Certification authority at Banka Slovenije

The Certification Authority at the Bank of Slovenia (CA) issues personal digital certificates for members of personnel and for representatives or employees of the companies and organizations that have a contract with the Bank of Slovenia to work for the Bank of Slovenia.

All digital certificates issued by the CA are stored on the cryptographic module of a smart card.

The CA infrastructure is composed of two hierarchically related CA servers ("Banka Slovenije Root CA" and subordinated "Banka Slovenije EntSub CA").

Digital certificates issued by the CA can be used for:

digital signature/signature verification
digital encryption/decryption
authentication

Address:
Banka Slovenije
Overitelj digitalnih potrdil
Slovenska cesta 35
1505 Ljubljana

Phone: +386 1 471 91 40
Fax: 01 2515 516
Email: [email protected]
Web: http://ca.bsi.si/pki

CA infrastructure

The CA infrastructure is composed of two hierarchically related CA servers as shown in the picture bellow.

The Highest in the hierarchy is "Banka Slovenije Root CA" that issues digital certificates to subordinate CAs.

Subordinated "Banka Slovenije Ent Sub CA" issues digital certificates to individuals.

Digital certificates used by the CA

Banka Slovenije Root CA (Click on link to transfer)

Field	Value
Version	V3
Serial Number	64 d6 57 2e d9 79 77 84 43 84 43 ec f3 42 f1 02
Subject Key identifier	69 c6 8b 92 01 7f ca 40 1c a4 9f c2 dc a4 85 91 27 23 dc 19
Issuer	CN = Banka Slovenije Root CA O = Banka Slovenije C = SI
Subject	CN = Banka Slovenije Root CA O = Banka Slovenije C = SI
Valid from	14. ‎june ‎2013 11:51:26 CET
Valid to	14. ‎june ‎2043 11:51:26 CET
Public Key	4096 bit
Signature algorithm	sha256RSA
Thumbprint:	79 7a 52 04 93 b3 e6 e9 f1 5c d5 a2 d5 15 e9 04 e1 70 4d 32

Banka Slovenije Ent Sub CA (Click on link to transfer)

Field	Value
Version	V3
Serial Number	14 fc 79 86 00 00 00 00 00 02
Subject Key identifier	6c 33 15 ad fb b6 1e 0d e8 bb 88 de ba fc 91 cc b1 8d 45 e3
Issuer	CN = Banka Slovenije Root CA O = Banka Slovenije C = SI
Subject	CN = Banka Slovenije Ent Sub CA O = Banka Slovenije C = SI
Valid from	14. ‎june ‎2013 13:08:20 CET
Valid to	14. ‎june ‎2028 13:18:20 CET
Public Key	4096 bit
Signature algorithm	sha256RSA
Thumbprint:	25 2a 22 bb c5 6e df 1f a0 ce 49 3a d1 ef dd e7 ce 47 80 d2

Certificate revocation lists (CRL)

Validity period and issuance frequency of the CRLs is as defined in the table below.

The CA server	CRL validity	CRL issuance frequency
Banka Slovenije Root CA	1 year	Every year
Banka Slovenije Ent SUB CA (complete register)	7 days	Every 4 days
Banka Slovenije Ent SUB CA (changes)	1 day	Every day

The new CRL is published before the old one expires. After each digital certificate, revocation of the new CRL is published within the validity period of the one already published. The maximum time allowed between the generation of the CRL and its publication in the repository is 60 minutes. CRL contains the following fields:

Version: V2
Signature: The CA signature
Issuer: Distinguished name
thisUpdate: Time of CRL issue
nextUpdate: Time of next CRL issue
revokedCertificate: Serial numbers of revoked certificates

The current register of revoked digital certificates is published at the following addresses:

Certificate Policy (CP)

The policy describes the technical characteristics and level of security of the certification authority's infrastructure and the procedures used by the certification authority to manage the infrastructure and manage the life cycle of issued digital certificates. The policy contains all essential provisions that affect the relationship between the certification authority, the holders of digital certificates issued by the certification authority and third parties relying on these certificates.

Version

Notes and change descriptions

Version 1

Pravilnik overitelja digitalnih potrdil na Banki Slovenije

• CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
• Valid from: 18.4.2025

According to the classification scheme of internal acts of the Bank of Slovenia, this act falls into the category of regulations. Due to the change in category, the regulations are marked with version 1 and replace the Digital Certificate Authority Policy at the Bank of Slovenia, version 3.

Important additions:
• Due to a comprehensive overhaul of the certification authority's infrastructure, the digital certificates with which the certification authority signs holders' digital certificates have been replaced.
• The electronic signature certification body issues a qualified digital certificate

Version 3

Certificate policy for digital certificates of Certification Authority at Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
• Valid from: 1.1.2024

Alignment of policy with new requirements for mutual recognition of digital certificate authorities in the European System of Central Banks.

Important additions:
• In addition to the public publication of the certification authority's policy (CP), the public publication of the certification authority's general operating procedures (CPS) is also required.
• Incorporating CPS OID into a digital certificate

Version 2

Certificate policy for digital certificates of Certification Authority at Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.2
• Valid from: 15.11.2023

Alignment of policy with new requirements for mutual recognition of digital certificate authorities in the European System of Central Banks.

Important additions:
• Supplementation of the identity verification procedure (now based on a unique national individual identifier) and the procedure for revoking digital certificates (now a certificate can be revoked 24 hours a day, 7 days a week)
• Incorporating CP OID into a digital certificate

Version 1

Certificate policy for digital certificates of Certification Authority at Bank of Slovenia

• CP OID: 1.3.6.1.4.1.27213.2.2.1.1.1.1
• Valid from: 6.9.2013

First version of the act.

Certificate Practices Statement (CPS)

The CPS defines procedures carried out by the CA to manage the lifecycle of digital certificates including application requests, issuances, expirations or revocations. This document also defines procedures performed by the CA to manage the corresponding infrastructure.

Version	Notes and change descriptions
Version 4 Certificate practices statement of the Certification Authority at the Bank of Slovenia • CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.3 • Valid from: 18.4.2025	Comprehensive overhaul of the certification authority's infrastructure and related procedures.
Version 3 Certificate practices statement of the Certification Authority at the Bank of Slovenia • CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.2 • Valid from: 1.1.2024	Public release of the document Important additions: • Exclusion of confidential information
Version 2 General procedures of the digital certificate authority at the Bank of Slovenia • CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.2 • Valid from: 15.11.2023	The document includes confidential information and is accessible only to the certification body's staff.
Version 1 General procedures of the digital certificate authority at the Bank of Slovenia • CP OID: 1.3.6.1.4.1.27213.2.2.1.2.1.1 • Valid from: 6.9.2013	The document includes confidential information and is accessible only to the certification body's staff.

Application forms

Notifications

4.10.2013 – Expected start of operation of the CA at Banka Slovenije

The CA will start issuing digital certificates on 15.10.2013