Electronic Certificates
CRLs - ARLs
REVOKED CERTIFICATE LISTS
In accordance with the ANF AC Certification Practice Statement, trusted third parties who receive electronic signatures generated with certificates issued by ANF AC have the obligation to verify the validity of the certificate used.
The expiration of the validity of an electronic certificate has effect since the Certification Authority indicates it in its General Registry.
The revocation of a certificate is final: it implies the loss of its effectiveness and prevents the user from using it legitimately. This process has immediate effects and makes it impossible to renew the certificate and operate the approved signature creation device.
The ability to revoke the final entity certificates is hold by: the certificate owner, his/her legal representative, the Registration Authority that processed the certificate, the Head of Emission Opinions or a Judicial Authority.
ARL – ANF Global Root CA
valid until 06/05/2033
- CN: ANF Global Root CA
- Serial number: 01 3f 2f 31 77 e6
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 26 ca ff 09 a7 af ba e9 68 10 cf ff 82 1a 94 32 6d 28 45 aa
- Valid from June 10, 2013 to June 5, 2033
valid until 02/29/2024
- CN: ANF Assured ID CA1
- Serial number: 06 40 0c a5 29 ce 79 80
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: ab da 03 79 f0 2e ba e8 2e fb 93 41 f2 ad d6 c0 14 9b 58 14
- Valid from March 3, 2014 to February 29, 2024
valid until 02/29/2024
- CN: ANF High Assurance AP CA1
- Serial number: 0a aa dc 2e eb a2 92 00
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 68 d1 5d a0 1c 93 dc 54 2a 3c 7b 6d c0 19 35 68 78 bd 31 61
- Valid from March 3, 2014 to February 29, 2024
valid until 02/29/2024
- CN: ANF High Assurance EV CA1
- Serial number: 0b e6 86 56 59 db bc 00
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: ce e5 c6 6f 66 21 7b 2f ec ba e4 04 87 66 3a 5b 5a 0c 2a 49
- Valid from March 3, 2014 to February 29, 2024
valid until 05/15/2036
- CN: ANF Global Root CA
- Serial number: 01 64 95 ee 61 8a 07 50
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: fc 98 43 cc 99 22 61 50 01 a1 73 74 ce 8a 3d 79 58 0f ea 51
- Valid from May 20, 2016 to May 15, 2036
valid until 05/18/2026
- CN: ANF Assured ID CA1
- Serial number: 07 71 c1 14 00 1a e5 00
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: cb df 3e 06 86 f1 b1 c1 f8 83 49 41 69 ef ed 52 f6 94 14 b9
- Valid from May 20, 2016 to May 18, 2026
valid until 05/18/2026
- CN: ANF High Assurance AP CA1
- Serial number: 0c 68 fc 7d c4 8d 83 80
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 1e 8f 04 25 22 80 bb 73 f4 51 ec 45 8d 87 b5 b8 0e a6 e1 a1
- Valid from May 20, 2016 to May 18, 2026
valid until 05/18/2026
- CN: ANF High Assurance EV CA1
- Serial number: 06 5d 66 65 46 a4 59 00
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 67 93 9b 3c a7 7e 5f 6f de c0 7e c9 63 71 a8 7c 77 19 79 62
- Valid from May 20, 2016 to May 18, 2026
valid until 01/10/2039
- CN: ANF Secure Server Root CA
- Serial number: 0dd3c0747671c7f4
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 0eff0535e0d82bf718a6c40e67eeb5caca0525d8
- Valid from January 15, 2019 until January 10, 2039
valid until 01/12/2019
- CN: ANF High Assurance Server CA
- Serial number: 0dd57d26d754877b
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 026dc9f2c8c7e865d08968d45785e1e14b6c9207
- Valid from January 15, 2019 until January 12, 2029
Legal framework
- Signatures generated with revoked or expired certificates have no legal validity.
- In accordance with the Certificate Practice Statement (CPS) of ANF AC, recipients of electronic signatures are required to check the status of validity of the certificate used before trusting them.
- Revoked certificates can be withdrawn from a CRL three months after their expiry date. However, ANF AC keeps a record of all issued CRLs permanently and accessible to the public.
- In the field "Next Update", it is noted that the reference standard RFC-3280 v.1 does not establish the said value as mandatory, but version 2 does require it. It has been included in order to guarantee interoperability with other PKI systems.
- The date outlined in the aforementioned field indicates exclusively the deadline on which a new CRL will be published. In no case does it mean that a new update will not be published before that time.
- It is expressly forbidden to use the validation services of ANF AC to provide validation services to third parties. The Validation Policy establishes the penalties for non-compliance.
- The download of a CRL does not prove the obligation to verify an electronic signature received. It also does not allow to determine the moment in which it was downloaded, nor when the consultation was carried out.
The possible loss, theft of the device or simple fear that the signature activation PIN is at risk obliges the person responsible to notify this fact to ANF AC, in order to revoke the certificate. These facts, among others, constitute causes for the extinction of the certificate, in accordance with the provisions of articles 8 (b and c) and 9 of the LFE. The device holder has the obligation to take proper custody and maintain the privacy of the keys, the risk of improper use of the certificate is assumed by the owner of the electronic signature taking into account he/she has control over its use. The lack of notification of a situation of risk of the certificate, or change of the information registered in it, presupposes on the part of its owner a serious negligence in the fulfillment of the obligations of conservation related to the signature creation data, in the assurance of its confidentiality and in the protection of all access or disclosure (art. 23.1.c LFE).
This forecast is related to the express evidence in the Certificate, that the subscriber has control over the signature creation data (art. 11.2.f LFE); of the verification of its possession by ANF AC, prior to the issuance of the certificate (art. 12.c LFE). Only the opposite objection by the certification service provider could be rejected, if the loss, theft or improper use of the Certificate is notified and the suscriber failed or delayed in writing down the contingency in the Consultation Service on the validity of certificates (art. 22.3, in relation to 10.2 LFE)
