MUPCACP

()
(CP - Certificate Policy)

OID CP : 1.3.6.1.4.1.33589.3.1.1.1
. 1.0
, 2010.

______________________________________________________________________________________
1. ...............................................................................................................................- 4 -
1.1 ................................................................................................- 4 -
1.2 ..........................................................................- 6 -
1.3 MUP CA.............................................................................- 6 -
1.3.1 MUP CA.........................................................................................................................- 7 -
1.3.2 MUP CA...................................................................................- 7 -
1.3.3 .....................................................................................................................- 7 -
1.3.4 ................................................................................................................- 7 -
1.3.5 ............................................................................................................- 8 -
1.4 MUP CA............................................- 8 -
1.4.1 ................................................................- 8 -
1.4.2 ....................................................................- 8 -
1.5 MUP CA................................................- 8 -
1.5.1 ...............................- 8 -
1.5.2 ..............................................................................................................- 9 -
1.5.3 CP .....................................................- 9 -
1.5.4 CP .................................................................- 9 -
1.6 .........................................................................................- 9 -
2. .............................................- 15 -
2.1 .........................................................................................................- 15 -
2.2 .......................................................- 15 -
2.3 ........................................................................- 15 -
2.4 ....................................................................- 15 -
3. .......................................................- 17 -
3.1 ........................................................................................................................- 17 -
3.2 ...............................................................................- 17 -
3.3 .....................- 17 -
3.4 ......................- 18 -
4. ...........................- 19 -
4.1 ....................................................................- 19 -
4.2 ............................................- 19 -
4.3 ............................................................................................- 19 -
4.4 .........................................................................................- 20 -
4.5 .........................................- 20 -
4.6 ........................................................................................- 20 -
4.7 , ...................................................- 20 -
4.8 ..................................................................- 22 -
4.9 ..................................................................- 22 -
4.10 .....................................................................- 23 -
4.11 ........................................- 23 -
5. , ...................................- 24 -
5.1 ...............................................................................- 24 -
5.2 ...........................................................................................- 24 -
5.3 ............................................................................- 25 -
5.3.1 ......................................................................................- 25 -
5.3.2 ...........................................................................- 25 -
5.3.3 ...........................................................................................- 25 -
5.3.4 ...........................................................................................................- 25 -
2

______________________________________________________________________________________
5.3.5 ......................................................................................................- 26 -
5.3.6 ..................................................................- 26 -
5.3.7 ...........................................................................- 26 -
5.3.8 ......................................- 26 -
5.4 /...........................................................- 26 -
5.5 ..................................................................................................- 26 -
5.6 ........................................................................................................- 27 -
5.7 ................................................- 27 -
5.8 C R.....................................................................................- 28 -
6. ............................................................................- 29 -
6.1 ......................................- 29 -
6.2 ........................................................................................- 30 -
6.3 ............................................................- 31 -
6.4 .................................................................................................- 32 -
6.5 .............................................................................- 32 -
6.6 ..............................................- 32 -
6.7 ..............................................................- 32 -
6.8 .......................................................................................................- 32 -
7. CRL ......................................................................- 33 -
7.1 ..............................................................................................- 33 -
7.1.1 ..................................................................................- 33 -
7.1.2 Root CA MUP CA..............................................................- 34 -
7.1.3 Intermediate CA MUP CA................................................- 34 -
7.1.4 ...........................................................................- 34 -
7.2 CRL ....................................................................................................- 36 -
7.3 CSP ............................................................................................................- 36 -
8. .........................................- 37 -
9. .........................................................................- 38 -
9.1 ...........................................................................................................................- 38 -
9.2 .........................................................................................- 38 -
9.3 ...................................................................- 38 -
9.4 ................................................- 38 -
9.5 ..........................................................................- 39 -
9.6 ......................................................................................- 39 -
9.7 ..........................................................................................- 39 -
9.8 .......................................................................................- 39 -
9.9 .....................................................................................................................- 39 -
9.10 ..........................- 39 -
9.11 ..................................- 39 -
9.12 ..................................................................................................................- 40 -
9.13 ..............................................................................- 40 -
9.14 ..............................................................................................- 40 -
9.15 ................................................................- 40 -
9.16 .........................................................................................................- 40 -
9.17 .........................................................................................................- 40 -
10. ................................................................................................................- 41 -
3

______________________________________________________________________________________
5.
( 26/2008)
( 135/2004)
1.

(-ID)
(MUP CA)

.
, MUP CA

.
MUP CA
:
- ETSI ESI TS 101 862 Qualified Certificate Profile,

- RFC 3739 Internet X.509 Public Key Infrastructure: Qualified Certificates Profile,
- RFC 5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile i
- ETSI TS 102 280 X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons"
17.
( - ).
1.1
MUP CA ,
, :
- ,
-
/,
-

.

