The DutchGrid medium-security Certification Authority will reject certificate applications that are not legitimate; in case a valid electronic mail address is supplied as part of the request, the DutchGrid medium-security Certification Authority may notify such applicant of this rejection. Obvious nonsense requests will be discarded without notification. Application requests that have not completed within 30 days may be discarded.
Applicants must generate their own key pair; the DutchGrid medium-security Certification Authority will never generate a key pair for an applicant. The DutchGrid medium-security Certification Authority does not accept secret key escrow responsibilities and will reject requests that contain a private key.
The minimum key length for all applications is at least 1024 bits. The validity period is at most 1 year.
Certificate application is by submitting a PEM-formatted certificate request by electronic mail to firstname.lastname@example.org, or by another on-line procedure provided by the DutchGrid medium-security Certification Authority. In case the requester is a natural person requesting his or her own certificate, the procedures detailed in section 3.1 apply. In case the entity is a machine or object, the certificate request may be signed by a valid certificate pertinent to the authorised administrator or responsible for the object or the machine. Otherwise, such administrator or responsible will be authenticated using the procedures detailed in section 3.1.
On initial application, and subsequently every 5 years, a hand-signed application form must be filled by the applicant. The RA, after validating the subscriber's identity and validating the data on the form, counter-signs the form. The applicant or the RA sends it - by means that constitute traceable legal evidence - to the CA. The CA will verify the correctness of the form, validate the proof of possession challenge, and check the link between the PEM-request submitted electronically and the paper-based identity validation trail.