ANF AC´s Public Key Infrastructure (PKI)


Electronic Certification Services Provider

ANF AC is a Validation Authority, and along with @Firma (Government of Spain), are the only entities authorized to issue validations that determine the validity status of the certificates issued by the different hierarchies of ANF AC.

The procedure approved by the IETF to verify the validity of a certificate is the Online Certificate Status Protocol (OCSP).

The OCSP service for electronic signature validation at source is a high availability online service. Complies with the provisions of art. 32.1 of Regulation (EU) 910/2014 and includes in an automated way the advanced electronic signature of ANF AC in its capacity as Validation Authority.

ANF AC is one of the few CA's that owns and offers technology to verify the validity of the OCSP responses it issues. Each OCSP has an exclusive qualified electronic certificate that identifies it.

All international legislation agrees to determine the obligation of the CA to provide this service and impose on the third parties that trust, the consultation prior to the acceptance of an electronic signature.

ANF AC has an international network of permanently updated servers, this technical infrastructure allows it to provide this validation service in various modalities:

  • Queries through OCSP protocol.
  • Queries to the LDAP service.
  • CRL's download.

Developed in accordance with international standards:

  • IETF RFC 5280(Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile) updated by 6818.
  • IETF RFC 6960 (Online Certificate Status Protocol – (OCSP)).
  • IETF RFC 4511 Lightweight Directory Access Protocol (LDAP): The Protocol.
  • IETF RFC 4510 Lightweight Directory Access Protocol (LDAP):Technical Specification Road Map.