Certification authority at Banka Slovenije
The Certification Authority at the Bank of Slovenia (CA) issues personal digital certificates for members of personnel and for representatives or employees of the companies and organisations that have a contract with the Bank of Slovenia to work for the Bank of Slovenia.
All digital certificates issued by the CA are stored on the cryptographic module of a smard card.
The CA infrastructure is composed of two hierarchically related CA servers ( "Banka Slovenije Root CA" and subordinated "Banka Slovenije EntSub CA" ).
Digital certificates issued by the CA can be used for:
- digital signature/signature verification
- digital encryption/decryption
- authentication
Address:
Banka Slovenije
Overitelj digitalnih potrdil
Slovenska c. 35
1505 Ljubljana
Phone: 01 4719 140
Fax: 01 2515 516
Email: PKI@bsi.si
Web: http://ca.bsi.si/pki
Ca infrastructure
The CA infrastructure is composed of two hierarchically related CA servers as shown in the picture bellow.
The Highest in the hierarchy is "Banka Slovenije Root CA" that issues digital certificates to subordinate CAs.
Subordinated "Banka Slovenije Ent Sub CA" issues digital certificates to individuals.
Digital certificates used by the CA
Banka Slovenije Root CA (Click on link to transfer)
|
Field |
Value |
|
Version |
V3 |
|
Serial Number |
64 d6 57 2e d9 79 77 84 43 84 43 ec f3 42 f1 02 |
|
Subject Key identifier |
69 c6 8b 92 01 7f ca 40 1c a4 9f c2 dc a4 85 91 27 23 dc 19 |
|
Issuer |
CN = Banka Slovenije Root CA O = Banka Slovenije C = SI |
|
Subject |
CN = Banka Slovenije Root CA O = Banka Slovenije C = SI |
|
Valid from |
14. junij 2013 11:51:26 CET |
|
Valid to |
14. junij 2043 11:51:26 CET |
|
Public Key |
4096 bit |
|
Signature algorithm |
sha256RSA |
|
Thumbprint: |
79 7a 52 04 93 b3 e6 e9 f1 5c d5 a2 d5 15 e9 04 e1 70 4d 32 |
Banka Slovenije Ent Sub CA (Click on link to transfer)
|
Field |
Value |
|
Version |
V3 |
|
Serial Number |
14 fc 79 86 00 00 00 00 00 02 |
|
Subject Key identifier |
6c 33 15 ad fb b6 1e 0d e8 bb 88 de ba fc 91 cc b1 8d 45 e3 |
|
Issuer |
CN = Banka Slovenije Root CA O = Banka Slovenije C = SI |
|
Subject |
CN = Banka Slovenije Ent Sub CA O = Banka Slovenije C = SI |
|
Valid from |
14. junij 2013 13:08:20 CET |
|
Valid to |
14. junij 2028 13:18:20 CET |
|
Public Key |
4096 bit |
|
Signature algorithm |
sha256RSA |
|
Thumbprint: |
25 2a 22 bb c5 6e df 1f a0 ce 49 3a d1 ef dd e7 ce 47 80 d2 |
Certificate revocation lists (CRL)
Validity period and issuance frequency of the CRLs is as defined in the table below.
|
The CA server |
CRL validity |
CRL issuance frequency |
|
Banka Slovenije Root CA |
1 year |
Every year |
|
Banka Slovenije Ent SUB CA (complete register) |
7 days |
Every 4 days |
|
Banka Slovenije Ent SUB CA (changes) |
1 day |
Every day |
The new CRL is published before the old one expires. After each digital certificate, revocation of the new CRL is published within the validity period of the one already published. The maximum time allowed between the generation of the CRL and its publication in the repository is 60 minutes. CRL contains the following fields:
- Version: V2
- Signature: The CA signature
- Issuer: Distinguished name
- thisUpdate: Time of CRL issue
- nextUpdate: Time of next CRL issue
- revokedCertificate: Serial numbers of revoked certificates
Valid CRL is the most recent version published on the following addresses:
- http://ca.bsi.si/pki/crls/Banka Slovenije Root CA.crl
- http://ca.bsi.si/pki/crls/Banka Slovenije Ent Sub CA.crl
Certificate policy (CP)
The CP defines technical characteristics and level of security for the CA infrastructure and procedures used at Banka Slovenije for managing this infrastructure and the lifecycle of issued digital certificates. It contains essential provisions influencing the relationship between the CA, digital certificate holders and third parties relying on these certificates.
Version 3.0
Certificate policy for digital certificates for individuals
- CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
- Valid from: 1.1.2024
Version 2.0
Certificate policy for digital certificates for individuals
- CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
- Valid from: 15. 11. 2023
Version 1.0
Certificate policy for digital certificates for individuals
- CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.1
- Valid from: 6. 9. 2013
Certificate Practices Statement (CPS)
The CPS defines the procedures carried out by the CA to manage the lifecycle of digital certificates including application requests, issuances, expirations or revocations. This document also defines the procedures performed by the CA to manage the corresponding infrastructure.
Version 3.0
Certificate practices statement of the Certification Authority at the Bank of Slovenia
- CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.2
- Valid from: 1.1.2024
Application forms
Statement of acceptance of the terms and conditions for the use of digital certificates
Notifications
04/10/2013 – Expected start of operation of the CA at Banka Slovenije
The CA will start issuing digital certificates on 15. 10. 2013