/ /
Certification authority at Banka Slovenije
Background

Certification authority at Banka Slovenije

The Certification Authority at the Bank of Slovenia (CA) issues personal digital certificates for members of personnel and for representatives or employees of the companies and organizations that have a contract with the Bank of Slovenia to work for the Bank of Slovenia.

All digital certificates issued by the CA are stored on the cryptographic module of a smart card.

The CA infrastructure is composed of two hierarchically related CA servers ("Banka Slovenije Root CA" and subordinated "Banka Slovenije EntSub CA").

Digital certificates issued by the CA can be used for:

  • digital signature/signature verification

  • digital encryption/decryption

  • authentication

Address:
Banka Slovenije
Overitelj digitalnih potrdil
Slovenska cesta 35
1505 Ljubljana

Phone: +386 1 471 91 40
Fax: 01 2515 516
Email: [email protected]
Web: http://ca.bsi.si/pki 

CA infrastructure

The CA infrastructure is composed of two hierarchically related CA servers as shown in the picture bellow.

The Highest in the hierarchy is "Banka Slovenije Root CA" that issues digital certificates to subordinate CAs.

Subordinated "Banka Slovenije Ent Sub CA" issues digital certificates to individuals.

Digital certificates used by the CA

Banka Slovenije Root CA (Click on link to transfer)

Field

Value

Version

V3

Serial Number

64 d6 57 2e d9 79 77 84 43 84 43 ec f3 42 f1 02

Subject Key identifier

69 c6 8b 92 01 7f ca 40 1c a4 9f c2 dc a4 85 91 27 23 dc 19

Issuer

CN = Banka Slovenije Root CA
O = Banka Slovenije
C = SI

Subject

CN = Banka Slovenije Root CA
O = Banka Slovenije
C = SI

Valid from

14. ‎june ‎2013 11:51:26 CET

Valid to

14. ‎june ‎2043 11:51:26 CET

Public Key

4096 bit

Signature algorithm

sha256RSA

Thumbprint:

79 7a 52 04 93 b3 e6 e9 f1 5c d5 a2 d5 15 e9 04 e1 70 4d 32

 

Banka Slovenije Ent Sub CA (Click on link to transfer)  

Field

Value

Version

V3

Serial Number

14 fc 79 86 00 00 00 00 00 02

Subject Key identifier

6c 33 15 ad fb b6 1e 0d e8 bb 88 de ba fc 91 cc b1 8d 45 e3

Issuer

CN = Banka Slovenije Root CA
O = Banka Slovenije
C = SI

Subject

CN = Banka Slovenije Ent Sub CA
O = Banka Slovenije
C = SI

Valid from

14. ‎june ‎2013 13:08:20 CET

Valid to

14. ‎june ‎2028 13:18:20 CET

Public Key

4096 bit

Signature algorithm

sha256RSA

Thumbprint:

25 2a 22 bb c5 6e df 1f a0 ce 49 3a d1 ef dd e7 ce 47 80 d2


Certificate revocation lists (CRL) 

Validity period and issuance frequency of the CRLs is as defined in the table below.

The CA server

CRL validity

CRL issuance frequency

Banka Slovenije Root CA

1 year

Every year

Banka Slovenije Ent SUB CA (complete register)

7 days

Every 4 days

Banka Slovenije Ent SUB CA (changes)

1 day

Every day


The new CRL is published before the old one expires. After each digital certificate, revocation of the new CRL is published within the validity period of the one already published. The maximum time allowed between the generation of the CRL and its publication in the repository is 60 minutes. CRL contains the following fields:

  • Version: V2

  • Signature: The CA signature

  • Issuer: Distinguished name

  • thisUpdate: Time of CRL issue

  • nextUpdate: Time of next CRL issue

  • revokedCertificate: Serial numbers of revoked certificates

The current register of revoked digital certificates is published at the following addresses:


Certificate Policy (CP)

The policy describes the technical characteristics and level of security of the certification authority's infrastructure and the procedures used by the certification authority to manage the infrastructure and manage the life cycle of issued digital certificates. The policy contains all essential provisions that affect the relationship between the certification authority, the holders of digital certificates issued by the certification authority and third parties relying on these certificates.

Version

Notes and change descriptions

Version 1

Pravilnik overitelja digitalnih potrdil na Banki Slovenije

• CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
• Valid from: 18.4.2025

According to the classification scheme of internal acts of the Bank of Slovenia, this act falls into the category of regulations. Due to the change in category, the regulations are marked with version 1 and replace the Digital Certificate Authority Policy at the Bank of Slovenia, version 3.

Important additions:
• Due to a comprehensive overhaul of the certification authority's infrastructure, the digital certificates with which the certification authority signs holders' digital certificates have been replaced.
• The electronic signature certification body issues a qualified digital certificate

Version 3

Certificate policy for digital certificates of Certification Authority at Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
• Valid from: 1.1.2024

Alignment of policy with new requirements for mutual recognition of digital certificate authorities in the European System of Central Banks.

Important additions:
• In addition to the public publication of the certification authority's policy (CP), the public publication of the certification authority's general operating procedures (CPS) is also required.
• Incorporating CPS OID into a digital certificate

Version 2

Certificate policy for digital certificates of Certification Authority at Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
• Valid from: 15.11.2023

Alignment of policy with new requirements for mutual recognition of digital certificate authorities in the European System of Central Banks.

Important additions:
• Supplementation of the identity verification procedure (now based on a unique national individual identifier) ​​and the procedure for revoking digital certificates (now a certificate can be revoked 24 hours a day, 7 days a week)
• Incorporating CP OID into a digital certificate

Version 1

Certificate policy for digital certificates of Certification Authority at Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.1
• Valid from: 6.9.2013

First version of the act.

Certificate Practices Statement (CPS) 

The CPS defines procedures carried out by the CA to manage the lifecycle of digital certificates including application requests, issuances, expirations or revocations. This document also defines procedures performed by the CA to manage the corresponding infrastructure.

Version

Notes and change descriptions

Version 4

Certificate practices statement of the Certification Authority at the Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.3
• Valid from: 18.4.2025

Comprehensive overhaul of the certification authority's infrastructure and related procedures.

Version 3

Certificate practices statement of the Certification Authority at the Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.2
• Valid from: 1.1.2024

Public release of the document

Important additions:
• Exclusion of confidential information

Version 2

General procedures of the digital certificate authority at the Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.2
• Valid from: 15.11.2023

The document includes confidential information and is accessible only to the certification body's staff.

Version 1

General procedures of the digital certificate authority at the Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.1
• Valid from: 6.9.2013

The document includes confidential information and is accessible only to the certification body's staff.

Application forms

Notifications

4.10.2013 – Expected start of operation of the CA at Banka Slovenije

The CA will start issuing digital certificates on 15.10.2013