Title
Digital Certificate Profile
Description
The Digital Certificate Profile provides standards and guidance in support of a Public Key Infrastructure (PKI) on federated mission networks.

Reference document

Org
FMN
Pubnum
Date
2023-10-16
Version
Title
FMN Spiral 5 Specification

Taxonomy

Standards

Obligation: MANDATORY, Lifecycle: CURRENT

Obligation: MANDATORY, Lifecycle: CURRENT

CRLs may be provided at multiple endpoints. The addresses of these endpoints shall be provided in digital certificates through X.509 certificate extensions such as Authority Information Access (AIA) and CRL distribution point (CDP). Each CA shall provide CRLs over HTTP. Clients must support this protocol.

Obligation: MANDATORY, Lifecycle: CURRENT

The Online Certificate Status Protocol (OCSP) capability is mandatory for PKI Service providers. The addresses of OCSP endpoints shall be provided in digital certificates through X.509 certificate extensions such as Authority Information Access (AIA). Clients might support this protocol.

Guidance

The version of the encoded public key certificate shall be version 3. The version of the encoded certificate revocation list (CRL) shall be version 2.

Further mandatory guidance for the issued digital certificates is provided in the AC/322-N(2020)0077 iTIF Certificate Profiles Version 1.2.2, with the following allowed deviations

  • The ‘Authority Key Identifier’ (marked in iTIF as mandatory) MAY be used

Status

URI

History

Flag Date RFC Version
added 2023-12-01 15-023 15
UUID
6f652d5e-0210-4547-bd79-2b70e84b52fb

Utilization

This profile is used by the following profiles:

Last updated on Fri, 12 Apr 2024 12:37:50 UTC
This page is work in progress