BSI certificate profile

BSI certificate profile

Red Overlay
BSI certificate profile
BSI certificate profile
Red Overlay
Enter Company name or certificate number. Results limited to 50 records.

ETSI EN 319 411-1

Buypass AS
Gullhaug Torg 2D
0484 Oslo
0402 Oslo
P.O. Box 4364
Norway


Certificate number ETS 018
Scope On the request of Buypass AS (hereafter referred to as: Buypass), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands). The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in Buypass’ Statement of Applicability, dated November 25, 2024 and in the Overview of Applicability, dated November, 2024. The scope of the assessment comprised the following Trust Service Provider component services: -,,Registration Service -,,Certificate Generation Service -,,Dissemination Service -,,Revocation Management Service -,,Revocation Status Service -,,Subject Device Provision Service For the issuing CA marked (*): This includes operating a remote QSCD / SCDev, where electronic signature creation data is generated and managed on behalf of the signatory. These TSP component services are being provided for the trust services: -,,Issuance of public key certificates (non-qualified trust service), in accordance with the policies: NCP, NCP+, DVCP, OVCP, EVCP and PTC The certificates are issued through its issuing certification authorities, as specified below: Root CA: Buypass Class 2 Root CA Sha256 Fingerprint: 9A114025197C5BB95D94E63D55CD43790847B646B23CDF11ADA4A00EFF15FB48 -,,Issuing CA: Buypass Class 2 CA 2 Sha256 Fingerprint: 54A89ECB989A1DCCF4013639F38974A0BC0742C2993DFB6BD0CBF1F462964501 +,,Buypass SSL Domain Certificates (OID 2.16.578.1.26.1.2.4), in accordance with policies PTC, DVCP; +,,Buypass SSL Business Certificates (OID 2.16.578.1.26.1.2.3), in accordance with policies PTC, OVCP; -,,Issuing CA: Buypass Class 2 CA 5 Sha256 Fingerprint: 3062918D9DD617925271BC7F8080B8A6A5D2185BBD880F7862FD4C043B194191 +,,Buypass Go SSL Certificates (OID 2.16.578.1.26.1.2.7), in accordance with policies PTC, DVCP; Root CA: Buypass Class 3 Root CA Sha256 Fingerprint: EDF7EBBCA27A2A384D387B7D4010C666E2EDB4843E4C29B4AE1D5B9332E6B24D -,,Issuing CA: Buypass Class 3 CA 2 Sha256 Fingerprint: DAA0435407FA44C28AB939E6823813605779093873A96649AD6E03B05D28626C +,,Buypass SSL Business Plus Certificates (OID 2.16.578.1.26.1.3.4), in accordance with policies PTC, OVCP; +,,Buypass SSL Evident Certificates (OID 2.16.578.1.26.1.3.3), in accordance with policies PTC, EVCP -,,Issuing CA: Buypass Class 3 CA 3 Sha256 Fingerprint: C49C350E5A8205E063E74C554A994335B8435C996527D4EF1A2B0C7B51584B2D +,,Buypass Enterprise Class 3 Certificates (OID 2.16.578.1.26.1.3.2 soft token), in accordance with policy NCP; +,,Buypass Enterprise Class 3 Certificates (OID 2.16.578.1.26.1.3.5 hard token), in accordance with policy NCP+; Root CA: Buypass Class 3 Root CA G2 ST Sha256 Fingerprint: F8C16C6B4FD45CB0672E16582B8805F1CAFD0C48D866F4ED895B30E352A9FAA6 -,,Issuing CA: Buypass Class 3 CA G2 ST Business Sha256 Fingerprint: 45E05831CDDAC1F2B96DC8CA54620834C87649E9FFD3B26D7DAD2AD07F807232 +,,Buypass Enterprise Class 3 Certificates (OID 2.16.578.1.26.1.3.2 soft token), in accordance with policy NCP; Root CA: Buypass Class 3 Root CA G2 HT Sha256 Fingerprint: AB936DFD7F171D3A3CBD08F9BEBDC3F3BAAABAA79DF6A908F8A7B0128627F187 -,,Issuing CA: Buypass Class 3 CA G2 HT Business Sha256 Fingerprint: 0EF5CEDCE44265B112785B359A21141E20F553AADA4C579404617B5CA6046BE9 +,,Buypass Enterprise Class 3 Certificates (OID 2.16.578.1.26.1.3.5 hard token), in accordance with policy NCP+; -,,Issuing CA (*): Buypass Class 3 CA G2 HT Person BCSS Sha256 Fingerprint: 5C7132D1BBA73050F70EBA7B72D141BFFA2EE420AE2F690C37C42C979CB5A286 +,,Buypass BCSS Class 3 Certificates (OID 2.16.578.1.26.1.3.8 HSM), in accordance with policy NCP+; The Certification Authority processes and services are documented in the following documents: -,,Certification Practice Statement - Buypass Class 3 Person Qualified