The CP/CPS
Here you can find the Certificate Guideline (CP) and the Declaration on the Certificate Operation (CPS) of Commerzbank Inhouse CA. Information on the QuoVadis Trust Center is not filed here and should be obtained directly from QuoVadis.
General Information about CP/CPS
The term “Certificate Policy” (CP) is defined in the X.509 standard and means the whole set of rules and specifications, which define the applicability of a certificate type. The aim of a Certificate Policy is discussed in detail in RFC 3647 („Certificate Policy and Certification Practices Framework“). The CP helps the certificate user in deciding if a certain certificate or application can be trusted.
A CP should explain:- Important technical and organizational requirements that have to be fulfilled by systems and processes when issuing certificates.
- Which prerequisites apply when using certificates and dealing with the corresponding keys and signature creation units (e.g. Smart Cards).
- Which meaning the certificates and the related applications have, e.g. which importance, evidentiary value, and legal pertinence the cipher text and signatures have that have been created using the certificates.
The concept of a “Certification Practice Statement (CPS)” was developed by the American Bar Association (ABA) and is quoted in their Digital Signature Guidelines (ABA Guidelines). The CPS is a detailed description of the certification operations of the organization. For this reason, organizations running one or more certification authorities, usually also provide a cps. As part of a company-wide PKI, the CPS is an adequate means for organizations to protect themselves, as well as to illustrate commercial transactions with certificate owners and trusting parties.