4

______________________________________________________________________________________
-ID ,
(SSCD).
-
(-ID ),
-
-
.
MUP CA
(eID ) PIN (password),
.
MUP CA ( :
) .
MUP CA :
1. - CP (Certificate Policy), ;
2. - CPS (Certificate
Practices Statement);
.
,

.
,
.

,
.

,

.

,
, ,
.
MUP CA :
- RFC 3647 Internet X.509 Public Key Infrastructure. Certificate Policy and
Certification Practices Framework
- ETSI TS 101 456 Policy Requirements for Certification Authorities Issuing Qualified
Certificates.
MUP CA
( : )

5

______________________________________________________________________________________
.

.
-
;
-
;
- ;
-
;
- (, ,
, ,
).
1.2
( CP Certificate
Policy) MUP CA
(-ID)
.
MUP CA
/ .
MUP CA :
MUP CA

101
11000

(Dname issuer):
C=RS
L= Beograd
O=MUP Republike Srbije
CN=MUPCA Root
1.3 MUP CA
PKI
MUP CA.
6

______________________________________________________________________________________
1.3.1 MUP CA

. MUP CA je
(CA). MUP CA

. , a (CP),
MUP CA CPS (Certificate Practice Statement),
MUP CA
.

,
(CRL Certificate Revocation List). MUP CA

.
MUP CA PKI
. :
- MUPCA Root,
- MUPCA Gradjani
- MUPCA Sluzbenici
- MUPCA Resursi
MUP CA

(-ID).
1.3.2 MUP CA

(RA Registration Authority) MUP CA.

, .
1.3.3
MUP CA.
.
1.3.4
, () /
(),

MUP CA ,
MUP CA.
7

______________________________________________________________________________________

.
,

CRL MUP CA
.
1.3.5
CP.
1.4 MUP CA

MUP CA.
1.4.1
MUP CA

.
- ,
- ,
- ,
- w (SSL ) online
,
- ,
- ,
- , .
1.4.2
CP.
1.5 MUP CA
CP.
1.5.1
MUP CA CP
,

.
8

______________________________________________________________________________________
1.5.2
K MUP CA CP :

email: dragoslav.stanizan@mup.gov.rs
1.5.3 CP
CP.
1.5.4 CP
CP.
1.6
:
, ,
( PIN
password).
C C ( )
C ( Rt C).

/
.
() ,
(),
.
Certificate Practice Statement (CPS)

.
(issuing C)
, C
( ) .

X.509
. URL CPS
.
(R)
/ ,
, (. R
9

______________________________________________________________________________________
( )
C). LR (Local Registration Authority) .
/

. ,
.
.

, ,
.

(SSCD
Secure Signature Creation Device)
.
.
,
,
;

( ) ,
.
,
, .

( ) ,
.
10

______________________________________________________________________________________

.
-
.

/ .
-
()
.

, backup- .
, .
, .
, ,
() (C) ,
.

Rt C subordinate/intermediate ,
C .

, , .
(CRL Certificate Revocation List)

C
.
/
.

C.
(CSR Certificate Service Request)

( PKCS#10 )
.
11

______________________________________________________________________________________
.
(key pair) ,

, RSA .
(
X.509v3 )
,
,
.
,
,

().

() ,
,
.

,
.

.

.

:
, .

. ,

.
12

______________________________________________________________________________________
Hash
hash
(160, 224, 256, 374, 512 ( )).
(Object identifier)

.
/
C,
C (
, .).

CRL .

, .

