Next Update ........................................................................................................ 33   7.2.6. Revoked Certificates ........................................................................................... 33   7.3. Extensions ................................................................................................................. 34   7.3.1. CRL Extensions .................................................................................................. 34   7.3.1.1. Authority Key Identifier ............................................................................... 34   7.3.1.2. CRL Number ................................................................................................ 34   7.3.1.3. Issuing Distribution Point ............................................................................. 34   7.3.2. CRL Entry Extensions ........................................................................................ 35   7.3.2.1. Reason Code ................................................................................................. 35   7.3.2.2. Invalidity Date .............................................................................................. 36   8. Summary Tables ............................................................................................................ 37   8.1. Common subject and issuer attributes ....................................................................... 37   9. Certificate information summary ................................................................................ 38   9.1. Root and CA Certificate Fingerprints (signature hashes) ......................................... 41   9.2. Root and CA Certificate AIA and CDP uris ............................................................. 44   10. Root, CA and End Entity Certificate examples and example of Certificate Revocation List ............................................................................................... 46   10.1. Root Certificate ....................................................................................................... 46   10.2. CA Certificate ......................................................................................................... 50   10.3. Citizen Certificate - Authentication & Encryption ................................................. 55   10.4. Citizen Certificate - Non Repudiation..................................................................... 60   10.5. User Certificate for Organizational usage - Authentication & Encryption ............. 65   10.6. User Certificate for Organizational usage – Non Repudiation ............................... 71   10.7. Service Certificate ................................................................................................... 77   10.8. Certificate Revocation List ..................................................................................... 82  
Search
Similar documents
Tags
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks