Certificate Number: ETS 090
Scope: On the request of KPN B.V. (hereafter referred to as: KPN), the initial certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in KPN’s Statement of Applicability, dated 15 January 2025 and the Overview of Applicability, dated 8 January 2025.
The scope of the assessment comprised the following Trust Service Provider component services, provided to CertSign S.A.:
-,,Registration Service (partly);
-,,Revocation Management Service (partly);
-,,Dissemination Service (partly).
These TSP component services are being processed for:
-,,Issuance of public key certificates (non-qualified trust service), in accordance with the policy: OVCP.
The certificates are issued through its issuing certification authority, as specified below:
Root CA: certSIGN ROOT CA G2 (not in scope)
Issuing CA: CN = certSIGN Web CA
-,,O = CERTSIGN SA
-,,Serialnumber: 10034b8e66f50920f6c5
-,,Valid from February 6, 2017 to February 6, 2027
-,,SHA-256 fingerprint: F114469FB80778133A1F70E4D8338EDAB97DD42CEB8ECC01CAFB70D6B87DF11E
+,,Organization Validated Website Authentication Certificate (OV SSL)
The TSP component services are documented in the following Certification Practice Statement(s):
-,,Registration Authority Practices Statement certSIGN OV TLS certificates KPN B.V., 12 December 2024, version 2.1
-,,Certification Practice Statement certSIGN Web CA for OV SSL Certificates, v1.27, 26 November 2024
Our initial audit was performed in January 2025. The result of the certification audit is that we conclude, based on the objective evidence collected during the certification audit as of 1 January 2025 (point in time), the areas assessed for:
-,,Issuance of public key certificates (non-qualified trust service), in accordance with the policy: OVCP;
were generally found to be effective, based on the applicable requirements defined in KPN’s Statement of Applicability, dated 15 January 2025 and the Overview of Applicability, dated 8 January 2025.
Audit information:
Audit criteria:
-,,eIDAS Regulation 910/2014 (May 20, 2024) on electronic identification and trust services for electronic transactions in the internal market, Chapter III - Trust Services;
-,,ETSI EN 319 401 v2.3.1 (2021-05) General Policy Requirements for Trust Service Providers;
-,,ETSI EN 319 411-1 v1.4.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policy: OVCP;
-,,CA/Browser Forum - Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates v2.1.1 (18 November 2024) (for the requirements referred to from ETSI EN 319 411-1).
Audit Point in Time:
1 January 2025
Audit performed:
January 2025
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
