Digital Certificates

Client and Server TLS certificates

The certificates issued under the current policy are not recognized according to Directive 1999/93/EC and Law 59/2003 on Electronic Signature and may be used to provide security in communications by means of SSL or TLS encryption. Typical uses of these certificates may be authentication (including Microsoft Active Directory), data encryption, electronic signing of content, etc.

• These certificates do not limit the use or quantity of the transactions carried out
• These certificates have a 2-year validity period.

The uses allowed in the specific case of each certificate are deduced from the values of the keyUsage and extendedKeyUsage extensions of the certificate, as stipulated in RFC 3280.

CLIENT

• Client Authentication (web validation)
• MS Smart Card Logon (OID 1.3.6.1.4.1.311.20.2.2), en tarjeta
• Email Protection

SERVER

• Server Authentication
• Internet Key Exchange for IPSEC
• Code signing
• Timestamping
• OFTP2 Server (Digitalsignature, KeyEncipherment, TLSServerAuthentication, TLSClientAuthentication). You will be able to select from this list 1 to 4 attributes of these types of certificates

To apply for a certificate of this type, the request must be accompanied by the Certification Contract filled in through the ACEDICOM website and sent by fax or e-mail signed by means of a certificate issued by a recognized Certification Authority.

Initial verification of the identity for the data of mandatory inclusion in the certificate depends on the subject of the same and is as follows:

• TLS / email client certificates: the e-mail address of the applicant is verified, so that once the certificate application process is initiated, the necessary instructions to continue with the same will be provided via the e-mail specified in the request and destined to be included in the certificate.
• TLS server certificates: checks will be made that the applicant person or organization controls the Internet domain indicated in the CN. Once the certificate request is underway, the necessary instructions to continue with the same will be provided through the contact route (e-mail, telephone or physical address) specified in the request and which must coincide with the administrative contact listed in the Whois of the domain.
• Code signature certificates: Any attribute to be included in the certificate will be checked. Any other additional data to be included in the certificate must be properly verified.

In any case, ACEDICOM reserves the right to require the physical presence of the applicant or person authorized by the same at the Authorized Registration Points in order to provide documentation and carry out the appropriate identity checks, as detailed in the Certification Practices Declaration in points 3.2.2 and 3.2.3.