ROADMAP TO CROSS-CERTIFICATION
Cross-certification of an enterprise PKI to federated trust is known as CertiPath Premium Service. Cross-certification involves issuing a cross-certificate to and from the CertiPath Bridge CA to establish bi-directional trust. To initiate the activity required to achieve cross-certification with CertiPath, the applying organization must submit an Application for Cross-certification. This application must be submitted along with the following documentation for CertiPath Policy Management Authority approval:
- Certificate Policy for the Principal CA that will be cross-certified to federated trust
- Key Recovery Practices Statement that demonstrates compliance with the CertiPath Key Recovery Policy (as appropriate)
- Architectural diagram detailing the components of the applicant’s PKI.
Additional documentation must be submitted prior to completion of the mapping activity:
- Third Party Auditor CPS Compliance Analysis letter asserting that the Principal CA’s Certification Practices Statement (CPS) implements the Certificate Policy (CP)
- Third Party Auditor Operational Compliance Analysis letter asserting that the Principal CA’s operations meet the requirements set forth in the associated CP/CPS.
- Certificate Artifacts for Interoperability Testing
Upon successful completion of the document review and the interoperability testing, the results are submitted to the CertiPath Policy Management Authority for final review and approval to cross-certify. For more information or to initiate the cross-certification process, please contact CertiPath.
