Certificate Revocation List (CRLS-ARLS)
Pursuant to ANF AC's Certification Practices Statement, trusted third parties that receive electronic signatures generated with certificates issued by ANF AC are required to verify the validity status of the certificate used.
The expiration of an electronic certificate takes effect from the moment the Certification Authority records it in its General Registry.
Certificate revocation is final:
The revocation of a certificate is final:
This results in the loss of validity and prevents the user from any legitimate use. The process takes immediate effect, making it impossible to renew the certificate and disabling the approved signature creation device.
The authority to revoke end-entity certificates is granted to:
The certificate holder, their legal representative, the Registration Authority that processed the certificate, the Issuing Opinion Manager or a Judicial Authority
.
Check out our Root, Intermediate, and CRL certificates here.
Historical
Check the history of issued CRL lists
Law 59/2003, of December 19, on Electronic Signatures
Art. 8.3: “The expiration of the validity of an electronic certificate will take effect with respect to third parties, in the event of expiration of its validity period, from the moment this circumstance occurs and, in other cases, from the moment the notice of such expiration is included in the certification service provider’s certificate validity query service.”
Certification Authority Revocation Lists (ARLs)
These list the serial numbers of Intermediate Certification Authority certificates that have been revoked before their expiration date. For each certificate, the date, time, and reason for revocation are specified
Certificate Revocation Lists (CRLs)
These list the serial numbers of end-entity electronic certificates that have been revoked before their expiration date. For each certificate, the date, time, and reason for revocation are specified.
Root Certification Authority Certificates
Any Root CA certificate revoked before its expiration date will be published on ANF AC’s corporate website. To date, during the provision of ANF AC certification services, no Root CA certificates have been revoked.
Signatures generated with revoked or expired certificates are not legally valid. In accordance with the ANF AC Certification Practices Statement, recipients of electronic signatures are required to verify the validity of the certificate used before relying on them. Revoked certificates may be removed from a CRL three months after their expiration. However, ANF AC maintains a permanent, publicly accessible record of all issued CRLs.
In the “Next Update” field, it is noted that reference standard RFC-3280 v.1 does not establish this value as mandatory, but version 2 does. To ensure interoperability with other PKI systems, this value has been included. The date shown in this field indicates only the deadline for publishing a new CRL. Under no circumstances does it imply that an update will not be published before that date.
It is expressly prohibited to use ANF AC’s validation services to provide validation services to third parties. The Validation Policy establishes penalties for non-compliance. Downloading a CRL does not certify an obligation to verify a received electronic signature. Nor does it determine the time it was downloaded or when the query was performed.
Responsibility of subscribers
The possible loss or theft of the device, or even the mere suspicion that the signature activation PIN may be at risk, requires the person responsible to notify ANF AC of this fact in order to revoke the certificate it contains. These circumstances, among others, constitute grounds for the termination of the certificate, in accordance with the provisions of Articles 8 (b and c) and 9 of the LFE.
The person responsible for the device is obliged to ensure its proper custody and to maintain the confidentiality of the keys; the risk of misuse of the certificate is assumed by the holder of the signature, as they are the one in control of its use. Failure to notify a risk situation concerning the certificate, or a change in the information recorded therein, constitutes serious negligence on the part of the holder in fulfilling their obligations to preserve their signature creation data, ensure its confidentiality, and protect it from any access or disclosure (Art. 23.1.c LFE).
This provision is related to the express statement in the Certificate that the subscriber has control over the signature creation data (Art. 11.2.f LFE), as well as to ANF AC’s verification of its possession prior to the issuance of the certificate (Art. 12.c LFE). The exception raised by the certification service provider may only be dismissed if the loss, theft, or misuse of the Certificate had been duly reported to the provider and the provider failed to comply with, or unduly delayed, recording the contingency in the certificate validity consultation service (Art. 22.3, in relation to 10.2 LFE).