Electronic Certificates

CRLs - ARLs
REVOKED CERTIFICATE LISTS


In accordance with the ANF AC Certification Practice Statement, trusted third parties who receive electronic signatures generated with certificates issued by ANF AC have the obligation to verify the validity of the certificate used.

The expiration of the validity of an electronic certificate has effect since the Certification Authority indicates it in its General Registry.




The revocation of a certificate is final: it implies the loss of its effectiveness and prevents the user from using it legitimately. This process has immediate effects and makes it impossible to renew the certificate and operate the approved signature creation device.

The ability to revoke the final entity certificates is hold by: the certificate owner, his/her legal representative, the Registration Authority that processed the certificate, the Head of Emission Opinions or a Judicial Authority.


ca raiz - icons

ARL – ANF Global Root CA
valid until 06/05/2033
 


 
ca raiz - icons


 
ca raiz - icons


 
ca raiz - icons


ca raiz - icons
ARL – ANF Global Root CA
valid until 05/15/2036
 


 
ca raiz - icons


 
ca raiz - icons


 
ca raiz - icons


ca raiz - icons
ARL – ANF Secure Server Root CA
valid until 01/10/2039
 


 
ca raiz - icons

Legal framework

 
 
"Art. 8.3 The extinction of the validity of an electronic certificate will take effect against third parties, in the cases of expiration of its period of validity, since this circumstance occurs and, in the other cases, since the indication of said extinction is included in the consultation service on the validity of the certificates of the certification service provider”.
 
The Certification Authority Revocation Lists (CARLs) collect the serial numbers of those certificates of Intermediate Certification Authorities that have been revoked before the expiration of their term of validity. Date, time and reason for revocation are specified for each certificate.
 
The Certificate Revocation Lists (CRL) collect the serial numbers of those final entity electronic certificates that have been revoked before the expiration of their term of validity. Date, time and reason for revocation are specified for each certificate.
 
The Certificates of Root Certification Authorities that have been revoked prior to the expiration of their term are published on the ANF AC corporate website. During the provision of ANF AC certification services, no CA Root certificate has been revoked.
 
  • Signatures generated with revoked or expired certificates have no legal validity.
  • In accordance with the Certificate Practice Statement (CPS) of ANF AC, recipients of electronic signatures are required to check the status of validity of the certificate used before trusting them.
  • Revoked certificates can be withdrawn from a CRL three months after their expiry date. However, ANF AC keeps a record of all issued CRLs permanently and accessible to the public.
  • In the field "Next Update", it is noted that the reference standard RFC-3280 v.1 does not establish the said value as mandatory, but version 2 does require it. It has been included in order to guarantee interoperability with other PKI systems.
  • The date outlined in the aforementioned field indicates exclusively the deadline on which a new CRL will be published. In no case does it mean that a new update will not be published before that time.
  • It is expressly forbidden to use the validation services of ANF AC to provide validation services to third parties. The Validation Policy establishes the penalties for non-compliance.
  • The download of a CRL does not prove the obligation to verify an electronic signature received. It also does not allow to determine the moment in which it was downloaded, nor when the consultation was carried out.
 
Subscriber´s Responsibility
 


The possible loss, theft of the device or simple fear that the signature activation PIN is at risk obliges the person responsible to notify this fact to ANF AC, in order to revoke the certificate. These facts, among others, constitute causes for the extinction of the certificate, in accordance with the provisions of articles 8 (b and c) and 9 of the LFE. The device holder has the obligation to take proper custody and maintain the privacy of the keys, the risk of improper use of the certificate is assumed by the owner of the electronic signature taking into account he/she has control over its use. The lack of notification of a situation of risk of the certificate, or change of the information registered in it, presupposes on the part of its owner a serious negligence in the fulfillment of the obligations of conservation related to the signature creation data, in the assurance of its confidentiality and in the protection of all access or disclosure (art. 23.1.c LFE). This forecast is related to the express evidence in the Certificate, that the subscriber has control over the signature creation data (art. 11.2.f LFE); of the verification of its possession by ANF AC, prior to the issuance of the certificate (art. 12.c LFE). Only the opposite objection by the certification service provider could be rejected, if the loss, theft or improper use of the Certificate is notified and the suscriber failed or delayed in writing down the contingency in the Consultation Service on the validity of certificates (art. 22.3, in relation to 10.2 LFE)

English