GlobalSign Certification Practice Statement Date: September 25, 2019 Effective date for Qualified Time Stamping, Qualified Web Authentication Certificates, Qualified Certificates for Electronic Signatures and Qualified Certificates for Electronic Seals: {normal date + 2 weeks} Version: v9.2 Table of Contents TABLE OF CONTENTS ................................................................................................................................ 2 DOCUMENT HISTORY ............................................................................................................................... 8 ACKNOWLEDGMENTS .............................................................................................................................. 9 1.0 INTRODUCTION ...........................................................................................................................10 1.1 OVERVIEW ........................................................................................................................................ 10 1.1.1 Certificate Naming ................................................................................................................. 13 1.2 DOCUMENT NAME AND IDENTIFICATION ................................................................................................. 14 1.3 PKI PARTICIPANTS .............................................................................................................................. 15 1.3.1 Certification Authorities ......................................................................................................... 15 1.3.2 Registration Authorities ......................................................................................................... 16 1.3.3 Subscribers ............................................................................................................................. 17 1.3.4 Relying Parties ....................................................................................................................... 18 1.3.5 Other Participants .................................................................................................................. 18 1.4 CERTIFICATE USAGE ............................................................................................................................ 20 1.4.1 Appropriate Certificate Usage ............................................................................................... 20 1.4.2 Prohibited Certificate usage .................................................................................................. 23 1.5 POLICY ADMINISTRATION ..................................................................................................................... 23 1.5.1 Organization Administering the Document ........................................................................... 23 1.5.2 Contact Person ....................................................................................................................... 23 1.5.3 Person Determining CPS Suitability for the Policy.................................................................. 24 1.5.4 CPS Approval Procedures ....................................................................................................... 24 1.6 DEFINITIONS AND ACRONYMS ............................................................................................................... 24 2.0 PUBLICATION AND REPOSITORY RESPONSIBILITIES .....................................................................32 2.1 REPOSITORIES .................................................................................................................................... 32 2.2 PUBLICATION OF CERTIFICATE INFORMATION ........................................................................................... 32 2.3 TIME OR FREQUENCY OF PUBLICATION .................................................................................................... 34 2.4 ACCESS CONTROLS ON REPOSITORIES ..................................................................................................... 34 3.0 IDENTIFICATION AND AUTHENTICATION .....................................................................................34 3.1 NAMING ........................................................................................................................................... 34 3.1.1 Types of Names...................................................................................................................... 34 3.1.2 Need for Names to be Meaningful ........................................................................................ 35 3.1.3 Anonymity or Pseudonymity of Subscribers ........................................................................... 35 3.1.4 Rules for Interpreting Various Name Forms .......................................................................... 35 3.1.5 Uniqueness of Names ............................................................................................................ 35 3.1.6 Recognition, Authentication, and Role of Trademarks .......................................................... 36 3.2 INITIAL IDENTITY VALIDATION ................................................................................................................ 36 3.2.1 Method to Prove Possession of Private Key ........................................................................... 36 3.2.2 Authentication of Organization Identity ................................................................................ 36 3.2.3 Authentication of Individual identity ..................................................................................... 38 3.2.4 Non-Verified Subscriber Information ..................................................................................... 42 3.2.5 Validation of Authority .......................................................................................................... 42 3.2.6 Criteria for Interoperation ..................................................................................................... 44 3.2.7 Authentication of Domain Names ......................................................................................... 44 3.2.8 Authentication of Email addresses ........................................................................................ 45 3.3 IDENTIFICATION AND AUTHENTICATION FOR RE-KEY REQUESTS .................................................................... 45 3.3.1 Identification and Authentication for Routine Re-key ........................................................... 45 3.3.2 Identification and Authentication for Reissuance after Revocation ...................................... 46 3.3.3 Re-verification and Revalidation of Identity When Certificate Information Changes ............ 46 3.3.4 Identification and Authentication for Re-key After Revocation ............................................. 46 3.4 IDENTIFICATION AND AUTHENTICATION FOR REVOCATION REQUEST ............................................................. 46 GlobalSign CPS (Certification Practice Statement) 2 of 86 Version: 9.2 4.0 CERTIFICATE LIFECYCLE OPERATIONAL REQUIREMENTS ..............................................................47 4.1 CERTIFICATE APPLICATION .................................................................................................................... 47 4.1.1 Who Can Submit a Certificate Application ............................................................................. 47 4.1.2 Enrollment Process and Responsibilities ................................................................................ 47 4.2 CERTIFICATE APPLICATION PROCESSING .................................................................................................. 48 4.2.1 Performing Identification and Authentication Functions ....................................................... 48 4.2.2 Approval or Rejection of Certificate Applications .................................................................. 48 4.2.3 Time to Process Certificate Applications ................................................................................ 49 4.3 CERTIFICATE ISSUANCE ........................................................................................................................ 49 4.3.1 CA Actions during Certificate Issuance .................................................................................. 49 4.3.2 Notifications to Subscriber by the CA of Issuance of Certificate ............................................ 49 4.3.3 Notification to North American Energy Standards Board (NAESB) Subscribers by the CA of Issuance of Certificate ........................................................................................................................... 50 4.4 CERTIFICATE ACCEPTANCE .................................................................................................................... 50 4.4.1 Conduct Constituting Certificate Acceptance ........................................................................ 50 4.4.2 Publication of the Certificate by the CA ................................................................................. 50 4.4.3 Notification of Certificate Issuance by the CA to Other Entities ............................................ 50 4.5 KEY PAIR AND CERTIFICATE USAGE ......................................................................................................... 50 4.5.1 Subscriber Private Key and Certificate Usage .......................................................................