certificate profiles ssl website authentication
TRANSCRIPT
Certificate Profiles SSL Website Authentication
by ANF AC
Certification
Paseo de la Castellana, 79 -28046- Madrid (Spain)
Telephone: 902 902 172 (Calls from Spain)
International +34 933 935 946
Web: www.anf.es
Nat
iona
l Reg
istr
y of
Ass
ocia
tions
. Num
ber 1
71,4
43. C
IF G
-632
8751
0.
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
Security level
Public Document
Important announcement
This document is the property of ANF Certification Authority
Its reproduction and dissemination is prohibited without the express authorization of ANF Certification Authority
2000 - 2021 CC-BY- ND (Creative commons licenses)
Address: Paseo de la Castellana, 79 - 28046 - Madrid (Spain) Telephone:
902 902 172 (calls from Spain) International (+34) 933 935 946
Web: www.anf.es
Page 2 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
INDEX
1. Introduction............................................... .................................................. .................................... 4
1.1. Overview ................................................ .................................................. .................................... 4
1.2. Name of the document and identification ............................................. ................................................ 4
2. SSL Domain Validation Certificates (SSL DV) ............................................... ....................................... 6
2.1. Subject................................................. .................................................. ................................................ 6
2.2. Extensions ................................................. .................................................. ....................................... 6
3. SSL Certificates Organization Validation (SSL OV) ............................................... ............................... 7
3.1. Subject................................................. .................................................. ................................................ 7
3.2. Extensions ................................................. .................................................. ....................................... 7
4. Extended Validation SSL Certificate (EV) - Qualified Certificate of Website Authentication(QWAC) ............................................... .................................................. .................................................. 8
4.1. Subject................................................. .................................................. ................................................ 8
4.2. Extensions ................................................. .................................................. ....................................... 8
5. Qualified Certificate of Website Authentication for PSD2 (QWAC PSD2) ............................... 10
5.1. Subject................................................. .................................................. .............................................. 10
5.2. Extensions ................................................. .................................................. ..................................... 10
6. Qualified Certificate of Electronic Office with Extended Validation (EV) High level ........................ 12
6.1. Subject................................................. .................................................. .............................................. 12
6.2. Extensions ................................................. .................................................. ..................................... 12
7. Qualified Certificate of Electronic Office with Extended Validation (EV) Medium level .................... 14
7.1.7.2.
Subject................................................. .................................................. .............................................. 14
Extensions ................................................. .................................................. ..................................... 14
Page 3 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
1. Introduction
1.1. Overview
This document presents the profiles of the different types of SSL website authentication certificates issued by ANF Certification Authority:
• SSL Domain Validation Certificates (SSL DV)• SSL Certificates Organization Validation (SSL OV)• Extended Validation SSL Certificate (EV) - Qualified Certificate of Website Authentication
(QWAC)• Qualified Certificate of Website Authentication for PSD2 (QWAC PSD2)• Qualified Certificate of Electronic Office with Extended Validation (EV) High level• Qualified Certificate of Electronic Office with Extended Validation (EV) Medium level
The Certification Policies associated with these certificates are published and accessible on the ANF AC website:https://www.anf.es/repositorio-legal/
For the preparation of these profiles, the following provisions have been taken into account:
• Regulation (EU) 910/2014 of the European Parliament and of the Council of July 23, 2014, regarding electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / EC (eIDAS Regulation).
• ETSI EN 319 412 Electronic Signatures and Infrastructures (ESI); Certificate Profiles (parts 1, 4 and 5)• ETSI TS 119 495 Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; Qualified
Certificate Profiles and TSP Policy Requirements under the payment services Directive (EU) 2015/2366
• IETF RFC 3739. Internet X.509 Public Key Infrastructure. Qualified Certificates Profile• CA / B Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted• Certificates located at https://cabforum.org/baseline-requirements-documents,• CA / B Forum Guidelines for Extended Validation Certificates located in• https://cabforum.org/extended-validation,• Signature and Certificate Policy of the General State Administration :. Annex 2:
Electronic certificate profiles
1.2. Document name and identification
Document nameVersionOIDApproval date
Certificate Profiles SSL Website Authentication2.51.3.6.1.4.1.18332.3.3.106/22/2021 Publication date 06/22/2021
1.2.1. ReviewsVersion
2.5.
2.4.
