Digital Certificate Profile

Title: Digital Certificate Profile

Description: The Digital Certificate Profile provides standards and guidance in support of a Public Key Infrastructure (PKI) on federated mission networks.

Reference document

Org: FMN

Pubnum

Date: 2021-10-22

Version

Title: FMN Spiral 4 Specification

Taxonomy

Digital Certificate Services

Standards

Obligation: MANDATORY, Lifecycle: CURRENT

Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks (X.509:2016)

Obligation: MANDATORY, Lifecycle: CURRENT

The Online Certificate Status Protocol (OCSP) capability is mandatory for PKI Service providers. The addresses of OCSP endpoints shall be provided in digital certificates through X.509 certificate extensions such as Authority Information Access (AIA). Clients might support this protocol.

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP (RFC 6960:2013)

Obligation: MANDATORY, Lifecycle: CURRENT

CRLs may be provided at multiple endpoints. The addresses of these endpoints shall be provided in digital certificates through X.509 certificate extensions such as Authority Information Access (AIA) and CRL distribution point (CDP). Each CA shall provide CRLs over HTTP. Clients must support this protocol.

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (RFC 5280:2008)

Guidance

The version of the encoded public key certificate shall be version 3. The version of the encoded certificate revocation list (CRL) shall be version 2.

For further guidance on the implementation the AC/322-N(2020)0077 iTIF Certificate Profiles Version 1.2.2 shall also be considered.

Status

URI

History

Flag	Date	RFC	Version
added	2022-12-23	14-059	15

UUID: 06abdd74-5ad5-4615-91ff-0d401f05aeaa

Utilization

This profile is used by the following profiles:

Infrastructure Security Standards Profiles - (profile)