Certification authority at Banka Slovenije

The Certification Authority at the Bank of Slovenia (CA) issues personal digital certificates for members of personnel and for representatives or employees of the companies and organisations that have a contract with the Bank of Slovenia to work for the Bank of Slovenia.

All digital certificates issued by the CA are stored on the cryptographic module of a smard card.

The CA infrastructure is composed of two hierarchically related CA servers ( "Banka Slovenije Root CA" and subordinated "Banka Slovenije EntSub CA" ).

Digital certificates issued by the CA can be used for:

  • digital signature/signature verification
  • digital encryption/decryption
  • authentication

Address:
Banka Slovenije
Overitelj digitalnih potrdil
Slovenska c. 35
1505 Ljubljana

Phone: 01 4719 140
Fax: 01 2515 516
Email: [email protected]
Web: http://ca.bsi.si/pki 


Ca infrastructure

The CA infrastructure is composed of two hierarchically related CA servers as shown in the picture bellow.

The Highest in the hierarchy is "Banka Slovenije Root CA" that issues digital certificates to subordinate CAs.

Subordinated "Banka Slovenije Ent Sub CA" issues digital certificates to individuals.


Digital certificates used by the CA

Banka Slovenije Root CA (Click on link to transfer)
 

Field

Value

Version

V3

Serial Number

64 d6 57 2e d9 79 77 84 43 84 43 ec f3 42 f1 02

Subject Key identifier

69 c6 8b 92 01 7f ca 40 1c a4 9f c2 dc a4 85 91 27 23 dc 19

Issuer

CN = Banka Slovenije Root CA

O = Banka Slovenije

C = SI

Subject

CN = Banka Slovenije Root CA

O = Banka Slovenije

C = SI

Valid from

14. ‎junij ‎2013 11:51:26 CET

Valid to

14. ‎junij ‎2043 11:51:26 CET

Public Key

4096 bit

Signature algorithm

sha256RSA

Thumbprint:

79 7a 52 04 93 b3 e6 e9 f1 5c d5 a2 d5 15 e9 04 e1 70 4d 32

 

Banka Slovenije Ent Sub CA (Click on link to transfer)

Field

Value

Version

V3

Serial Number

14 fc 79 86 00 00 00 00 00 02

Subject Key identifier

6c 33 15 ad fb b6 1e 0d e8 bb 88 de ba fc 91 cc b1 8d 45 e3

Issuer

CN = Banka Slovenije Root CA

O = Banka Slovenije

C = SI

Subject

CN = Banka Slovenije Ent Sub CA

O = Banka Slovenije

C = SI

Valid from

14. ‎junij ‎2013 13:08:20 CET

Valid to

14. ‎junij ‎2028 13:18:20 CET

Public Key

4096 bit

Signature algorithm

sha256RSA

Thumbprint:

25 2a 22 bb c5 6e df 1f a0 ce 49 3a d1 ef dd e7 ce 47 80 d2


Certificate revocation lists (CRL) 

Validity period and issuance frequency of the CRLs is as defined in the table below.

The CA server

CRL validity  

 CRL issuance frequency

Banka Slovenije Root CA

 1 year

 Every year

Banka Slovenije Ent SUB CA (complete register)

 7 days

 Every 4 days

Banka Slovenije Ent SUB CA (changes)

 1 day

 Every day


The new CRL is published before the old one expires. After each digital certificate, revocation of the new CRL is published within the validity period of the one already published. The maximum time allowed between the generation of the CRL and its publication in the repository is 60 minutes. CRL contains the following fields:

  • Version: V2
  • Signature: The CA signature
  • Issuer: Distinguished name
  • thisUpdate: Time of CRL issue
  • nextUpdate: Time of next CRL issue
  • revokedCertificate: Serial numbers of revoked certificates

Valid CRL is the most recent version published on the following addresses:


Certificate policy (CP)

The CP defines technical characteristics and level of security for the CA infrastructure and procedures used at Banka Slovenije for managing this infrastructure and the lifecycle of issued digital certificates. It contains essential provisions influencing the relationship between the CA, digital certificate holders and third parties relying on these certificates.

Version 3.0

Certificate policy for digital certificates for individuals

  • CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
  • Valid from: 1.1.2024

Version 2.0

Certificate policy for digital certificates for individuals

  • CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
  • Valid from: 15. 11. 2023

Version 1.0

Certificate policy for digital certificates for individuals

  • CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.1
  • Valid from: 6. 9. 2013


Certificate Practices Statement (CPS)

The CPS defines the procedures carried out by the CA to manage the lifecycle of digital certificates including application requests, issuances, expirations or revocations. This document also defines the procedures performed by the CA to manage the corresponding infrastructure.

Version 3.0

Certificate practices statement of the Certification Authority at the Bank of Slovenia

  • CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.2
  • Valid from: 1.1.2024


Application forms

Statement of acceptance of the terms and conditions for the use of digital certificates


Notifications

04/10/2013 – Expected start of operation of the CA at Banka Slovenije

The CA will start issuing digital certificates on 15. 10. 2013

Related