BSI certificate profile

BSI certificate profile

Red Overlay
BSI certificate profile
BSI certificate profile
Red Overlay
Enter Company name or certificate number. Results limited to 50 records.
Kitemark advanced search

ETSI EN 319 411-1 v1.3.1

Buypass AS
Gullhaug Torg 2D
0484 Oslo
0402 Oslo
P.O. Box 4364
Norway

Certificate number ETS 018
Scope On the request of Buypass AS (hereafter referred to as: Buypass), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands). The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in Buypass’ Statement of Applicability, dated November 23, 2023 and in the Overview of Applicability, dated November 22, 2023. The scope of the assessment comprised the following Trust Service Provider component services: -,,Registration Service -,,Certificate Generation Service -,,Dissemination Service -,,Revocation Management Service -,,Revocation Status Service -,,Subject Device Provision Service For the issuing CA marked (*): This includes operating a remote QSCD / SCDev, where electronic signature creation data is generated and managed on behalf of the signatory. These TSP component services are being provided for the trust services: -,,Issuance of public key certificates (non-qualified trust service), in accordance with the policies: NCP, NCP+, DVCP, OVCP, EVCP and PTC The certificates are issued through its issuing certification authorities, as specified below: Root CA: Buypass Class 2 Root CA Sha256 Fingerprint: 9A114025197C5BB95D94E63D55CD43790847B646B23CDF11ADA4A00EFF15FB48 -,,Issuing CA: Buypass Class 2 CA 2 Sha256 Fingerprint: 54A89ECB989A1DCCF4013639F38974A0BC0742C2993DFB6BD0CBF1F462964501 +,,Buypass SSL Domain Certificates (OID 2.16.578.1.26.1.2.4), in accordance with policies PTC, DVCP; +,,Buypass SSL Business Certificates (OID 2.16.578.1.26.1.2.3), in accordance with policies PTC, OVCP; -,,Issuing CA: Buypass Class 2 CA 5 Sha256 Fingerprint: 3062918D9DD617925271BC7F8080B8A6A5D2185BBD880F7862FD4C043B194191 +,,Buypass Go SSL Certificates (OID 2.16.578.1.26.1.2.7), in accordance with policies PTC, DVCP; Root CA: Buypass Class 3 Root CA Sha256 Fingerprint: EDF7EBBCA27A2A384D387B7D4010C666E2EDB4843E4C29B4AE1D5B9332E6B24D -,,Issuing CA: Buypass Class 3 CA 2 Sha256 Fingerprint: DAA0435407FA44C28AB939E6823813605779093873A96649AD6E03B05D28626C +,,Buypass SSL Business Plus Certificates (OID 2.16.578.1.26.1.3.4), in accordance with policies PTC, OVCP; +,,Buypass SSL Evident Certificates (OID 2.16.578.1.26.1.3.3), in accordance with policies PTC, EVCP -,,Issuing CA: Buypass Class 3 CA 3 Sha256 Fingerprint: C49C350E5A8205E063E74C554A994335B8435C996527D4EF1A2B0C7B51584B2D +,,Buypass Enterprise Class 3 Certificates (OID 2.16.578.1.26.1.3.2 soft token), in accordance with policy NCP; +,,Buypass Enterprise Class 3 Certificates (OID 2.16.578.1.26.1.3.5 hard token), in accordance with policy NCP+; Root CA: Buypass Class 3 Root CA G2 ST Sha256 Fingerprint: F8C16C6B4FD45CB0672E16582B8805F1CAFD0C48D866F4ED895B30E352A9FAA6 -,,Issuing CA: Buypass Class 3 CA G2 ST Business Sha256 Fingerprint: 45E05831CDDAC1F2B96DC8CA54620834C87649E9FFD3B26D7DAD2AD07F807232 +,,Buypass Enterprise Class 3 Certificates (OID 2.16.578.1.26.1.3.2 soft token), in accordance with policy NCP; Root CA: Buypass Class 3 Root CA G2 HT Sha256 Fingerprint: AB936DFD7F171D3A3CBD08F9BEBDC3F3BAAABAA79DF6A908F8A7B0128627F187 -,,Issuing CA: Buypass Class 3 CA G2 HT Business Sha256 Fingerprint: 0EF5CEDCE44265B112785B359A21141E20F553AADA4C579404617B5CA6046BE9 +,,Buypass Enterprise Class 3 Certificates (OID 2.16.578.1.26.1.3.5 hard token), in accordance with policy NCP+; -,,Issuing CA (*): Buypass Class 3 CA G2 HT Person BCSS Sha256 