, : , ,
, .
C
.
CA Certification Authority
RA Registration Authority
ID Identifikacioni Dokument
PKI Public Key Infrastructure
OID Object IDentifier
TSA Time Stamping Authority
CRL Certificate Revocation List
CSR Certificate Service Request
CDP CRL Distribution Point
AIA Authority Information Access
AKI Authority Key Identifier
SKI Subject Key Identifier
13

______________________________________________________________________________________
RFC Request For Comments
ETSI European Telecommunication Standardisation Institute
CP Certificate Policy
CPS Certificate Practise Statement
URL Uniform Resource Locator
JMBG Jedinstveni Matini Broj Graana
14

______________________________________________________________________________________
2.
,
, MUP CA.
2.1
MUP CA
online LDAP wb . MUP CA

.
MUP CA online
, CPS CP.
MUP CA
.
2.2
MUP CA
, :
- MUP CA (MUP CA Root Intermediate MUP CA

),
- (CRL).
MUP CA

.
, MUP CA

, ,
,
.
2.3
MUP CA
(CRL ), CPS .
2.4
MUP CA
:
15

______________________________________________________________________________________
- CA MUP CA
- CRL MUP CA
MUP CA
MUP CA , MUP CA
.
16

______________________________________________________________________________________
3.
MUP CA
/ / MUP CA
, .
MUP CA
.
3.1
, MUP CA

, X.500 distinguished .
MUP CA ,
. MUP CA
.
MUP CA .
MUP CA

Dname .
MUP CA ( ).
MUP CA trademark ,
,
.
3.2

MUP CA
.
3.3

CP.
17

______________________________________________________________________________________
3.4

,
RA
online a ( ,
PIN , , .).
, RA w
MUP CA. , RA MUP CA
.
/
/
( CPS) R
CA .
18

______________________________________________________________________________________
4.

4.1

/
.

R
.
4.2
/

.

R.

(
) (15 ).
MUP CA

.
4.3

, MUP CA
:
-
/
.
-

19

______________________________________________________________________________________

R,
CPS .
4.4
MUP CA
:
- onlin
,
-
,
- (15)

MUP CA, .

.
4.5

, :
-
MUP CA
(Key Usage
Enhanced Key Usage ).
-
MUP CA

.

CP CPS MUP CA.
4.6
CP.
4.7 ,
:
20

______________________________________________________________________________________
-
MUP CA R;
-

;
- ,
.
, MUP CA
.
R.
R.

. ,
,
.
MUP CA
CRL .
, ,
.
- ,
MUP CA R .
-
.
- ,
.
R.

.
R , MUP CA
:
- , , , ,

.
-
CP CPS .
- CP
,

21

______________________________________________________________________________________
,
.
-
.
,
R MUP CA .
online .
MUP CA
( RA )
CP, CPS .

R

. , MUP CA
.
online MUP CA

.
MUP CA ,
CP CPS .
MUP CA CRL .
,
.
4.8
CP.
4.9
MUP CA CRL .
(CRL Certificate Revocation List) MUP CA

24 .
online MUP CA

.
22

______________________________________________________________________________________
4.10
MUP CA,
.
- MUP CA
- MUP CA .
4.11
MUP CA
.

, ,
- .
(
) .

(-ID ).
23

______________________________________________________________________________________
5. ,

, MUP CA
, ,
, , audit- .
-
MUP CA
C CRL
C.
5.1
MUP CA
:
- MUP CA
.
.
-
,
. , MUP CA
,
,

, .
- .
- MUP CA .
- .
- . Backup

.
- .
5.2
MUP CA
,

PKI .
MUP CA
,
.
24

______________________________________________________________________________________
MUP CA
,
, .
/ MUP CA , , :
- ,
- ,
-
-
MUP CA

.
,
MUP CA
. , MUP CA,
. , /
.
, /
, .
5.3
5.3.1
MUP CA ,
,
. :
- ,
- ,
- .
5.3.2
MUP CA
,
.
5.3.3
MUP CA
C R.
5.3.4

, .
25

______________________________________________________________________________________
5.3.5
CP.
5.3.6
MUP CA
, ,
,
.
5.3.7

MUP CA.
5.3.8
MUP CA
, .
5.4 /
audit
.
, MUP CA :
- MUP CA
, ,
.
- MUP CA audit .
, MUP CA .
- Audit
.
- MUP CA backup- audit .
audit audit
.
5.5
MUP CA R .
MUP CA :
- MUP CA
,
26

______________________________________________________________________________________
,
.
- MUP CA MUP CA

MUP CA CPS , .
- :
-
.
- ,
.
- .
-
,
.
- backup- .
- .
-
.
-
, MUP CA R
. MUP
CA . MUP CA
R
. ,
MUP CA . MUP CA

.
5.6
MUP CA , CPS ,

CP.
,
C ,
C.
5.7
, MUP CA
,
MUP CA.
MUP CA
, , /
.
27

______________________________________________________________________________________
MUP CA ,
.
, MUP CA .
5.8 C R
, MUP CA:
-
, .
C.
- (.
) ,
.
-
.
- CP.
- ,
C
MUP CA
CP .
28

______________________________________________________________________________________
6.
MUP CA
(
PIN-, , .).
,
MUP CA ,
, , ,
, .
, .

