The National Certification Centre

News

News 2011

Announcement of 17 November 2011

Please be advised that on 26 November 2011 the website of the National Certification Centre www.nccert.pl will have its layout changed. The introduced alterations will not affect the content of the site or its address and localisation of resources such as ARL lists or the TSL list.

Below please find enclosed examples of screen shots presenting the new graphic layout of the National Certification Centre website.

Plik: Screenshot 1

Plik: Screenshot 2

Plik: Screenshot 3

News 2010

Announcement of 01 December 2010

The National Bank of Poland hereby announces that following entry into force of the "Commission Decision of 28 July 2010" amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States", as of 1 December 2010 the national Trusted List published by the National Certification Centre will additionally be signed. The certificate issued to the operator of the polish TSL which can be used to validate the signature made on the list is published on the www.nccert.pl website under the "TSL" section.

In view of the above, the "Certification Policy of the National Certification Centre" version 2.2 takes effect as of 1 December 2010.

Announcement of 05 January 2010

The Ministry of Economy informs that in 2010 works connected with the replacement of cryptographic algorithms used for e-signature will be carried out in co-operation with qualified certification service providers. In pursuit of ensuring full security for the recipients of certification services new stronger algorithms will be introduced, among others, those used for the hash function.

Although no attacks making use of hash function collisions have been recorded so far, the European Telecommunications Standards Institute (ETSI) does no longer recommend the use of the SHA1 and RIPEMD-160 algorithms. They will be replaced with respect to various implementations related to electronic signature with the SHA2 group of algorithms. From the e-signature user point of view, this will entail the necessity of updating the applications. Pertinent notification will be made to the users by qualified certification service providers. Since no direct threat has been recorded to date, electronic signature devices will be replaced gradually as the validity of the certificates for placing the e-signature expires. With respect to big IT systems equipped with their own mechanisms for signing and verifying electronic signature, we kindly request users to report the presence of such systems to the National Certification Centre (at e-mail: nccert@nccert.pl). Entities interested in the above-mentioned activities will be informed about the progress of the works, which will enable appropriate modifications to be made to their software. To date, the new type of algorithms has been introduced at the National Certification Centre and at some of the qualified certification service providers. The Ministry of Economy has hosted expert effort, carried out in co-operation with an external company, in technical preparation for the amendment of binding legal provisions. The replacement of algorithms is intended to be conducted while preserving the continuity of provided certification services and reducing all possible inconvenience for the subscribers of this type of services. Any additional information will be published at the website of the National Certification Centre (https://www.nccert.pl).

The conducted update of cryptographic algorithms will have no effect on the validity of electronic signature. The replacement of algorithms will be carried out in particular countries at various dates and with various transition periods. Electronic signatures placed with the use of old and new algorithms may be functioning in parallel in legal relations.

News2009

Announcement of 28 December 2009

The National Certification Centre informs that implementing the European Commission Decision of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the 'points of single contact' under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market, on 28 December 2009 it made available the national trusted list (TSL List) at the https://www.nccert.pl website.

The list is available in the human readable form (PDF format) as well as the xml format.

Due to the above, on 28 December 2009 the Certification policy of the National Certification Centre - version 2.1 entered into force.

Announcement of 15 December 2009

The National Certification Centre informs that in line with previous announcements the "Certification Policy of the National Certification Centre" Version 2.1 will enter into force on 28 December 2009. Changes introduced in the above mentioned certification policy are connected with the fact that on 28 December 2009 the National Certification Centre will start publishing the national trusted list (TSL).

Announcement of 7 December 2009

The National Certification Centre informs that in line with previous announcements starting from 7 December 2009 the www.nccert.pl web site can be accessed through SSL protocol. From 7 to 21 December 2009 the page will be available both through http and https protocols, while starting from 22 December 2009 it will only be possible to access it through https protocol. The introduced changes are connected with the preparations for launching the publication of a national trusted list (TSL). This change does not apply to Certificate Revocation Lists, which will still be available through http protocol.

Announcement of 26 October 2009

The National Certification Centre informs that in line with previous announcements, on 26 October 2009 the National Certification Centre launched a new Root Certification Authority (new root), in which:

• new profiles were defined: certificate of the Ministry of Economy and certificates issued to qualified certification service providers,
• new certificate of the Ministry of Economy valid until 26 October 2020 was generated,
• certificate revocation list of the new root (nccert-n.crl) was generated.

