Globalsign Certification Practice Statement
Total Page:16
File Type:pdf, Size:1020Kb
GlobalSign Certification Practice Statement Date: March 30, 2021 Effective date for Qualified Timestamping, Qualified Web Authentication Certificates, Qualified Certificates for Electronic Signatures and Qualified Certificates for Electronic Seals: {normal date + 2 weeks} Version: v9.7 Table of Contents TABLE OF CONTENTS ................................................................................................................................ 2 DOCUMENT HISTORY ............................................................................................................................... 8 ACKNOWLEDGMENTS .............................................................................................................................10 1.0 INTRODUCTION ...........................................................................................................................11 1.1 OVERVIEW ........................................................................................................................................ 13 1.1.1 Certificate Naming ................................................................................................................. 16 1.2 DOCUMENT NAME AND IDENTIFICATION ................................................................................................. 18 1.3 PKI PARTICIPANTS .............................................................................................................................. 24 1.3.1 Certification Authorities ......................................................................................................... 24 1.3.2 Registration Authorities ......................................................................................................... 24 1.3.3 Subscribers ............................................................................................................................. 26 1.3.4 Relying Parties ....................................................................................................................... 26 1.3.5 Other Participants .................................................................................................................. 26 1.4 CERTIFICATE USAGE ............................................................................................................................ 27 1.4.1 Appropriate Certificate Usage ............................................................................................... 27 1.4.2 Prohibited Certificate usage .................................................................................................. 29 1.5 POLICY ADMINISTRATION ..................................................................................................................... 30 1.5.1 Organization Administering the Document ........................................................................... 30 1.5.2 Contact Person ....................................................................................................................... 30 1.5.3 Person Determining CPS Suitability for the Policy.................................................................. 30 1.5.4 CPS Approval Procedures ....................................................................................................... 30 1.6 DEFINITIONS AND ACRONYMS ............................................................................................................... 31 2.0 PUBLICATION AND REPOSITORY RESPONSIBILITIES .....................................................................39 2.1 REPOSITORIES .................................................................................................................................... 39 2.2 PUBLICATION OF CERTIFICATE INFORMATION ........................................................................................... 39 2.3 TIME OR FREQUENCY OF PUBLICATION .................................................................................................... 40 2.4 ACCESS CONTROLS ON REPOSITORIES ..................................................................................................... 40 3.0 IDENTIFICATION AND AUTHENTICATION .....................................................................................40 3.1 NAMING ........................................................................................................................................... 40 3.1.1 Types of Names...................................................................................................................... 40 3.1.2 Need for Names to be Meaningful ........................................................................................ 41 3.1.3 Anonymity or Pseudonymity of Subscribers ........................................................................... 41 3.1.4 Rules for Interpreting Various Name Forms .......................................................................... 41 3.1.5 Uniqueness of Names ............................................................................................................ 41 3.1.6 Recognition, Authentication, and Role of Trademarks .......................................................... 42 3.2 INITIAL IDENTITY VALIDATION ................................................................................................................ 42 3.2.1 Method to Prove Possession of Private Key ........................................................................... 42 3.2.2 Authentication of Organization Identity ................................................................................ 42 3.2.3 Authentication of Individual identity ..................................................................................... 45 3.2.4 Non-Verified Subscriber Information ..................................................................................... 49 3.2.5 Validation of Authority .......................................................................................................... 50 3.2.6 Criteria for Interoperation ..................................................................................................... 51 3.2.7 Authentication of Domain Names ......................................................................................... 51 3.2.8 Authentication of Email addresses ........................................................................................ 52 3.3 IDENTIFICATION AND AUTHENTICATION FOR RE-KEY REQUESTS .................................................................... 52 3.3.1 Identification and Authentication for Routine Re-key ........................................................... 52 3.3.2 Identification and Authentication for Reissuance after Revocation ...................................... 53 3.3.3 Re-verification and Revalidation of Identity When Certificate Information Changes ............ 53 3.3.4 Identification and Authentication for Re-key After Revocation ............................................. 53 3.4 IDENTIFICATION AND AUTHENTICATION FOR REVOCATION REQUEST ............................................................. 54 GlobalSign CPS (Certification Practice Statement) 2 of 95 Version: 9.7 4.0 CERTIFICATE LIFECYCLE OPERATIONAL REQUIREMENTS ..............................................................54 4.1 CERTIFICATE APPLICATION .................................................................................................................... 54 4.1.1 Who Can Submit a Certificate Application ............................................................................. 54 4.1.2 Enrollment Process and Responsibilities ................................................................................ 55 4.2 CERTIFICATE APPLICATION PROCESSING .................................................................................................. 55 4.2.1 Performing Identification and Authentication Functions ....................................................... 55 4.2.2 Approval or Rejection of Certificate Applications .................................................................. 55 4.2.3 Time to Process Certificate Applications ................................................................................ 56 4.3 CERTIFICATE ISSUANCE ........................................................................................................................ 56 4.3.1 CA Actions during Certificate Issuance .................................................................................. 56 4.3.2 Notifications to Subscriber by the CA of Issuance of Certificate ............................................ 57 4.3.3 Notification to North American Energy Standards Board (NAESB) Subscribers by the CA of Issuance of Certificate ........................................................................................................................... 57 4.4 CERTIFICATE ACCEPTANCE .................................................................................................................... 57 4.4.1 Conduct Constituting Certificate Acceptance ........................................................................ 57 4.4.2 Publication of the Certificate by the CA ................................................................................. 57 4.4.3 Notification of Certificate Issuance by the CA to Other Entities ............................................ 57 4.5 KEY PAIR AND CERTIFICATE USAGE ......................................................................................................... 57 4.5.1 Subscriber Private Key and Certificate Usage .......................................................................