eIDAS & WebTrust Certification Support

eIDAS Certification Support

To become certified as a Qualified Trust Service Provider, a conformity assessment needs to be performed, by an accredited conformity assessment body, for the trust service or trust services in scope of a conformity assessment. The conformity assessment is performed based on the accredited accreditation scheme of the conformity assessment body and needs to adhere to the certification and certification scheme requirements imposes by the eIDAS Regulation.

The certification requirements are defined in ETSI EN 319 403-1 Requirements for conformity assessment bodies assessing Trust Service Providers and are aligned with ISO/IEC 17065:2012 Conformity assessment — Requirements for bodies certifying products, processes and services.

eIDAS certification requires conformity with the General Policy Requirements for Trust Service Providers defined in ETSI EN 319 401. Compliance with this standards is required for all Qualified Trust Service Providers. To demonstrate conformity for specific Qualified Trust Services, additional ETSI (or other) requirements need to be validated and confirmed by the conformity assessment body (based on ETSI TS 119 403-3)

Provision of qualified certificates for electronic signatures Provision of qualified certificates for electronic seals Provision of qualified certificates for website authentication Provision of qualified time stamps Qualified validation service for qualified electronic signatures Qualified validation service for qualified electronic seals Qualified preservation service for qualified electronic signatures Qualified preservation service for qualified electronic seals Qualified electronic registered delivery services

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI EN 319 411-1: Trust Service Providers issuing certificates; Part 1: General requirements
ETSI EN 319 411-2: Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates 
ETSI EN 319 412-2: Certificate Profiles; Part 2: Certificate profile for certificates issued to natural persons
ETSI 
EN 319 412-5: Certificate Profiles; Part 5: QCStatements

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI EN 319 411-1: Trust Service Providers issuing certificates; Part 1: General requirements
ETSI EN 319 411-2: Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates 
ETSI EN 319 412-3: Certificate Profiles; Part 3: Certificate profile for certificates issued to legal persons
ETSI EN 319 412-5: Certificate Profiles; Part 5: QCStatements

 

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI EN 319 411-1: Trust Service Providers issuing certificates; Part 1: General requirements
ETSI EN 319 411-2: Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates 
ETSI EN 319 412-4: Certificate Profiles; Part 4: Certificate profile for web site certificates
ETSI EN 319 412-5: Certificate Profiles; Part 5: QCStatements

 

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI EN 319 421: Policy and Security Requirements for Trust Service Providers issuing Time-Stamps
ETSI EN 319 422: Time-stamping protocol and time-stamp token profiles

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI EN 319 102-1: Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
ETSI TS 119 102-2: Procedures for Creation and Validation of AdES Digital Signatures; Part 2: Signature Validation Report
ETSI TS 119 172-4: Signature Policies; Part 4: Signature applicability rules (validation policy) for European qualified electronic signatures/seals using trusted lists
ETSI TS 119 441: Policy requirements for TSP providing signature validation services
ETSI TS 119 442: Protocol profiles for trust service providers providing AdES digital signature validation services

 

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI EN 319 102-1: Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation
ETSI TS 119 102-2: Procedures for Creation and Validation of AdES Digital Signatures; Part 2: Signature Validation Report
ETSI TS 119 172-4: Signature Policies; Part 4: Signature applicability rules (validation policy) for European qualified electronic signatures/seals using trusted lists
ETSI TS 119 441: Policy requirements for TSP providing signature validation services
ETSI TS 119 442: Protocol profiles for trust service providers providing AdES digital signature validation services

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI TS 119 511: Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques
ETSI TS 119 512: Protocols for trust service providers providing long-term data preservation services

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI TS 119 511: Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques
ETSI TS 119 512: Protocols for trust service providers providing long-term data preservation services

The following ETSI standards are available to demonstrate compliance:

ETSI EN 319 401: General Policy Requirements for Trust Service Providers
ETSI EN 319 521: Policy and security requirements for Electronic Registered Delivery Service Providers
ETSI EN 319 522-1: Electronic Registered Delivery Services; Part 1: Framework and Architecture
ETSI EN 319 522-2: Electronic Registered Delivery Services; Part 2: Semantic contents
ETSI EN 319 522-3: Electronic Registered Delivery Services; Part 3: Formats
ETSI EN 319 531: Policy and security requirements for Registered Electronic Mail Service Providers
ETSI EN 319 532-1: Registered Electronic Mail (REM) Services; Part 1: Framework and architecture
ETSI EN 319 532-2: Registered Electronic Mail (REM) Services; Part 2: Semantic contents
ETSI EN 319 532-3: Registered Electronic Mail (REM) Services; Part 3: Formats
ETSI EN 319 532-4: Registered Electronic Mail (REM) Services; Part 4: Interoperability profiles

WebTrust Certification Support

Publicly Trusted Certification Authorities needs to be compliant with CAB Forum requirements and Browser Root Policy Requirements also known as Public Trust requirements. To demonstrate compliance, Publicly Trusted Certification Authorities need to undergo a yearly audit where adherence to applicable criteria (WebTrust or ETSI) is audited.

The WebTrust principles and criteria define the requirements against which Publicly Trusted Certification Authorities are audited and defines the following PRINCIPLES AND CRITERIA FOR CERTIFICATION AUTHORITIES:

Principles and Criteria for Certification Authorities: Framework for third party assurance providers to assess the adequacy and effectiveness of the controls employed by Certification Authorities (CAs)
WebTrust Principles and Criteria for Certification Authorities – Extended Validation SSL: Framework for third party assurance providers relating to Extended Validation certificates
WebTrust Principles and Criteria for Certification Authorities – SSL Baseline with Network Security: Framework for third party assurance providers relating to SSL certificates
WebTrust Principles and Criteria for Certification Authorities – Code Signing Baseline Requirements: Framework for third party assurance providers relating to code signing
WebTrust Principles and Criteria for Registration Authorities (Only for Registration Authorities): WebTrust Principles and Criteria for Registration Authorities