Skip Navigation Links > About us > Quick link labels > Root certificates > Root certificates Hierarchic


Company První certifikační autorita, a.s., Inc. starts on 01/09/2015 providing certification services in the field of issuing certificates in a two-level hierarchical structure.

Providing certification services in the existing area structure will continue.

Root CAs will be used for issuing certificates of subordinate CAs and for providing services verifying the status of these certificates (CRL and OCSP). They will create two root CAs designed to provide support for cryptographic algorithms RSA and EC (elliptic curves).

Subordinate CAs (second level, RSA / EC) will be used solely for issuing of certificates to end users and to verify the status of these certificates (CRL eventually OCSP).
These CAs will be used in the process:

  • Qualified certification services, ie. issuing:
    • qualified certificates (individuals)
    • qualified system certificates (natural persons, legal persons and organizational units of the state)
  • "Non-qualified" certification services (in the terminology of I.CA is generally a commercial certificates), ie. issuing:
  • commercial certificates (individuals) used in the areas of validation of electronic signatures, authentication and data encryption,
  • server certificates (legal entities and state bodies) used in the areas of validation of electronic signatures, authentication and data encryption,
  • SSL Certificates (legal entities and state bodies) used in secure client communication with the Web server.

For definition of profiles of the types of certificates are used requirements, specified in the relevant standards European Union issued by European Telecommunications Standards Institute (ETSI), especially ETSI EN 319 411-2, ETSI EN 319 411-3 a ETSI TS 102 042. They are selectively used the requirements set out in appropriate drafts. With regard to the fact that I.CA is accredited certification service provider in the Czech Republic and the Slovak Republic, the certification services are regulated by the legislations of these countries, including the technical standards to which these laws refer, in particular the ETSI TS 101 456 or other technical standards of CSN.

Two-level hierarchy of CAs have been developed in such a way that the certificates of Root CAs could be distributed in third-party products (eg. Microsoft, Adobe, ...). This means that the system of issuing certificates, including Root CAs, sub-CAs and certificates issued to end users, complies with internationally recognized norms and standards to which audits (required by manufacturers of the products listed above) refer.

That system of issuing certificates will be developed in such a way as to meet the requirements for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) no. 910/2014 of 23 July 2014 on electronic identification and trust services for creating electronic transactions in the internal market and repealing Directive 1999 / 93 / EC (ie. eIDAS).

Registration authorities

v

News

5/22/2018 I.CA in accordance with GDPR
More here
5/9/2018 Interest about services online validation of electronic signature growing
More here
3/6/2018 OPINION OF THE MINISTRY OF INTERIOR ON THE USE OF CERTIFICATES FOR PSD2
More here