RA Documents
Registration Authorities Documentation
Registration Authority obligations
All RA obligations are described in Baltic Grid CA CP/CPS document.
1. Authentication of individual identity
Person requesting a certificate:
- A request sent to RA SHALL be considered authenticated when it is cryptographically signed by requesters valid national ID-card certificate or by valid certificate issued for the requester by the BGCA.
- Otherwise, a user requesting a certificate MUST meet in person with the RA and show his/her personal photo-id (passport, national ID-card or national Driver License). If the photo-id is valid and the photo image corresponds to the bearer, the RA SHALL consider the user correctly identified. The certificate request must be delivered to RA.
- Requests MUST be signed by the personal certificate of the corresponding system administrator issued by BGCA or by national ID-card certificate.
- Individual identity may be authenticated by personal acquaintance with RA staff;
- By physical presence and proof of identity through a photo-id (passport, national ID-card or national Driver License);
- By consulting a public directory and verifying whether the person made the request.
2. Send validated certificate requests to BGCA
RA SHALL send authenticated requests to the BGCA. Any information exchanged between the requester, the RA and the CA shall be either signed by strong cryptographic means, or shall be verified by out-of-band methods in a phone conversation with firm positive identification by parties involved.
3. Create and send validated revocation requests to the BGCA
A proper authentication method is required in order to accept revocation request. BGCA MUST accept as a revocation request a message digitally signed with a not expired and not previously revoked certificate issued under this policy. The same procedures adopted for the authentication during initial registration are also considered suitable.
4. Follow the policies and procedures described in Baltic Grid CA CP/CPS document