Lists of revoked certificates
In accordance with the provisions of the Certification Practices Statement of ANF AC, trusted third parties that receive electronic signatures generated with certificates issued by ANF AC are required to verify the validity status of the certificate used.
The expiration of the validity of an electronic certificate takes effect from the moment the Certification Authority indicates it in its General Register.
The revocation of a certificate is definitive: it means the loss of its effectiveness and prevents the user from using it legitimately. This process has immediate effects and prevents the renewal of the certificate and the operation of the approved signature creation device.
The capacity to revoke end-entity certificates is held by: the certificate holder himself, his legal representative, the Registration Authority that processed the certificate, the Issuing Authority or a Judicial Authority.
ARL – ANF Global Root CA
valid until 06/05/2033
- CN: ANF Global Root CA
- Serial number: 01 3f 2f 31 77 e6
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 26 ca ff 09 a7 af ba e9 68 10 cf ff 82 1a 94 32 6d 28 45 aa
- Valid from June 10, 2013 to June 5, 2033
valid until 02/29/2024
- CN: ANF Assured ID CA1
- Serial number: 06 40 0c a5 29 ce 79 80
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: ab da 03 79 f0 2e ba e8 2e fb 93 41 f2 ad d6 c0 14 9b 58 14
- Valid from March 3, 2014 to February 29, 2024
valid until 02/29/2024
- CN: ANF High Assurance AP CA1
- Serial number: 0a aa dc 2e eb a2 92 00
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 68 d1 5d a0 1c 93 dc 54 2a 3c 7b 6d c0 19 35 68 78 bd 31 61
- Valid from March 3, 2014 to February 29, 2024
valid until 02/29/2024
- CN: ANF High Assurance EV CA1
- Serial number: 0b e6 86 56 59 db bc 00
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: ce e5 c6 6f 66 21 7b 2f ec ba e4 04 87 66 3a 5b 5a 0c 2a 49
- Valid from March 3, 2014 to February 29, 2024
valid until 05/15/2036
- CN: ANF Global Root CA
- Serial number: 01 64 95 ee 61 8a 07 50
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: fc 98 43 cc 99 22 61 50 01 a1 73 74 ce 8a 3d 79 58 0f ea 51
- Valid from May 20, 2016 to May 15, 2036
valid until 05/18/2026
- CN: ANF Assured ID CA1
- Serial number: 07 71 c1 14 00 1a e5 00
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: cb df 3e 06 86 f1 b1 c1 f8 83 49 41 69 ef ed 52 f6 94 14 b9
- Valid from May 20, 2016 to May 18, 2026
valid until 05/18/2026
- CN: ANF High Assurance AP CA1
- Serial number: 0c 68 fc 7d c4 8d 83 80
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 1e 8f 04 25 22 80 bb 73 f4 51 ec 45 8d 87 b5 b8 0e a6 e1 a1
- Valid from May 20, 2016 to May 18, 2026
valid until 05/18/2026
- CN: ANF High Assurance EV CA1
- Serial number: 06 5d 66 65 46 a4 59 00
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 67 93 9b 3c a7 7e 5f 6f de c0 7e c9 63 71 a8 7c 77 19 79 62
- Valid from May 20, 2016 to May 18, 2026
valid until 01/10/2039
- CN: ANF Secure Server Root CA
- Serial number: 0dd3c0747671c7f4
- Public Key: RSA (4096 bits)
- Signature Algorithm: Sha256RSA
- Digital Fingerprint: 0eff0535e0d82bf718a6c40e67eeb5caca0525d8
- Valid from January 15, 2019 until January 10, 2039
vigente hasta el 07/11/2030
- CN: ANF Secure Server CA
- Número de serie: 203079930ae06e7640bF556b
- Clave Pública: RSA (4096 bits)
- Algoritmo de firma: Sha256RSA
- Huella digital: 3FB48D045FB6A19C147149FC10664D89E117AD22
- Válido desde el 9 de noviembre de 2020 hasta el 7 de noviembre de 2030.
LEGAL FRAMEWORK
“Art. 8.3 The expiration of the validity of an electronic certificate shall be effective against third parties, in cases of expiration of its validity period, from the moment this circumstance occurs and, in other cases, from the moment that the indication of such termination is included in the query service on the validity of the certificates of the certification service provider.”
The Certification Authority Revocation Lists (ARLs)
The Certification Authorities Revocation Lists (ARLs) contain the serial numbers of those certificates of Intermediate Certification Authorities that have been revoked before the expiration of their term of validity. For each certificate, date, time and cause of revocation are specified..
Certificate Revocation Lists (CRL)
lists the serial numbers of those end-entity electronic certificates that have been revoked before the expiration of their validity period. For each certificate, date, time and cause of revocation are specified..
Root Certification Authorities certificates
that have been revoked before the expiration of their term, will be published on the ANF AC corporate website. During the provision of ANF AC certification services, no Root CA certificate has been revoked.
- Signatures generated with revoked or expired certificates have no legal validity.
- In accordance with the provisions of the ANF AC Certification Practices Statement, recipients of electronic signatures are required to verify the validity status of the certificate used before relying on them.
- Revoked certificates can be withdrawn from a CRL after three months from its expiration. However, ANF AC maintains a permanent and publicly accessible history of all issued CRLs.
- In the "Next Update" field, it is noted that the reference standard RFC-3280 v.1 does not establish as mandatory the mentioned value, but version 2 does require it. In order to ensure interoperability with other PKI systems, it has been included.
- The date shown in this field indicates only the date by which a new CRL will be published. In no case does it imply that a new update will not be published before that time.
- It is expressly prohibited to use the validation services of ANF AC to provide validation services to third parties. The Validation Policy establishes the penalties for non-compliance.
- The download of a CRL does not accredit the verification obligation of an electronic signature received. Neither does it allow to determine the moment in which it was downloaded, nor when the consultation was carried out.
LIABILITY OF SUBSCRIBERS
The possible loss, theft of the device or simple fear that the signature activation PIN is at risk, obliges its responsible to notify this fact to ANF AC, in order to revoke the certificate it contains. These facts, among others, constitute causes for termination of the certificate, in accordance with the provisions of articles 8 (b and c) and 9 of the LFE. The person in charge of the device is obliged to ensure proper custody and maintain the privacy of the keys, the risk of misuse of the certificate is assumed by the holder of the signature, as he/she is the one who has control over its use. The lack of notification of a risk situation of the certificate, or change of the information recorded in it, presupposes on the part of its holder a serious negligence in the fulfillment of its obligations of conservation of its signature creation data, in the assurance of its confidentiality and in the protection of any access or disclosure (art. 23.1.c LFE). This provision is related to the express evidence in the Certificate, that the subscriber has control over the signature creation data (art. 11.2.f LFE); of the verification of its possession by ANF AC, prior to the issuance of the certificate (art. 12.c LFE). The exception made by the certification service provider could only be rejected if the fact of the loss, theft or misuse of the Certificate was made known to it and it failed or was delayed in noting the contingency in the Consultation Service on the validity of the certificates (art. 22.3, in relation to 10.2 LFE).
