-
Notifications
You must be signed in to change notification settings - Fork 23
lint_etsi_cert
Corey Bonnell edited this page Jun 12, 2024
·
1 revision
| Certificate type | Description |
|---|---|
| NCP-W-NATURAL-PERSON-PRE-CERTIFICATE | NCP website authentication certificate issued to a natural person with pre-certificate poison extension |
| NCP-W-LEGAL-PERSON-PRE-CERTIFICATE | NCP website authentication certificate issued to a legal person with pre-certificate poison extension |
| DVCP-PRE-CERTIFICATE | DVCP policy certificate with pre-certificate poison extension |
| IVCP-PRE-CERTIFICATE | IVCP policy certificate with pre-certificate poison extension |
| OVCP-PRE-CERTIFICATE | OVCP policy certificate with pre-certificate poison extension |
| EVCP-PRE-CERTIFICATE | EVCP policy certificate with pre-certificate poison extension |
| QEVCP-W-EIDAS-PRE-CERTIFICATE | EU qualified website authentication certificate conforming to EVCP with pre-certificate poison extension |
| QNCP-W-IV-EIDAS-PRE-CERTIFICATE | EU qualified website authentication certificate conforming to IVCP with pre-certificate poison extension |
| QNCP-W-OV-EIDAS-PRE-CERTIFICATE | EU qualified website authentication certificate conforming to OVCP with pre-certificate poison extension |
| QNCP-W-GEN-NATURAL-PERSON-EIDAS-PRE-CERTIFICATE | EU qualified website authentication certificate conforming to W-gen profile issued to a natural person with pre-certificate poison extension |
| QNCP-W-GEN-LEGAL-PERSON-EIDAS-PRE-CERTIFICATE | EU qualified website authentication certificate conforming to W-gen profile issued to a legal person with pre-certificate poison extension |
| QEVCP-W-NON-EIDAS-PRE-CERTIFICATE | Non-EU qualified website authentication certificate conforming to EVCP with pre-certificate poison extension |
| QNCP-W-IV-NON-EIDAS-PRE-CERTIFICATE | Non-EU qualified website authentication certificate conforming to IVCP with pre-certificate poison extension |
| QNCP-W-OV-NON-EIDAS-PRE-CERTIFICATE | Non-EU qualified website authentication certificate conforming to OVCP with pre-certificate poison extension |
| QNCP-W-GEN-NATURAL-PERSON-NON-EIDAS-PRE-CERTIFICATE | Non-EU qualified website authentication certificate conforming to W-gen profile issued to a natural person with pre-certificate poison extension |
| QNCP-W-GEN-LEGAL-PERSON-NON-EIDAS-PRE-CERTIFICATE | Non-EU qualified website authentication certificate conforming to W-gen profile issued to a legal person with pre-certificate poison extension |
| QEVCP-W-PSD2-EIDAS-PRE-CERTIFICATE | PSD2 EU qualified website authentication certificate conforming to EVCP with pre-certificate poison extension |
| QEVCP-W-PSD2-NON-BROWSER-EIDAS-PRE-CERTIFICATE | PSD2 EU qualified website authentication certificate conforming to EVCP with pre-certificate poison extension that is not trusted by any Root Program |
| NCP-W-NATURAL-PERSON-FINAL-CERTIFICATE | NCP website authentication certificate issued to a natural person without a pre-certificate poison extension |
| NCP-W-LEGAL-PERSON-FINAL-CERTIFICATE | NCP website authentication certificate issued to a legal person without a pre-certificate poison extension |
| DVCP-FINAL-CERTIFICATE | DVCP policy certificate without a pre-certificate poison extension |
| IVCP-FINAL-CERTIFICATE | IVCP policy certificate without a pre-certificate poison extension |
| OVCP-FINAL-CERTIFICATE | OVCP policy certificate without a pre-certificate poison extension |
| EVCP-FINAL-CERTIFICATE | EVCP policy certificate without a pre-certificate poison extension |
| QEVCP-W-EIDAS-FINAL-CERTIFICATE | EU qualified website authentication certificate conforming to EVCP without a pre-certificate poison extension |
| QNCP-W-IV-EIDAS-FINAL-CERTIFICATE | EU qualified website authentication certificate conforming to IVCP without a pre-certificate poison extension |
| QNCP-W-OV-EIDAS-FINAL-CERTIFICATE | EU qualified website authentication certificate conforming to OVCP without a pre-certificate poison extension |
| QNCP-W-GEN-NATURAL-PERSON-EIDAS-FINAL-CERTIFICATE | EU qualified website authentication certificate conforming to W-gen profile issued to a natural person without a pre-certificate poison extension |
| QNCP-W-GEN-LEGAL-PERSON-EIDAS-FINAL-CERTIFICATE | EU qualified website authentication certificate conforming to W-gen profile issued to a legal person without a pre-certificate poison extension |
| QEVCP-W-NON-EIDAS-FINAL-CERTIFICATE | Non-EU qualified website authentication certificate conforming to EVCP without a pre-certificate poison extension |
| QNCP-W-IV-NON-EIDAS-FINAL-CERTIFICATE | Non-EU qualified website authentication certificate conforming to IVCP without a pre-certificate poison extension |
| QNCP-W-OV-NON-EIDAS-FINAL-CERTIFICATE | Non-EU qualified website authentication certificate conforming to OVCP without a pre-certificate poison extension |
| QNCP-W-GEN-NATURAL-PERSON-NON-EIDAS-FINAL-CERTIFICATE | Non-EU qualified website authentication certificate conforming to W-gen profile issued to a natural person without a pre-certificate poison extension |
| QNCP-W-GEN-LEGAL-PERSON-NON-EIDAS-FINAL-CERTIFICATE | Non-EU qualified website authentication certificate conforming to W-gen profile issued to a legal person without a pre-certificate poison extension |
| QEVCP-W-PSD2-EIDAS-FINAL-CERTIFICATE | PSD2 EU qualified website authentication certificate conforming to EVCP without a pre-certificate poison extension |
| QEVCP-W-PSD2-NON-BROWSER-EIDAS-FINAL-CERTIFICATE | PSD2 EU qualified website authentication certificate conforming to EVCP without a pre-certificate poison extension that is not trusted by any Root Program |
| NCP-NATURAL-PERSON-CERTIFICATE | A non-website authentication certificate issued to a natural person |
| NCP-LEGAL-PERSON-CERTIFICATE | A non-website authentication certificate issued to a legal person |
- The current TS 119 495 only allows EVCP (with overrides for non-browser trust) for PSD2 QWACs
- Every subject of a PSD2 certificate will have a PSD2 organization identifier assigned
- The allowance to include the PSD2 policy OID does override the recommendation to include a policy OID specific to the certificate type
- It is not possible to issue a certificate for an Onion Domain Name that has not been validated per CABF TLS BRs
- The prohibition on organizationName and organizationIdentifier being the same value implies a case-insensitive comparison
- It is not possible to issue a QWAC containing the QSCD qualified statement
- Organization identifier and natural person serial number formats in EN 319 412 1 are only enforced if the corresponding semanticsIdentifier is asserted
- It is not compliant to include a ETSI-defined policy OID intended for a specific certificate type within another certificate type
- For legal person certificates, all transnational country codes assigned in ISO 3166-1 are allowed