|
Operational Requirements
4.2 Certificate Issuance
4.2.1 License Issuance
On successful completion of evaluation of the application for grant of License with respect to qualification, expertise, manpower, financial resources other infrastructural facilities and legal and regulatory requirements, the CCA will commence the process of issuance of License.
4.2.2 Paper License
Each License issued will be accompanied by a certificate digitally signed by the CCA. One of the public keys included for certification will be identified as the primary public key to be certified. The certificate issued by the CCA along with the License will contain this public key. The remaining public keys will also be certified through certificates digitally signed by the CCA.
4.2.3 Certificate Issuance
CCA issues the certificate after checking the following criteria, in the case of each of the above public keys.
- A certificate request is generated by the applicant in PKCS # 10 format and submitted to the CCA. The CCA establishes that the public key corresponds to a functioning key pair
- The CCA establishes the uniqueness of the public key being certified.
- The CCA establishes the uniqueness of the DN submitted by the applicant.
- The certificate request is used by the CCA to generate the certificate.
- The certificate is physically handed over to the applicant.
- All certificates issued are published in the National Repository and are accessible through the web site of the CCA.
- Validity period: All Licenses are valid from the date & time of issue for a period of five years, and will not be, in any case, later than the expiry date of the CCA's Root certificate.
4.2.3 Information in License
The paper license issued by the CCA includes the following:
- License serial no.
- Name of the CA
- Address
- Date of issue
- Valid until
- Public Key
The format for the license serial no. is as follows: YYYYXXXXDDMMYYNNNMMMMZZZ (24 characters)
|
YYYY
|
Year of issuance
|
|
|
XXXX
|
Serial Number allotted to CA
|
(serialized based on order of receipt of application)
|
|
DDMMYY Valid until date (DD)/ month (MM)/ year (YY)
|
|
NNN
|
000 - Primary License 001,
002 etc. - Incremented for each key submitted by the CA for certification. This will be indicated by the CA in its application.
|
|
MMMM
|
0000 - in case of fresh license
yyyy - year of renewal
|
|
ZZZ Reserved for future use
|
The digital signature certificate(s) issued by the CCA corresponding to the above license and other public keys submitted by the CA contain the following information:
- Version
- Serial Number
- Signature Algorithm used by the CCA to sign the certificate
- Issuer (CCA's) DN
- Validity
- Subject information including CA's DN
- Public key of the CA
- Signature of CCA
- Extensions
4.2.4 Validity Period of a Certificate
The license is valid for a period of five years from the date of its issue.
The license is not transferable.
4.3 Certificate Acceptance
The certificate issued by the CCA to the CA applicant will be deemed to have been accepted on its receipt by the CA applicant.
4.4 Certificate Suspension and Revocation
The Controller of Certifying Authorities can order, or an Authorized Signatory of the Licensed CA can request, that a certificate be revoked when any of the information it contains is known or suspected to be inaccurate, or when the private key associated with the certificate is compromised or suspected to have been compromised, or in the interests of national security as per the provision under section 25 and 26 of the IT Act, 2000.
Suspension of certificates issued by CCA always precedes revocation but revocation shall follow only under the specific procedures described in this section. All suspension and revocation requests are required to be valid. Such validity shall be determined by their compliance or non-compliance with the procedures of this CPS, which include references to the authority of the person who may make a request.
The CCA may revoke a certificate when it considers revocation necessary or expedient.
4.4.1 Circumstances for Suspension & revocation
Licenses can be revoked or suspended by the CCA under Rule 14. The CCA shall revoke a certificate if the CCA has reasons to believe that the CA:
- made a statement in, or in relation to, the application for the issue or renewal of the license, which is incorrect or false in material particulars;
- failed to comply with the terms and conditions subject to which the license was granted;
- failed to maintain the standards specified under clause (b) of sub-section (2) of section 20;
- contravened any provisions of the IT Act, Rule, Regulation or orders made thereunder,
- The private key corresponding to the public key in the certificate has been lost, disclosed without authorization, stolen or compromised in any way.
- The security, trustworthiness or integrity of the CA's PKI is materially affected due to the CA's activities.
- the license does not meet material obligations of its agreements with CCA, those of any applicable CPS, or this CPS;
- there has been an improper or faulty issuance of a certificate due to:
- A material prerequisite to the issuance of the Certificate not being satisfied;
- A material fact in the Certificate is known, or reasonably believed, to be false.
- the licensee is bankrupt, being wound-up or is making arrangements or compositions with its creditors;
- the CA does not possess sufficient financial resources to maintain its provision of certification services;
- Any other material circumstance that requires investigation to ensure the security, integrity or trustworthiness of the CA's PKI.
|
