ESCB-Site
FAQ's

FAQ's

Basic concepts on ESCB-PKI

  • What is ESCB-PKI?
  • Where can the ESCB-PKI Practices and Policies be found?
  • Where can the ESCB-PKI Certificate Revocation Lists be found?
  • Where can the ESCB-PKI Certification Authorities certificates be found?
  • Which are the services provided by ESCB-PKI?
    • The ESCB-PKI provides among others, the following services:

    • - Certificate Validation

      - Certificate Management

      - Key Recovery

      - Crypto Token Request

      - ESCB-PKI Competency Centre

    • See also:

    • - What is the Certificate Validation service?

      - What is the Certificate Management service?

      - What is the Key Recovery service?

      - What is the Crypto Token Request service?

      - What is the ESCB-PKI Competency Centre service?

  • Where are the ESCB-PKI Registration Authorities (RA) located?
    • The Registration Authority role has been granted to every National Central Bank (NCB) and to the European Central Bank (ECB). Please contact your local Service Desk to find the location of your local Registration Authority.

  • Which are the responsibilities of an ESCB-PKI certificate subscriber?
    • The subscriber’s responsibilities are fully described in the CPS and the CPs. Among others subscriber’s responsibilities include:

    • - Use the certificate exclusively in accordance with the signed Terms and Conditions, the CPS and the corresponding CPs;

      - Do not use the certificate after its revocation or after its expiration time;

      - Keep and guard the certificate in a diligent fashion since the request time until it is revoked or the validity period expires;

      - Notify immediately the loss or disclosure of the private key, or any other situation that might impact the certificate validity, or its confidentiality, through the request of the certificate revocation once any of these situations is known by the subscriber;

    • See also the terms & conditions document

  • Which types of certificates does the ESCB-PKI provide?
    • The types of certificates provided are described in the CPS and the CPs. Among others the following certificates will be available:

    • - Standard certificates for end-users software based: used for authentication, signing and encryption

      - Advanced certificates for end-users token based: used for authentication, signing and encryption

      - Qualified certificates for end-users token based: used for signing

      - Standard certificates for technical components software based: used for authentication

  • Which is the life spam of an ESCB-PKI certificate?
    • ESCB-PKI certificates will last three years. Please refer to CPS and the CPs for more information.

  • ESCB regulations related with digital certificates
    • At ESCB level the "Certificate Acceptance Framework" defines the conditions that a given CA must fulfil to be accepted in the ESCB context.

  • What is the Certificate Validation service?
    Aim:
    to validate the status of any certificate issued by the ESCB-PKI
    Type of service:
    public service
    Who will use it:
    typically, third party software (for example ESCB-IAM service)
    Role needed:
    None
    How to use it:
    The ESCB-PKI will provide this information by:
    - periodically publishing Certificate Revocation Lists (CRLs)
    - providing an online service compliant with the Online Certificate Status Protocol (OCSP)
  • What is the Crypto Token Request service?
    Aim:
    to request ESCB-PKI tokens
    Type of service:
    restricted service
    Who will use it:
    NCB and ECB users
    Role needed:
    ESCB-PKI cryptographic token requestor role
    How to use it:
    ESCB-PKI web application
  • What is the Certificate Management service?
    Aim:
    to request, approve, download, revoke and display ESCB-PKI certificates
    Type of service:
    restricted service
    Who will use it:
    NCB, ECB and External Organisation users
    Role needed:
    Authenticated IAM user -> to manage his personal certificates
    ESCB-PKI RO roles -> to manage requests from any subscriber under his scope
    How to use it:
    ESCB-PKI web application
  • What is the Key Recovery service?
    Aim:
    to provide a means for the recovery of the private encryption keys
    Type of service:
    restricted service
    Who will use it:
    NCB and ECB users
    Role needed:
    Authenticated IAM user to recover his personal old encryption keys
    ESCB-PKI KRO roles to recover encryption keys of any subscriber under his scope (under four-eye principle)
    How to use it:
    ESCB-PKI web application
  • What is the ESCB-PKI Competency Centre service?
    Aim:
    To request new features from ESCB-PKI Service Provider (for example the certification of a secure token)
    Type of service:
    public service
    Who will use it:
    NCB and ECB users
    Role needed:
    None
    How to use it:
    Users shall use the Incident Management/Service Request Management tool available at their local Central Bank
© European System of Central Banks. All rights reserved