According to Article 17(5) of Regulation (EU) No 910/2014, Member States may require the supervisory body to establish, maintain and update a trust infrastructure in accordance with the conditions under national law.
A trust infrastructure, when identifying the compliance with the conditions under national law, is based on identification of certificates through OID identifiers of certificate policies, which are issued by the Authority (NSA).
A certificate is issued in accordance with national law and with the rules defined by Article 17(5) of Regulation (EU) No 910/2014 for a trusted infrastructure. A certificate issuer is the Authority (NSA) or a trust service of a trust service provider to which the qualified status was granted by the Authority (NSA).
Certificate Policy (CP) contains mandatory procedures and responsibilities of the National Security Authority for issuing and managing public key certificates (certificates) of the Root Certification Authority (KCA). CP also profiles the certificate policies used for issuing and revoking the maintenance certificates and qualified certificates of qualified trust service providers issuing qualified certificates (QCA), to which the qualified status was granted by the Authority (NSA) in accordance with the applicable legislation of the Slovak Republic.
A document of the Certificate Policy is published on the website of the NSA Root Certification Authority.
It is used for the identification of the service of “electronic time-stamp creation” provided over OCSP protocol of IETF RFC 6960 (Online Certificate Status Protocol) using Nonce extension, as defined in IETF RFC 6960. Nonce contains a hash of DER encoded digital signature (which is time-stamped) and the hash is stored in a DER encoded object of MessageImprint type that is defined in IETF RFC 3161 – Time-StampProtocol (TSP). The time is included in the field producedAt of OCSP response defined in IETF RFC 6960 with accuracy of 1 second as a minimum.