, , .
6.1
MUP CA ,

.
MUP CA
CP. MUP CA ,
.
MUP CA Intermdiate CA MUP CA PKI .
MUP CA Root
. MUP CA
. MUP CA

.
Root MUP CA MUP CA

( Intermdiate CA ),
, Root - (C
). Root MUP CA .
Root , MUP CA
SHA-1/RSA hash 4096
, 10 (
) 20 .
Intermdiate CA
, MUP CA SHA-1/RSA hash
2048 , 5
29

______________________________________________________________________________________
( )
10 .
MUP CA

, hash
.
6.2
MUP CA
C.
(HSM - Hardware Security Modules).
MUP CA

FIPS 140-2 L3. ,

.
MUP CA ,
,
.
MUP CA.
C
.
C C
.
HSM MUP CA
. MUP CA
.
HSM ,
MUP CA ,
,
CPS .
MUP CA .
MUP CA .
MUP CA
FIPS 140-2 L3.
MUP CA
, , .

.
30

______________________________________________________________________________________
MUP CA backup- CPS
.
MUP CA

.
MUP CA k n
.
( n ) MUP CA
.
.

,
.
,
( )
MUP CA. MUP CA
.
MUP CA

/
/ .
MUP CA
.
MUP CA ,
/.
6.3
MUP CA .
MUP CA
.

( 5 ).
31

______________________________________________________________________________________
6.4
MUP CA
MUP CA, PKI
(R, ).
6.5
MUP CA
PKI .
6.6
MUP CA .
6.7
MUP CA .
6.8
CP.
32

______________________________________________________________________________________
7. CRL
CRL MUP CA .
7.1
MUP CA MUP CA PKI :
- MUPCA Root
- MUPCA Gradjani
- MUPCA Sluzbenici
- MUPCA Resursi
MUP CA :
MUP CA

.
7.1.1
MUP CA :
Ime profila X.509 verzija 3

Period validnosti Do 5 godina
sertifikata
Basic Constraints End Entity|CA, Path length=x
Ekstenzija
uvanje kljueva Smart kartica | HSM
Zajednike ekstenzije Authority Key Identifier
Subject Key Identifier
Authority Information Access
CRL Distribution Point
Duina kljueva 1024, 2048, 4096
Key Usage ekstenzija Digital Signature Certificate Signing
mogue vrednosti Non-Repudiation CRL Signing
Key Encipher Only
Encipherment Decipher Only
Data
Encipherment
Key Agreement
Enhanced Key Usage Client Authentication
Ekstenzija mogue Server Authentication
vrednosti Email Protection
Code Signing
QC (Qualified Certificate) OID ekstenzije (1.3.6.1.5.5.7.1.3) sa
33

______________________________________________________________________________________
statement ekstenzija standardnim vrednostima iz ETSI ESI TS
101 862 Qualified Certificate Profile
dokumenta
OID Politike 1.3.6.1.4.1.33589.3.1.1.1
URL za politiku http://ca.mup.gov.rs
sertifikacije
7.1.2 Root CA MUP CA

Root CA :
Ime profila MUPCARoot

Period validnosti 20 godina
certifikata
Ekstenzija osnovnih CA
ogranienja
uvanje kljueva HSM
Primenljiva duina 4096
kljueva
Ekstenzija korienja Certificate Signing
kljua Off-Line CRL signing
CRL Signing
7.1.3 Intermediate CA MUP CA

Intermediate CA :
Ime profila MUP CA

Period validnosti 10 godina
certifikata
Ekstenzija osnovnih CA
ogranienja
uvanje kljueva HSM
kljueva
Ekstenzija korienja Certificate Signing
kljua Off-Line CRL signing
CRL Signing
7.1.4
MUP CA CPS
.
34