Certificates v6.0, dated 16 November 2020 (effective date: 1 December 2020) -,,Certification Practice Statement - Buypass Class 3 BCSS Person Certificates, v1.1, dated 13 December 2023 (effective date: 15 February 2024) -,,Signature Policy and Practice Statement – BCCS Person Signing v1.0, dated 25.09.2023 (effective date: 01.10.2023) -,,Certification Practice Statement - Buypass Class 3 Enterprise Certificates, v7.1, dated 2 November 2022 (effective date: 21 November 2022) -,,Certification Practice Statement - Buypass Class 2 SSL Certificates v13.6, dated 26 January 2024 (effective date: 26 January 2024) -,,Certification Practice Statement - Buypass Class 3 SSL Certificates v14.5, dated 26 January 2024 (effective date: 26 January 2024) -,,Certification Practice Statement - Buypass ACME Certificates v5.5, dated 26 January 2024 (effective date: 26 January 2024) Our annual certification audit was performed in September, October and November 2024. The result of the full audit is that we conclude, based on the objective evidence collected during the certification audit for the period from 1 November 2023 through 31 October 2024, the areas assessed during the audit were generally found to be effective, based on the applicable requirements defined in Buypass’ Statement of Applicability, dated November 25, 2024 and in the Overview of Applicability, dated November, 2024. Audit information Information on Mozilla Bug 1838421 "Buypass: Domain validation using not allowed domain contact” We assessed the follow-up of Mozilla Bug 1838421 and noted that Buypass has implemented adequate corrective actions and the bug has been closed on March, 20 2024. Information on Mozilla Bug 1839305 "Buypass: Domain validation using externally operated DNS tools" We assessed the follow-up of Mozilla Bug 1839305 and noted that Buypass has implemented adequate corrective actions and the bug has been closed on March, 20 2024. Information on Mozilla Bug 1864204 "Buypass: TLS certificates with incorrect Subject attribute order" We assessed the follow-up of Mozilla Bug 1864204 and noted that Buypass has implemented adequate corrective actions and the bug has been closed on May, 10 2024. Information on Mozilla Bug 1865368 "Buypass: TLS certificates not revoked within 5 days" We assessed the follow-up of Mozilla Bug 1865368 and noted that Buypass has implemented adequate corrective actions and the bug has been closed on April, 5 2024. Information on Mozilla Bug 1872371" Buypass: Using Using an external DNS resolver for DNS lookups" We assessed the follow-up of Mozilla Bug 1872371 and noted that Buypass has implemented adequate corrective actions and the bug has been closed on August, 7 2024. Information on Mozilla Bug 1872738 "Buypass: Delayed revocation of TLS Certificates" We assessed the follow-up of Mozilla Bug 1872738 and noted that Buypass has implemented adequate corrective actions as per September 2024. The bug has not yet been closed by Mozilla. Audit criteria: -,,ETSI EN 319 401 v2.3.1 (2021-05) Electronic Signatures and Infrastructures (ESI) - General Policy Requirements for Trust Service Providers -,,ETSI EN 319 411-1 v1.4.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policies: NCP, NCP+, DVCP, OVCP, EVCP and PTC -,,CA/Browser Forum – Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates v2.0.7 (6 September 2024) -,,CA/Browser Forum – Guidelines for the Issuance and Management of Extended Validation Certificates v2.0.1 (6 May 2024) -,,CA/Browser Forum – Network and Certificate System Security Requirements v1.7 (5 April 2021) Audit Period of Time: 1 November 2023 – 31 October 2024 Audit performed: September, October and November 2024 Information and Contact: BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
Original registration date Effective date Last revision date Expiry date
Original registration date 2012-02-27 Effective date 2024-02-27 Last revision date 2024-12-23 Expiry date 2026-02-26

Verified locations