Home | Site Map | Contact Us

Root Certifying Authority of India (CPS)

Identification and Authentications

3.1 Initial Registration
All CA applicants shall fill the 'Form for Application for grant of License to be a Certifying Authority' as described in Information Technology (Certifying Authority) Rules, 2000 - Schedule I, supported by such documents and information as required by CCA.

3.1.1 Types of names
Each CA Applicant must have a clearly distinguishable and unique X.501 Distinguished Name (DN) in the certificate subject Name field and in accordance with PKIX Part 1(RFC 2459). Each CA Applicant may use an alternative name via the SubjectAlternateName field, which must also be in accordance with PKIX Part 1. The DN must be in the form of a X.501 printable String and must not be blank. It should have the following structure :-

c=in, o=IndiaPKI, ou= <licensed CA>

3.1.2 Need for names to be meaningful
The Subject name contained in a License CA certificate MUST be meaningful in the sense that the CCA is provided with proper evidence of the association existing between the name and the entity to which it belongs.

3.1.3 Rules for interpreting various name forms
The naming convention used by CCA to identify certificate holders uniquely is ISO/IEC 9595 (X.500) Distinguished Name (DN).

3.1.4 Uniqueness of names
The CCA shall ensure that the set of names is unambiguous. The CCA shall reject a License application in the case where the name cannot sufficiently distinguish the Applicant from an existing Licensed CA's Distinguished Name. The name shall conform to X.500 standards for name uniqueness.

3.1.5 Name claim dispute resolution procedure
The CCA may, by reasonable endeavors, resolve disputes that may arise over the allocation of names and in its discretion may reject, change, re-issue or revoke certificates in relation to any Distinguished Name.

3.1.6 Recognition, authentication and role of trademarks
No Stipulation

3.1.7 Method to prove possession of private key
To establish that the applicants possess valid functioning key pairs, CCA would require applicants to submit a Certificate Signing Request (CSR) in accordance with the PKCS#10 standard. The signing key pair of the Licensed CA shall be stored in FIPS 140-1 level 3 or higher level device. An independent verification shall be performed as a part of the auditing process.

3.1.8 Authentication of organization identity
The documents mentioned in §4.1 ensure the authentication of organization identity.

3.1.9 Authentication of individual identity
The documents mentioned in §4.1 ensure the authentication of individual identity.

3.2 Routine Rekey
Not Applicable

3.3 Rekey after Revocation
Not Applicable.

3.4 Revocation Request
The authority to revoke the RCAI root certificate rests with the Controller of Certifying Authorities.

Licensed CAs shall designate an authority, who can request the revocation of its License. The Controller of Certifying Authorities also can authorize the revocation of a Licensed CA under section 25 of the IT Act, 2000.
Root Certificate 2007 Root Certificate 2007 Certificate Revocation Details 2007
FAQ

How do I get a Digital Signature Certificate? 

Who are the CAs licensed by the CCA? 

more...
What's New?
Contact Details

Controller of Certifying Authorities
Electronics Niketan,
6 CGO Complex, Lodhi Road,
New Delhi - 110003
FAX : 91-011-24369578
info@cca.gov.in
©2008 CCA. All rights reserved.
Best Viewed In: 1024 X 768 		AUDITORS | ADJUDICATING OFFICER | RTI disclaimer