______________________________________________________________________________________

/ MUP CA
.
Ime profila Kvalifikovani sertifikat za autentikaciju/ifrovanje

certifikata
Ekstenzija osnovnih End Entity
ogranienja
uvanje kljueva Smart kartica - SSCD
Certificate Policies
kljueva
Ekstenzija korienja Digital Signature
kljua Key Encipherement
Data Encipherement
Ekstenzija naprednog Client Authentication (1.3.6.1.5.5.7.3.2)
korienja kljua Email Protection (1.3.6.1.5.5.7.3.4)
dokumenta
OID Politike 1.3.6.1.4.1.33589.3.1.1.1
URL za CP http://ca.mup.gov.rs
Ime profila Kvalifikovani sertifikat za kvalifikovani

elektronski potpis
certifikata
Ekstenzija osnovnih End Entity
ogranienja
uvanje kljueva Smart kartica - SSCD
Certificate Policies
kljueva
Ekstenzija korienja Digital Signature
kljua Non-Repudiation
Ekstenzija naprednog Client Authentication (1.3.6.1.5.5.7.3.2)
35

______________________________________________________________________________________
korienja kljua Email Protection (1.3.6.1.5.5.7.3.4)
dokumenta, ukljuujui navoenje da je sertifikat
smeten na SSCD ureaju
OID Politike 1.3.6.1.4.1.33589.3.1.1.1
URL za CPS http://ca.mup.gov.rs
7.2 CRL
IETF PKIX RFC 2459, MUP CA CRL
:
- CRL ,
- CRL CRL .
MUP CA CRL (Sertificate Revocation List) :
Version [Version 1.0]

Issuer CountryName=[Root Sertificate Country Name],
Name OrganizationName=[Root Sertificate Organization],
commonName=[Root Sertificate Common Name]
This Update [Date of Issuance]
Next Update [Date of Issuance + 24 hours]
Signature Algorithm identifier
Authority Key identifier
Revoked CRL Entries
sertificates Sertificate Serial Number [Sertificate Serial Number]
Date and Time of Revocation [Date and Time of Revocation]
7.3 CSP
CP.
36

______________________________________________________________________________________
8.
MUP CA / ,
CP. MUP CA
,
1999/93/C .
, MUP CA

, .
MUP CA CP,
CPS . MUP
CA .
37

______________________________________________________________________________________
9.
9.1
MUP CA MUP CA
.
MUP CA
.
9.2
CP.
9.3
CP.
9.4
MUP CA
CPS ,
.
MUP CA , ,
:
- ,
- .
MUP CA
.

,
.
MUP CA

MUP CA w / CP
CPS .
38

______________________________________________________________________________________
9.5
MUP CA
, w , ,

MUP CA, CP.
9.6
CP.
9.7
CP.
9.8
MUP CA
.
( ) MUP CA :
- .
- .
- CP.
-
.
-
, .
9.9
CP.
9.10

CP.
9.11

CP.
39

______________________________________________________________________________________
9.12
CP.
9.13
MUP CA
CP. (10)
CP, .
3 , ,
. , ,
.
,
CP,
.
9.14
CP

. MUP CA /
MUP CA
.
9.15
CP.
9.16
CP.
9.17
CP.
40

______________________________________________________________________________________
10.
- , . , . 135/2004
- , .
, . 48/2005
- RFC 3647 Request For Comments 3647, Internet X.509 Public Key Infrastructure,
Certificate Policy and Certification Practices Framework
- RFC 5280 Request For Comments 5280, Internet X.509 Public Key
Infrastructure / Certificate and CRL Profile
- MUP CA
41

MUPCACP

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MUPCACP

Uploaded by

Copyright:

Available Formats

()

(CP - Certificate Policy)

- ETSI ESI TS 101 862 Qualified Certificate Profile,

Certificate Practice Statement (CPS)

(CRL Certificate Revocation List)

(CSR Certificate Service Request)

PKI Public Key Infrastructure

OID Object IDentifier

TSA Time Stamping Authority

CRL Certificate Revocation List

CSR Certificate Service Request

CDP CRL Distribution Point

AIA Authority Information Access

AKI Authority Key Identifier

SKI Subject Key Identifier

ETSI European Telecommunication Standardisation Institute

CPS Certificate Practise Statement

URL Uniform Resource Locator

JMBG Jedinstveni Matini Broj Graana

- MUP CA (MUP CA Root Intermediate MUP CA

(CRL Certificate Revocation List) MUP CA

MUP CA Intermdiate CA MUP CA PKI .

Root MUP CA MUP CA

Ime profila X.509 verzija 3

7.1.2 Root CA MUP CA

Ime profila MUPCARoot

7.1.3 Intermediate CA MUP CA

Ime profila MUP CA

Ime profila Kvalifikovani sertifikat za autentikaciju/ifrovanje

Ime profila Kvalifikovani sertifikat za kvalifikovani

MUP CA CRL (Sertificate Revocation List) :

Version [Version 1.0]

You might also like