certificate profiles ssl website authentication

Certificate Profiles SSL Website Authentication

by ANF AC

Certification

Paseo de la Castellana, 79 -28046- Madrid (Spain)

Telephone: 902 902 172 (Calls from Spain)

International +34 933 935 946

Web: www.anf.es

Nat

iona

l Reg

istr

y of

Ass

ocia

tions

. Num

ber 1

71,4

43. C

IF G

-632

8751

0.

http://www.anf.es/

Certificate Profiles SSL Website AuthenticationOID 1.3.6.1.4.1.18332.3.3.1

Security level

Public Document

Important announcement

This document is the property of ANF Certification Authority

Its reproduction and dissemination is prohibited without the express authorization of ANF Certification Authority

2000 - 2021 CC-BY- ND (Creative commons licenses)

Address: Paseo de la Castellana, 79 - 28046 - Madrid (Spain) Telephone:

902 902 172 (calls from Spain) International (+34) 933 935 946

Web: www.anf.es

of fifteen

http://www.anf.es/


INDEX

1. Introduction............................................... .................................................. .................................... 4

1.1. Overview ................................................ .................................................. .................................... 4

1.2. Name of the document and identification ............................................. ................................................ 4

2. SSL Domain Validation Certificates (SSL DV) ............................................... ....................................... 6

2.1. Subject................................................. .................................................. ................................................ 6

2.2. Extensions ................................................. .................................................. ....................................... 6

3. SSL Certificates Organization Validation (SSL OV) ............................................... ............................... 7

3.1. Subject................................................. .................................................. ................................................ 7

3.2. Extensions ................................................. .................................................. ....................................... 7

4. Extended Validation SSL Certificate (EV) - Qualified Certificate of Website Authentication(QWAC) ............................................... .................................................. .................................................. 8

4.1. Subject................................................. .................................................. ................................................ 8

4.2. Extensions ................................................. .................................................. ....................................... 8

5. Qualified Certificate of Website Authentication for PSD2 (QWAC PSD2) ............................... 10

5.1. Subject................................................. .................................................. .............................................. 10

5.2. Extensions ................................................. .................................................. ..................................... 10

6. Qualified Certificate of Electronic Office with Extended Validation (EV) High level ........................ 12

6.1. Subject................................................. .................................................. .............................................. 12

6.2. Extensions ................................................. .................................................. ..................................... 12

7. Qualified Certificate of Electronic Office with Extended Validation (EV) Medium level .................... 14

7.1.7.2.

Subject................................................. .................................................. .............................................. 14

Extensions ................................................. .................................................. ..................................... 14

of fifteen


1. Introduction

1.1. Overview

This document presents the profiles of the different types of SSL website authentication certificates issued by ANF Certification Authority:

• SSL Domain Validation Certificates (SSL DV)• SSL Certificates Organization Validation (SSL OV)• Extended Validation SSL Certificate (EV) - Qualified Certificate of Website Authentication

(QWAC)• Qualified Certificate of Website Authentication for PSD2 (QWAC PSD2)• Qualified Certificate of Electronic Office with Extended Validation (EV) High level• Qualified Certificate of Electronic Office with Extended Validation (EV) Medium level

The Certification Policies associated with these certificates are published and accessible on the ANF AC website:https://www.anf.es/repositorio-legal/

For the preparation of these profiles, the following provisions have been taken into account:

• Regulation (EU) 910/2014 of the European Parliament and of the Council of July 23, 2014, regarding electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / EC (eIDAS Regulation).

• ETSI EN 319 412 Electronic Signatures and Infrastructures (ESI); Certificate Profiles (parts 1, 4 and 5)• ETSI TS 119 495 Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; Qualified

Certificate Profiles and TSP Policy Requirements under the payment services Directive (EU) 2015/2366

• IETF RFC 3739. Internet X.509 Public Key Infrastructure. Qualified Certificates Profile• CA / B Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted• Certificates located at https://cabforum.org/baseline-requirements-documents,• CA / B Forum Guidelines for Extended Validation Certificates located in• https://cabforum.org/extended-validation,• Signature and Certificate Policy of the General State Administration :. Annex 2:

Electronic certificate profiles

1.2. Document name and identification

Document nameVersionOIDApproval date

Certificate Profiles SSL Website Authentication2.51.3.6.1.4.1.18332.3.3.106/22/2021 Publication date 06/22/2021

1.2.1. ReviewsVersion

2.5.

2.4.

ChangesWithdrawal of the OU field as of 08/01/2021 following Ballot SC47 of CA / B ForumAnnual review 2021

Approval

06/22/2021

01/12/2021

Publication

06/22/2021

01/12/2021

of fifteen

https://www.anf.es/repositorio-legal/


2.3. Annual review 2020 01/18/2020 01/18/2020

of fifteen


2. SSL Domain Validation Certificates (SSL DV)

2.1. Subject

2.2. Extensions

Extension DescriptionANF AC Certification Policy OID corresponding to the certificate:

• 1.3.6.1.4.1.18332.55.1.1.1.322CAB / Forum OID:

• 2.23.140.1.2.1 (DVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer

Certificate Policies

Basic Constraints

Key Usage

Extended Key Usage

Subject Alternative Name

Subject Key IdentifierAuthority Key Identifier CRL Distribution Points

Authority Information Access

of fifteen

http://ocsp.anf.es/spain/AV

http://www.anf.es/es/certificates-download/ANFSecureServerCA.cer



3. SSL Certificates Organization Validation (SSL OV)3.1. Subject

Field

Organization name (O)

SerialNumber (SERIALNUMBER)

DescriptionExact name of the legal person as it appears in the Commercial Registry.NIF of the Legal PersonTwo-digit country code according to ISO 3166-1.Region, autonomous community or province of the subscriber. Subscriber city.

