Globalsign Certificate Policy
Total Page:16
File Type:pdf, Size:1020Kb
GlobalSign Certificate Policy Date: September 25, 2019 Effective date for Qualified Time Stamping, Qualified Web Authentication Certificates, Qualified Certificates for Electronic Signatures and Qualified Certificates for Electronic Seals: {normal date + 2 weeks} Version: v6.2 Table of Contents TABLE OF CONTENTS ................................................................................................................................ 2 DOCUMENT HISTORY ............................................................................................................................... 8 ACKNOWLEDGMENTS .............................................................................................................................10 1.0 INTRODUCTION ...........................................................................................................................11 1.1 OVERVIEW ........................................................................................................................................ 11 Additional requirements for Trusted Root Issuer CAs ............................................................ 13 1.2 DOCUMENT NAME AND IDENTIFICATION ................................................................................................. 13 1.3 PKI PARTICIPANTS .............................................................................................................................. 15 Certification Authorities (“Issuer CAs”) .................................................................................. 15 Registration Authorities ......................................................................................................... 16 Subscribers ............................................................................................................................. 16 Relying Parties ....................................................................................................................... 17 Other Participants .................................................................................................................. 17 1.4 CERTIFICATE USAGE ............................................................................................................................ 17 Appropriate Certificate Usage ............................................................................................... 17 Prohibited Certificate Usage .................................................................................................. 18 1.5 POLICY ADMINISTRATION ..................................................................................................................... 18 Organization Administering the Document ........................................................................... 18 Contact Person ....................................................................................................................... 18 Person Determining CP Suitability for the Policy ................................................................... 19 CP Approval Procedures ......................................................................................................... 19 1.6 DEFINITIONS AND ACRONYMS ............................................................................................................... 19 2.0 PUBLICATION AND REPOSITORY RESPONSIBILITIES .....................................................................27 2.1 REPOSITORIES .................................................................................................................................... 27 2.2 PUBLICATION OF CERTIFICATE INFORMATION ........................................................................................... 27 2.3 TIME OR FREQUENCY OF PUBLICATION .................................................................................................... 27 2.4 ACCESS CONTROLS ON REPOSITORIES ..................................................................................................... 28 3.0 IDENTIFICATION AND AUTHENTICATION .....................................................................................28 3.1 NAMING ........................................................................................................................................... 28 Types of Names...................................................................................................................... 28 Need for Names to be Meaningful ........................................................................................ 28 Anonymity or Pseudonymity of Subscribers ........................................................................... 28 Rules for Interpreting Various Name Forms .......................................................................... 28 Uniqueness of Names ............................................................................................................ 28 Recognition, Authentication, and Role of Trademarks .......................................................... 28 3.2 INITIAL IDENTITY VALIDATION ................................................................................................................ 28 Method to Prove Possession of Private Key ........................................................................... 29 Authentication of Organization Identity ................................................................................ 29 Authentication of Individual identity ..................................................................................... 30 Non Verified Subscriber Information ..................................................................................... 34 Validation of Authority .......................................................................................................... 35 Criteria for Interoperation ..................................................................................................... 36 Authentication of Domain Name ........................................................................................... 36 Authentication of Email addresses ........................................................................................ 36 3.3 IDENTIFICATION AND AUTHENTICATION FOR RE-KEY REQUESTS .................................................................... 36 Identification and Authentication for Routine Re-key ........................................................... 36 Identification and Authentication for Reissuance after Revocation ...................................... 37 Re-verification and Revalidation of Identity When Certificate Information Changes ............ 37 Identification and Authentication for Re-key After Revocation ............................................. 37 3.4 IDENTIFICATION AND AUTHENTICATION FOR REVOCATION REQUEST ............................................................. 38 GlobalSign CP (Certificate Policy) 2 of 73 Version: 6.2 4.0 CERTIFICATE LIFE CYCLE OPERATIONAL REQUIREMENTS .............................................................38 4.1 CERTIFICATE APPLICATION .................................................................................................................... 38 Who Can Submit a Certificate Application ............................................................................. 38 Enrollment Process and Responsibilities ................................................................................ 38 4.2 CERTIFICATE APPLICATION PROCESSING .................................................................................................. 38 Performing Identification and Authentication Functions ....................................................... 38 Approval or Rejection of Certificate Applications .................................................................. 38 Time to Process Certificate Applications ................................................................................ 39 4.3 CERTIFICATE ISSUANCE ........................................................................................................................ 39 CA Actions during Certificate Issuance .................................................................................. 39 Notifications to Subscriber by the CA of Issuance of Certificate ............................................ 39 Notification to North American Energy Standards Board (NAESB) Subscribers by the CA of Issuance of Certificate ........................................................................................................................... 39 4.4 CERTIFICATE ACCEPTANCE .................................................................................................................... 39 Conduct Constituting Certificate Acceptance ........................................................................ 39 Publication of the Certificate by the CA ................................................................................. 39 Notification of Certificate Issuance by the CA to Other Entities ............................................ 39 4.5 KEY PAIR AND CERTIFICATE USAGE ......................................................................................................... 39 Subscriber Private Key and Certificate Usage ........................................................................ 39 Relying Party Public Key and Certificate Usage ..................................................................... 40 4.6 CERTIFICATE RENEWAL .......................................................................................................................