ChangesWithdrawal of the OU field as of 08/01/2021 following Ballot SC47 of CA / B ForumAnnual review 2021
Approval
06/22/2021
01/12/2021
Publication
06/22/2021
01/12/2021
Page 4 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
2.3. Annual review 2020 01/18/2020 01/18/2020
Page 5 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
2. SSL Domain Validation Certificates (SSL DV)
2.1. Subject
2.2. Extensions
Extension DescriptionANF AC Certification Policy OID corresponding to the certificate:
• 1.3.6.1.4.1.18332.55.1.1.1.322CAB / Forum OID:
• 2.23.140.1.2.1 (DVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer
Certificate Policies
Basic Constraints
Key Usage
Extended Key Usage
Subject Alternative Name
Subject Key IdentifierAuthority Key Identifier CRL Distribution Points
Authority Information Access
Page 6 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
3. SSL Certificates Organization Validation (SSL OV)3.1. Subject
Field
Organization name (O)
SerialNumber (SERIALNUMBER)
DescriptionExact name of the legal person as it appears in the Commercial Registry.NIF of the Legal PersonTwo-digit country code according to ISO 3166-1.Region, autonomous community or province of the subscriber. Subscriber city.
Country (C)State or Province (S) Locality Name (L)
3.2. Extensions
Extension DescriptionANF AC Certification Policy OID corresponding to the certificate:
• 1.3.6.1.4.1.18332.55.1.1.7.322CAB / Forum OID:
• 2.23.140.1.2.2 (OVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN). Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer
Certificate Policies
Basic Constraints
Key Usage
Extended Key Usage
Subject Alternative Name Subject Key IdentifierAuthority Key Identifier CRL Distribution Points
Authority Information Access
Page 7 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
4. Extended Validation SSL Certificate (EV) - Qualified Certificate ofWebsite Authentication (QWAC)
4.1. Subject
Field
Organization name (O)
DescriptionExact name of the legal person as it appears in the Commercial Registry.NIF, as it appears in the official registers, coded according to ETSI EN 319 412-1 (Ex: VATES-B00000000)NIF of the Legal Person
Organization identifier (OI)
SerialNumber (SERIALNUMBER) Country (C)State or Province (S) Locality Name (L)
Two-digit country code according to ISO 3166-1.Region, autonomous community or province of the subscriber. Subscriber city.· "Private Organization"· "Government Entity"· "Business Entity"· "Non-Commercial Entity"
Business Category
Jurisdiction Of Incorporation Country Name
Subject Jurisdiction of Incorporation or Registration
Jurisdiction Of Incorporation State Subject Jurisdiction of Incorporation or Registration (not alwaysOr Province NameJurisdiction Of Incorporation Locality Name
is present)Subject Jurisdiction of Incorporation or Registration (not always present)
4.2. Extensions
Extension DescriptionANF AC Certification Policy OID corresponding to the certificate:
• 1.3.6.1.4.1.18332.55.1.1.2.322European Certification Policies OID:
• 0.4.0.194112.1.4 (Qcp-w)CAB / Forum OID:
• 2.23.140.1.1 (AVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash
Certificate Policies
Basic Constraints
Key Usage
Extended Key Usage
Subject Alternative Name
Subject Key IdentifierAuthority Key Identifier
Page 8 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
CRL Distribution Points CRL URIAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer
• 3 characters, schema identifier• Two-digit ISO 3166-1 country code• Organization identifier according to the schema
Minimum:
QcCompliance: 0.4.0.1862.1.1 QcType: 0.4.0.1862.1.6.2
Authority Information Access
cabfOrganizationIdentifier
QCStatement
Page 9 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
5. Qualified Certificate of Website Authentication for PSD2(QWAC PSD2)
5.1. Subject
Field DescriptionExact name of the legal entity as it appears in the public registry of the Competent National Authority (NCA) of the Member State of origin or in the official records of the European Banking Authority (EBA).PSD2 authorization number of the organization, coded according to the technical specification ETSI TS 119 495NIF of the Legal PersonTwo-digit country code according to ISO 3166-1.Region, autonomous community or province of the subscriber. Subscriber city.· "Private Organization"· "Government Entity"· "Business Entity"· "Non-Commercial Entity"
Organization name (O)
Organization identifier (OI)
SerialNumber (SERIALNUMBER) Country (C)State or Province (S) Locality Name (L)
Business Category
Jurisdiction Of Incorporation Country Name
Subject Jurisdiction of Incorporation or Registration
Jurisdiction Of Incorporation State Subject Jurisdiction of Incorporation or Registration (not alwaysOr Province NameJurisdiction Of Incorporation Locality Name
is present)Subject Jurisdiction of Incorporation or Registration (not always present)
5.2. Extensions
Extension DescriptionANF AC Certification Policy OID corresponding to the certificate:
• 1.3.6.1.4.1.18332.55.1.1.8.22European Certification Policies OID:
• 0.4.0.19495.3 (Qcp-w-psd2)CAB / Forum OID:
• 2.23.140.1.1 (AVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).Public key ID of the certificate obtained from the hash
Certificate Policies
Basic Constraints
Key Usage
Extended Key Usage
Subject Alternative Name
Subject Key Identifier
Page 10 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
Authority Key Identifier CRL Distribution Points
Public key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer
• 3 characters, schema identifier• Two-digit ISO 3166-1 country code• Organization identifier according to the schema
Minimum:
QcCompliance: 0.4.0.1862.1.1 QcType: 0.4.0.1862.1.6.2PSD2QcStatement: 0.4.0.19495.2 including the RolPSD2, nCAName and nCAId.
