CRLs & ARLs

Lists of revoked certificates

 

In accordance with the provisions of the Certification Practices Statement of ANF AC, trusted third parties that receive electronic signatures generated with certificates issued by ANF AC are required to verify the validity status of the certificate used.

The expiration of the validity of an electronic certificate takes effect from the moment the Certification Authority indicates it in its General Register.

 

 

The revocation of a certificate is definitive: it means the loss of its effectiveness and prevents the user from using it legitimately. This process has immediate effects and prevents the renewal of the certificate and the operation of the approved signature creation device.

The capacity to revoke end-entity certificates is held by: the certificate holder himself, his legal representative, the Registration Authority that processed the certificate, the Issuing Authority or a Judicial Authority.

 


Check our Root, Intermediate and CRLs certificates here

LEGAL FRAMEWORK

“Art. 8.3 The expiration of the validity of an electronic certificate shall be effective against third parties, in cases of expiration of its validity period, from the moment this circumstance occurs and, in other cases, from the moment that the indication of such termination is included in the query service on the validity of the certificates of the certification service provider.”
  • Signatures generated with revoked or expired certificates have no legal validity.
  • In accordance with the provisions of the ANF AC Certification Practices Statement, recipients of electronic signatures are required to verify the validity status of the certificate used before relying on them.
  • Revoked certificates can be withdrawn from a CRL after three months from its expiration. However, ANF AC maintains a permanent and publicly accessible history of all issued CRLs.
  • In the "Next Update" field, it is noted that the reference standard RFC-3280 v.1 does not establish as mandatory the mentioned value, but version 2 does require it. In order to ensure interoperability with other PKI systems, it has been included.
  • The date shown in this field indicates only the date by which a new CRL will be published. In no case does it imply that a new update will not be published before that time.
  • It is expressly prohibited to use the validation services of ANF AC to provide validation services to third parties. The Validation Policy establishes the penalties for non-compliance.
  • The download of a CRL does not accredit the verification obligation of an electronic signature received. Neither does it allow to determine the moment in which it was downloaded, nor when the consultation was carried out.

LIABILITY OF SUBSCRIBERS

The possible loss, theft of the device or simple fear that the signature activation PIN is at risk, obliges its responsible to notify this fact to ANF AC, in order to revoke the certificate it contains. These facts, among others, constitute causes for termination of the certificate, in accordance with the provisions of articles 8 (b and c) and 9 of the LFE. The person in charge of the device is obliged to ensure proper custody and maintain the privacy of the keys, the risk of misuse of the certificate is assumed by the holder of the signature, as he/she is the one who has control over its use. The lack of notification of a risk situation of the certificate, or change of the information recorded in it, presupposes on the part of its holder a serious negligence in the fulfillment of its obligations of conservation of its signature creation data, in the assurance of its confidentiality and in the protection of any access or disclosure (art. 23.1.c LFE). This provision is related to the express evidence in the Certificate, that the subscriber has control over the signature creation data (art. 11.2.f LFE); of the verification of its possession by ANF AC, prior to the issuance of the certificate (art. 12.c LFE). The exception made by the certification service provider could only be rejected if the fact of the loss, theft or misuse of the Certificate was made known to it and it failed or was delayed in noting the contingency in the Consultation Service on the validity of the certificates (art. 22.3, in relation to 10.2 LFE).