Fingerprint: 5C7132D1BBA73050F70EBA7B72D141BFFA2EE420AE2F690C37C42C979CB5A286 +,,Buypass BCSS Class 3 Certificates (OID 2.16.578.1.26.1.3.8 HSM), in accordance with policy NCP+; The Certification Authority processes and services are documented in the following documents: -,,Certification Practice Statement - Buypass Class 3 Enterprise Certificates, v7.1, dated 2 November 2022 (effective date: 21 November 2022) -,,Certification Practice Statement - Buypass Class 2 SSL Certificates v13.5, dated 10 May 2023 (effective date: 10 May 2023) -,,Certification Practice Statement - Buypass Class 3 SSL Certificates v14.4, dated 10 May 2023 (effective date: 10 May 2023) -,,Certification Practice Statement - Buypass ACME Certificates v5.4, dated 10 May 2023 (effective date: 10 May 2023) -,,Certification Practice Statement - Buypass Class 3 BCSS Person Certificates, v1.0 dated 25 September 2023 (effective date: 1 October 2023) (*) -,,Signature Policy and Practice Statement – BCSS Person Signing v1.0, dated 1 October 2023 (effective date: 1 October 2023) (*) Our annual certification audit was performed in October and November 2023. The result of the full audit is that we conclude, based on the objective evidence collected during the certification audit for the period from 1 November 2022 through 31 October 2023, the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in Buypass’ Statement of Applicability, dated November 23, 2023 and in the Overview of Applicability, dated November 22, 2022. A scope extension audit was performed in July and October 2023 for the issuing CA marked (*). The result of the point-in-time audit is that we concluded, based on the objective evidence collected during the scope extension audit, the areas assessed during the audit were generally found to be effective, as of 10 October 2023, based on the applicable requirements defined in Buypass’ Statement of Applicability and Overview of Applicability. Audit information Information on Mozilla Bug 1838421 "Buypass: Domain validation using not allowed domain contact” We assessed the follow-up of Mozilla Bug 1838421 and noted that Buypass has made progress, but has not yet completed the implementation of the corrective actions as mentioned in the bug. Information on Mozilla Bug 1839305 "Buypass: Domain validation using externally operated DNS tools" We assessed the follow-up of Mozilla Bug 1839305 and noted that Buypass has made progress, but has not yet completed the implementation of the corrective actions as mentioned in the bug. Audit criteria: -,,ETSI EN 319 401 v2.3.1 (2021-05) Electronic Signatures and Infrastructures (ESI) - General Policy Requirements for Trust Service Providers -,,ETSI EN 319 411-1 v1.3.1 (2021-05) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policies: NCP, NCP+, DVCP, OVCP, EVCP and PTC -,,CA/Browser Forum – Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v2.0.1 (17 August 2023) -,,CA/Browser Forum – Guidelines for the Issuance and Management of Extended Validation Certificates v.1.8.0 (30 November 2022) -,,CA/Browser Forum – Network and Certificate System Security Requirements v1.7 (5 April 2021) Audit Period of Time: 1 November 2022 – 31 October 2023 Audit performed: October and November 2023 Audit Point in Time, for issuing CA marked (*): 10 October 2023 Point in Time Audit performed, for issuing CA marked (*): July and October 2023 Information and Contact: BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
Original registration date Effective date Last revision date Expiry date
Original registration date 2012-02-27 Effective date 2024-02-27 Last revision date 2024-01-12 Expiry date 2026-02-26

Verified locations