Authority Information Access
cabfOrganizationIdentifier
QCStatement
Page eleven of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
6. Qualified Certificate of Electronic Office with Extended Validation(EV) High level
6.1. Subject
Field
Organization name (O)
DescriptionExact name of the legal person as it appears in the Commercial Registry.NIF, as it appears in the official registers, coded according to ETSI EN 319 412-1 (Ex: VATES-B00000000)NIF of the Legal Person
Organization identifier (OI)
SerialNumber (SERIALNUMBER) Country (C)State or Province (S) Locality Name (L)
Two-digit country code according to ISO 3166-1.Region, autonomous community or province of the subscriber. Subscriber city.· "Private Organization"· "Government Entity"· "Business Entity"· "Non-Commercial Entity"
Business Category
Jurisdiction Of Incorporation Country Name
Subject Jurisdiction of Incorporation or Registration
Jurisdiction Of Incorporation State Subject Jurisdiction of Incorporation or Registration (not alwaysOr Province NameJurisdiction Of Incorporation Locality Name
is present)Subject Jurisdiction of Incorporation or Registration (not always present)
6.2. Extensions
Extension DescriptionANF AC Certification Policy OID corresponding to the certificate:
• 1.3.6.1.4.1.18332.55.1.1.6.322OID according to SGIADS:
• 2.16.724.1.3.5.5.1 (High level)European Certification Policies OID:
• 0.4.0.194112.1.4 (Qcp-w)CAB / Forum OID:
• 2.23.140.1.1 (AVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).
Certificate Policies
Basic Constraints
Key Usage
Extended Key Usage
Subject Alternative Name
Page 12 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
Subject Key IdentifierAuthority Key Identifier CRL Distribution Points
Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer
• 3 characters, schema identifier• Two-digit ISO 3166-1 country code• Organization identifier according to the schema
Minimum:
QcCompliance: 0.4.0.1862.1.1 QcType: 0.4.0.1862.1.6.2
Authority Information Access
cabfOrganizationIdentifier
QCStatement
Page 13 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
7. Qualified Certificate of Electronic Office with Extended Validation(EV) Medium level
7.1. Subject
Field
Organization name (O)
DescriptionExact name of the legal person as it appears in the Commercial Registry.NIF, as it appears in the official registers, coded according to ETSI EN 319 412-1 (Ex: VATES-B00000000)NIF of the Legal Person
Organization identifier (OI)
SerialNumber (SERIALNUMBER) Country (C)State or Province (S) Locality Name (L)
Two-digit country code according to ISO 3166-1.Region, autonomous community or province of the subscriber. Subscriber city.· "Private Organization"· "Government Entity"· "Business Entity"· "Non-Commercial Entity"
Business Category
Jurisdiction Of Incorporation Country Name
Subject Jurisdiction of Incorporation or Registration
Jurisdiction Of Incorporation State Subject Jurisdiction of Incorporation or Registration (not alwaysOr Province NameJurisdiction Of Incorporation Locality Name
is present)Subject Jurisdiction of Incorporation or Registration (not always present)
7.2. Extensions
Extension DescriptionANF AC Certification Policy OID corresponding to the certificate:
• 1.3.6.1.4.1.18332.55.1.1.5.322OID according to SGIADS:
• 2.16.724.1.3.5.5.2 (Medium level)European Certification Policies OID:
• 0.4.0.194112.1.4 (Qcp-w)CAB / Forum OID:
• 2.23.140.1.1 (AVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).
Certificate Policies
Basic Constraints
Key Usage
Extended Key Usage
Subject Alternative Name
Page 14 of fifteen
Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1
Subject Key IdentifierAuthority Key Identifier CRL Distribution Points
Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer
• 3 characters, schema identifier• Two-digit ISO 3166-1 country code• Organization identifier according to the schema
Minimum:
QcCompliance: 0.4.0.1862.1.1 QcType: 0.4.0.1862.1.6.2
Authority Information Access
cabfOrganizationIdentifier
QCStatement
Page fifteen of fifteen