A Registration Authority shall validate requests for certification. The authentication of the identity of the subject shall be in accordance with chapter 3 of this CP/CPS. An RA shall validate the connection between the public key contained in the request and the identity of the requester.
An RA shall verify to a reasonable extent that the private key pertaining to the certification request is in the possession of the requesting entity. This verification may be out-of-band and may rely on non-technical means.
An RA shall confirm any such validation versus the CA via a reliable and trusted mechanism. This may be either via personal contact between the RA and the CA (by phone or in person), or via cryptographically non-repudiatable and integrity protected electronic means.
Entities that act as RA for the DutchGrid medium-security Certification Authority have no notification obligations when certificates are issued, revoked or suspended.