Mozilla

CA Program

Case Information

Subject
Root Inclusion For Digidentity B.V.
Link to Bugzilla Bug
https://bugzilla.mozilla.org/show_bug.cgi?id=1558450
Case Number
00000430
Case Record Type
CA Root Inclusion Request
CA Owner/Certificate Name
Digidentity B.V.
Request Status
Request Withdrawn by CA

CA Address Information

Street
Waldorpstraat 13-F, 2521 CA Den Haag, Postbus 19148, 2500 CC Den Haag
City
Den Haag
State/Province
Zuid-Holland
Zip/Postal Code
2521 CA
Country
Netherlands

General information about CA's associated organization

CA Email Alias 1
CA Owner Information Verified?
Data Verified
Company Website
https://www.digidentity.eu/
Organizational Type
Private Corporation
Geographic Focus
Netherlands, Europe
Primary Market / Customer Base
Government, financial services, automotive, insurance services, individuals
Recognized CAA Domains
Problem Reporting Mechanism
security@digidentity.com, emergency phone number: +31 887787800

Audit Statements

Auditor
Auditor Verified?
Data Verified
Auditor Location
Standard Audit Verified?
Data Verified
Standard Audit Type
ETSI EN 319 411
Standard Audit Deviation
false
Standard Audit Statement Date
7/15/2019
Standard Audit Comments
Confirmed authenticity of statement via BSI website. https://pgplus.bsigroup.com/CertificateValidation/CertificateValidator.aspx?CertificateNumber=ETS+043&ReIssueDate=15%2f07%2f2019&Template=uk
Standard Audit Period Start Date
3/30/2019
Standard Audit ALV Comments
Page 10: period from 30 March 2019 through 5 July 2019
Standard Audit Period End Date
7/5/2019
BR Audit Verified?
Data Verified
BR Audit Type
ETSI EN 319 411
BR Audit Deviation
false
BR Audit Statement Date
7/15/2019
BR Audit Comments
Previous (point-in-time) audit of 29 March 2019: https://bug1558450.bmoattachments.org/attachment.cgi?id=9071244
BR Audit Period Start Date
3/30/2019
BR Audit ALV Comments
BR Audit Period End Date
7/5/2019
EV SSL Audit Statement (Link)
EV SSL Audit Verified?
Not Applicable
EV SSL Audit Type
 
EV SSL Audit Deviation
false
EV SSL Audit Statement Date
 
EV SSL Audit Comments
EV SSL Audit Period Start Date
 
EV SSL Audit ALV Comments
EV SSL Audit Period End Date
 

Policy Documents

Document Repository Description

Policy Document Record # 1

Document Type
CP/CPS
Document Verified?
Data Verified
Document Last Updated Date
3/30/2020
Associated Trust Bits
Secure Email; Server Authentication
Policy Identifiers
Additional Policy Identifiers
Comments
Associated Root Certificates
Digidentity Services Root CA

Policy Document Record # 2

Document Type
CP/CPS
Document Verified?
Not Verified
Document Last Updated Date
9/9/2020
Associated Trust Bits
Secure Email; Server Authentication; Client Authentication; Document Signing; OCSP Signing
Policy Identifiers
1.3.6.1.4.1.34471.2.1.7; 1.3.6.1.4.1.34471.2.1.8; 1.3.6.1.4.1.34471.2.2.6; 2.23.140.1.2.1; 2.23.140.1.2.2
Additional Policy Identifiers
Comments
Associated Root Certificates
Digidentity Services Root CA

Required and Recommended Practices

Required Practices
https://wiki.mozilla.org/CA/Required_or_Recommended_Practices
Required Practices Verified?
Data Verified
CA's Response to Required Practices
1. Publicly Available CP and CPS: 2.1
1.1 Revision Table, updated annually: Appendix B
1.2 CAA Domains listed in CP/CPS: 3.2.2.8
1.3 BR Commitment to Comply statement in CP/CPS: 1.1
1.4 CP/CPS Structured According to RFC 3647, appropriate use of 'No Stipulation':1.1
2. Audit Criteria:1.1
2.1 Complete Audit History: 8
3. Revocation of Compromised Certificates: 4.9.1
4. Verifying Domain Name Ownership: 3.2.2.4.4
4.1 Baseline Requirements:3.2.2.4.4.
4.2 WHOIS: N/A
4.3 Email Challenge-Response: 3.2.2.4.4
5. Verifying Email Address Control:3.2.3.2
6. DNS names go in SAN: 7.1.10.2
7. OCSP: 4.9.10
8. Network Security Controls: 6.7

Forbidden and Potentially Problematic Practices

Forbidden Practices
https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices
Forbidden Practices Verified?
Data Verified
CA's Response to Forbidden Practices
1. Long-lived Certificates: 6.3.2
2. Non-Standard Email Address Prefixes for Domain Ownership Validation: 3.2.2.4.4
3. Issuing End Entity Certificates Directly From Roots: 1.1.2
4. Distributing Generated Private Keys in PKCS#12 Files: 3.2.1
5. Certificates Referencing Local Names or Private IP Addresses: 7.1.10.2
6. Issuing SSL Certificates for .int Domains: N/A
7. OCSP Responses Signed by a Certificate Under a Different Root:4.9.10
8. Issuance of SHA-1 Certificates:7.1.3
9. Delegation of Domain / Email Validation to Third Parties:N/A