Policy Documentation

Digi-CA™

You can own and operate a Digi-CA™ system without ever putting in place any statutory documents or standards compliance and many organisations because their application is commercial and doesn’t need third part accreditation. ‘Best Practice’ means you should consider having a CP and we would recommend the following:

Digi-CA™ Field Configuration Control

Having specific fields added to your certificates is normally not required unless you are seeking accreditation or are issuing to millions of users and is a common practice when considering National IDs, e Passports, Health IDs, etc. At the deepest level, this may include Object ID [OID] fields and the need to register these OIDs with the Internet Assigned Numbers Authority [IANA]. Digi-CAST1™ will advise you on this should it be required and carry out this level of customisation and registration where appropriate.

  Status:   Active
  Expiry Date:   2007-02-14 00:00:00 GMT
  Serial Number:   04A80417E8B3D35AE8B480FFAFCD3274
  Invited on:   2006-02-02 17:40:17 GMT
  Invited by:   bob.smith@digi-sign.com
  Invitation Name:   Mary Brown
  Invitation Email:   mary.brown@domain.com
  Requested on:   2006-02-02 18:51:09 GMT
  Approved on:   2006-02-12 18:55:52 GMT
  Approved by:   mylissa.monton@hostname.com
  Activated on:   2006-02-13 19:00:33 GMT
  Revoked on:   Digi-CA™ the complete Certificate Authority [CA] system
  Common Name:   Bob Smith
  Email:   bob.smith@digi-sign.com
  Organisation:   Services Group
  Organisational Unit:   14029
  Locality/City:   Pompano Beach, FL
  Country:   US
  Secret Question:   Favourite pet's name?
  Secret Answer:   Johnny Cash

Digi-CA™ the complete Certificate Authority [CA] system

Digi-CA™ the complete Certificate Authority [CA] system
Certificate Policy [CP] Control

The CP for the Digi-CA™ is an important document because it clearly identifies the processes and procedures of your CA operation in a single document. It also adds to the credibility, security and acceptance when getting the people to accept and use your digital certificates. There is a standard recognised format for writing a CP but we suggest that you don’t need to follow this RFC format unless your CA requires certification or accreditation.

In sub section 2.5.7.3, the CP is the ‘Who, What, Where and How’ document that describes the principles of the Digi-CA™ usage and how they are to be distributed. This CP is agreed before the Digi-CA™ is operational and all certificates must then be deployed in accordance with the CP.

Digi-CA™ the complete Certificate Authority [CA] system
Digi-CA™ Certificate Practice Statement [CPS] Control

CPS control using your own CPS is only required if you are building a Trust Centre using Digi-CA™ Server Xg. The CPS should follow the RFC 2527 format in compliance with European Telecommunications Standards Institute [ETSI] 101 456. The Digi-CAST1™ Team will advise your legal technical teams on the best approach using these internationally recognised standards.

Creating your own CPS is a time consuming and complex process that will require several specialist consultants and may take several months to complete. Referencing an existing CPS such as the one used by Digi-Sign is probably the most practical approach. You should only consider drafting your own CPS if you are setting up a national or international Trust Centre.