Country (C)State or Province (S) Locality Name (L)

3.2. Extensions


• 1.3.6.1.4.1.18332.55.1.1.7.322CAB / Forum OID:

• 2.23.140.1.2.2 (OVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN). Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer


Basic Constraints

Key Usage

Extended Key Usage

Subject Alternative Name Subject Key IdentifierAuthority Key Identifier CRL Distribution Points


of fifteen





4. Extended Validation SSL Certificate (EV) - Qualified Certificate ofWebsite Authentication (QWAC)

4.1. Subject

Field


DescriptionExact name of the legal person as it appears in the Commercial Registry.NIF, as it appears in the official registers, coded according to ETSI EN 319 412-1 (Ex: VATES-B00000000)NIF of the Legal Person

Organization identifier (OI)

SerialNumber (SERIALNUMBER) Country (C)State or Province (S) Locality Name (L)

Two-digit country code according to ISO 3166-1.Region, autonomous community or province of the subscriber. Subscriber city.· "Private Organization"· "Government Entity"· "Business Entity"· "Non-Commercial Entity"

Business Category

Jurisdiction Of Incorporation Country Name

Subject Jurisdiction of Incorporation or Registration

Jurisdiction Of Incorporation State Subject Jurisdiction of Incorporation or Registration (not alwaysOr Province NameJurisdiction Of Incorporation Locality Name

is present)Subject Jurisdiction of Incorporation or Registration (not always present)

4.2. Extensions


• 1.3.6.1.4.1.18332.55.1.1.2.322European Certification Policies OID:

• 0.4.0.194112.1.4 (Qcp-w)CAB / Forum OID:

• 2.23.140.1.1 (AVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash


Basic Constraints

Key Usage

Extended Key Usage


Subject Key IdentifierAuthority Key Identifier

of fifteen


CRL Distribution Points CRL URIAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer

• 3 characters, schema identifier• Two-digit ISO 3166-1 country code• Organization identifier according to the schema

Minimum:

QcCompliance: 0.4.0.1862.1.1 QcType: 0.4.0.1862.1.6.2


cabfOrganizationIdentifier

QCStatement

of fifteen





5. Qualified Certificate of Website Authentication for PSD2(QWAC PSD2)

5.1. Subject

Field DescriptionExact name of the legal entity as it appears in the public registry of the Competent National Authority (NCA) of the Member State of origin or in the official records of the European Banking Authority (EBA).PSD2 authorization number of the organization, coded according to the technical specification ETSI TS 119 495NIF of the Legal PersonTwo-digit country code according to ISO 3166-1.Region, autonomous community or province of the subscriber. Subscriber city.· "Private Organization"· "Government Entity"· "Business Entity"· "Non-Commercial Entity"




Business Category





5.2. Extensions


• 1.3.6.1.4.1.18332.55.1.1.8.22European Certification Policies OID:

• 0.4.0.19495.3 (Qcp-w-psd2)CAB / Forum OID:

• 2.23.140.1.1 (AVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).Public key ID of the certificate obtained from the hash


Basic Constraints

Key Usage

Extended Key Usage


Subject Key Identifier

of fifteen


Authority Key Identifier CRL Distribution Points

Public key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer


Minimum:

QcCompliance: 0.4.0.1862.1.1 QcType: 0.4.0.1862.1.6.2PSD2QcStatement: 0.4.0.19495.2 including the RolPSD2, nCAName and nCAId.



QCStatement

Page eleven of fifteen





6. Qualified Certificate of Electronic Office with Extended Validation(EV) High level

6.1. Subject

Field






Business Category





6.2. Extensions


• 1.3.6.1.4.1.18332.55.1.1.6.322OID according to SGIADS:

• 2.16.724.1.3.5.5.1 (High level)European Certification Policies OID:


• 2.23.140.1.1 (AVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).


Basic Constraints

Key Usage

Extended Key Usage


of fifteen



Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer


Minimum:




QCStatement

of fifteen





7. Qualified Certificate of Electronic Office with Extended Validation(EV) Medium level

7.1. Subject

Field






Business Category





7.2. Extensions


• 1.3.6.1.4.1.18332.55.1.1.5.322OID according to SGIADS:

• 2.16.724.1.3.5.5.2 (Medium level)European Certification Policies OID:


• 2.23.140.1.1 (AVCP)CA: FALSEDigital SignatureKey EnciphermentclientAuthserverAuthdNSName containing verified Fully-Qualified Domain Name (FQDN).


Basic Constraints

Key Usage

Extended Key Usage


of fifteen



Public key ID of the certificate obtained from the hashPublic key ID of the CA certificate obtained from the hash URI of the CRLAccess Method 1: Id-ad-ocsp (1.3.6.1.5.5.7.48.1) Access Location 1: http://ocsp.anf.es/spain/AVAccess Method 2: id-ad-caissuers (1.3.6.1.5.5.7.48.2) Access Location 2: http://www.anf.es/es/certificatesdownload/ANFSecureServerCA.cer


Minimum:




QCStatement

Page fifteen of fifteen




certificate profiles ssl website authentication

Documents