Правила выпуска Code Signing сертификатов
для верификации автора и защиты кода от изменения

Контакты
☎ +380672576220

Проверка
SSL

Установка
SSL

Цепочка
SSL

Seal
SSL

CSR
pKey

Экспорт-Импорт
Конвертер

Code Sign
сертификаты

Email Smime
сертификаты

PDF и Word
сертификаты

База
знаний

Купить
SSL

Правила CodeSign сертификатов

Помощь

Index

1. Scope

2. Purpose

3. References

4. Definitions

5. Abbreviations and Acronyms

6. Conventions

7. Certificate Warranties and Representations
7.1Certificate Beneficiaries
7.2 Certificate Warranties
7.3 Applicant Warranty

8. Community and Applicability
8.1 Compliance
8.2 Certificate Policies
8.2.1 Implementation
8.2.2 Disclosure
8.3 Commitment to Comply
8.4 Trust model

9. Certificate Content and Profile
9.1 Issuer Information
9.2 Subject Information
9.2.1 Subject Alternative Name Extension
9.2.2 Subject Common Name Field
9.2.3 Subject Domain Component Field
9.2.4 Subject Distinguished Name Fields
9.2.5 Reserved
9.2.6 Subject Organizational Unit Field
9.2.7 Reserved
9.2.8 Other Subject Attributes
9.3 Certificate Policy Identification
9.3.1 Certificate Policy Identifiers
9.3.2 Root CA Requirements
9.3.3 Subordinate CA Certificates
9.3.4 Subscriber Certificates
9.4 Maximum Validity Period
9.5 Subscriber Public Key
9.6 Certificate Serial Number
9.7 Reserved
9.8 Reserved

10. Certificate Request
10.1 Documentation Requirements
10.2 Certificate Request
10.2.1 General
10.2.2 Request and Certification
10.2.3 Information Requirements
10.2.4 Subscriber Private Key
10.3 Subscriber Agreement
10.3.1 General
10.3.2 Agreement Requirements
10.3.3 Service Agreement Requirements for Signing Authorities

11. Verification Practices
11.1 Verification of Organizational Applicants
11.1.1 Organization Identity and Address
11.1.2 DBA/Tradename
11.1.3 Requester Authority
11.2 Verification of Individual Applicants
11.2.1 Individual Identity
11.2.2 Authenticity of Identity
11.3 Age of Certificate Data
11.4 Denied List
11.5 High Risk Certificate Requests
11.6 Data Source Accuracy
11.7 Processing High Risk Applications
11.8 Due Diligence

12. Certificate Issuance by a Root CA

13. Certificate Revocation and Status Checking
13.1 Revocation
13.1.1 Revocation Request
13.1.2 Certificate Problem Reporting
13.1.3 Investigation
13.1.4 Response
13.1.5 Reasons for Revoking a Subscriber Certificate
13.1.6 Reasons for Revoking a Subordinate CA Certificate
13.1.7 Certificate Revocation Date
13.2 Certificate Status Checking

14. Employees and Third Parties
14.1 Trustworthiness and Competence
14.2 Delegation of Functions to Registration Authorities and Subcontractors
14.2.1 General
14.2.2 Compliance Obligation
14.2.3 Allocation of Liability

15. Data Records

16. Data Security and Private Key Protection
16.1 Timestamp Authority Key Protection
16.2 Signing Service Requirements
16.3 Subscriber Private Key Protection

17. Audit (39)
17.1 Eligible Audit Schemes
17.2 Audit Period
17.3 Audit Report
17.4 Pre-Issuance Readiness Audit
17.5 Audit of Delegated Functions
17.6 Auditor Qualifications
17.7 Key Generation Ceremony

18. Liability and Indemnification

Appendix A - Minimum Cryptographic Algorithm and Key Size Requirements

Appendix B - Certificate Extensions (Normative)

Appendix C - User Agent Verification (Normative)

Appendix D - High Risk Regions of Concern

17. Audit

17.1 ligible Audit Schemes

The CA MUST undergo a conformity assessment audit for compliance with these Requirements performed in accordance with one of the following schemes:

1.WebTrust for Certification Authorities v2.0;

2.A national scheme that audits conformance to ETSI TS 102 042;

Whichever scheme is chosen, it MUST incorporate periodic monitoring and/or accountability procedures to ensure that its audits continue to be conducted in accordance with the requirements of the scheme.

The audit MUST be conducted by a Qualified Auditor, as specified in BR Section 8.2.

17.2 Audit Period

As specified in BR Section 8.1.

17.3 Audit Report

As specified in BR Section 8.6.

17.4Pre-Issuance Readiness Audit

If the CA has a currently valid Audit Report indicating compliance with an audit scheme listed in Section 17.1, then no pre-issuance readiness assessment is necessary.

If the CA does not have a currently valid Audit Report indicating compliance with one of the audit schemes listed in Section 17.1, then, before issuing Publicly-Trusted Certificates, the CA MUST successfully complete a point-in-time readiness assessment performed in accordance with applicable standards under one of the audit schemes listed in Section 17.1. The point-in-time readiness assessment MUST be completed no earlier than twelve (12) months prior to issuing Publicly-Trusted Certificates and MUST be followed by a complete audit under such scheme within ninety (90) days of issuing the first Publicly-Trusted Certificate.

17.5 Audit of Delegated Functions

Audits MUST be conducted for all obligations under these Guidelines, including timestamping and signing services, regardless of whether they are performed directly by the CA or by a Delegated Third Party. Functions performed by a Delegated Third Party MUST be included in the CA’s audit or the CA MUST obtain an audit report from the Delegated Third Party. If the opinion is that the Delegated Third Party does not comply, then the CA MUST not allow the Delegated Third Party to continue performing delegated functions.

The audit period for the Delegated Third Party MUST NOT exceed one year (ideally aligned with the CA’s audit).

17.6 Auditor Qualifications

As specified in BR Section 8.2.

17.7 Key Generation Ceremony

As specified in BR Section 6.1.1.1.

 DV OV EV WC SAN PRO CodeSign Email PDF Wi-Fi IoT ALL Купить сертификат

NO russia - мы не осблуживаем резидентов из россии

Правила выпуска Code Signing сертификатовдля верификации автора и защиты кода от изменения