The DutchGrid medium-security Certification Authority will reject certificate applications that are not legitimate; in case a valid electronic mail address is supplied as part of the request, the DutchGrid medium-security Certification Authority may notify such applicant of this rejection. Obvious nonsense requests will be discarded without notification.
Applicants must generate their own key pair; the DutchGrid medium-security Certification Authority will never generate a key pair for an applicant. The DutchGrid medium-security Certification Authority does not accept secret key escrow responsibilities and will reject requests that contain a private key.
The minimum key length for all applications is at least 1024 bits. The maximum validity period for a certificate is related to the key length, such that keys with a length of 1024 bits are signed for a period of at most 1 year, and keys with a length of 2048 bits are signed for a period of at most 5 years. The default validity period is 1 year.
Certificate application is by submitting a PEM-formatted certificate request by electronic mail to ca@nikhef.nl, or by any other secure on-line procedure provided by the DutchGrid medium-security Certification Authority. In case the requester is a natural person requesting his or her own certificate, the procedures detailed in section 3.1 apply. In case the entity is a machine or object, the certificate request may be signed by a valid certificate pertinent to the authorised administrator or responsible for the object of machine. Otherwise, such administrator or responsible will be authenticated using the procedures detailed in section 3.1.