The new root, with distinguished name indicating the Ministry of Economy shall be charged with the following functions:

• generation, issuance and publication of certificates for qualified certification service providers,
• revoking certificates issued by the new root,
• generation and publication of the CRL (nccert-n.crl).

The former Root Certification Authority (old root), with distinguished name indicating CZiC Centrast SA shall be charged with two functions:

• possible revoking certificates of qualified certification service providers, issued by the old root,
• issuance and publication of CRL (nccert.crl).

Both authorities will function simultaneously until the expiry of the existing certificate of the Ministry of Economy i.e. until 14 December 2013. From 15 December 2013 only the new root will function. Therefore, we kindly inform you that from 26 October 2009 the "Certification Policy of the National Certification Centre" version 2.0 shall be in force.

Announcement of 19 October 2009

In connection with the scheduled replacement of the certificate issued by the Ministry of Economy at the National Certification Centre, we kindly inform that from 26 October 2009 the "Certification Policy of the National Certification Centre" version 2.0 shall be in force. It is consistent with the idea of certificate replacement approved by the Ministry of Economy, providing for certificate replacement without cross-certification and renouncement of indicating CZiC Centrast SA in the certificate. For detailed information concerning the adopted idea of replacement of the certificate of the Ministry of Economy at the National Certification Centre please refer to the announcement of 5 March 2009.

Announcement of 05 March 2009

In connection with the scheduled replacement of the certificate issued by the Ministry of Economy at the National Certification Centre, we kindly request you to familiarize yourself with the following information.

The current certificate of the Ministry of Economy was generated on 17 December, 2002 and shall be valid until 14 December 2013. Implementing the decision of the Ministry of Economy contained in the letter reference number DRE-V-4332-7-mf/08 of 27 November 2008 , in line with point 5. 7. 1 of the "Certification Policy of the National Certification Centre", the National Bank of Poland has started the key replacement process.

The idea of certificate replacement approved by the Ministry of Economy provides for certificate replacement without cross-certification and renouncement of indicating CZiC Centrast SA in the certificate.

In order to remove from the existing distinguished name the non-existing CZiC Centrast SA entity, it is agreed that the distinguished name of the certificate of the Ministry of Economy will have the following form:

Country	PL
Organisation	Minister Właściwy Do Spraw Gospodarki
Common name	Narodowe Centrum Certyfikacji (NCCert)

This change is connected with the establishment of the technologically new authority as the algorithm of certification path construction is recognised by the central certification authority on the basis of its distinguished name.

In order to maintain the continuity of the national PKI, in particular, maintain the validity of the issued certificates, simultaneous functioning of two certification authorities is necessary until the expiry of validity of the existing certificate.

The former certification authority (old root), with identifier indicating CZiC Centrast SA, shall be charged with two functions:

• possible revoking of certificates of qualified certification service providers, issued by the old root,
• issuance and publication of the certificate revocation lists (nccert.crl), issued by the old root.

The new authority, with the above mentioned new distinguished name (new root), after generation of data used to submit digital validation by the National Certification Centre (new key) and a new certificate of the Ministry of Economy, shall be charged with the following functions:

• generation, issuance and publication of certificates for qualified certification service providers, issued by the new root,
• revoking of certificates issued by the new root,
• generation and publication of the certificate revocation lists (nccert-n.crl), issued by the new root.

Both authorities will function simultaneously until the expiry of the existing certificate of the Ministry of Economy i.e. until 14 December 2013. From 15 December 2013 only the new root will function.

It should be noted that the used model of replacement of certificate of the Ministry of Economy requires that the application verifying the digital signature chooses the appropriate certification path, i.e.

• path constructed on the basis of the existing certificate valid until 2013.

  or

• path constructed on the basis of the new certificate valid until 2020.

Providers of verification applications are kindly requested to adjust the software to changes in the national public key infrastructure. Any further questions in this respect should be addressed to: nccert@nccert.pl

By the time the new root becomes operational, the certification service providers will conduct their operations making use of certificates issued by the old root.

At present, the National Certification Centre is conducting technical adjustment works involving, inter alia, the construction of technical infrastructure for the new root, modification of the web site www.nccert.pl, creation of the test environment as well as organisation and legal actions aimed at modifying the NCCert system documentation, change of certification policy and preparation for an independent audit.

After finalisation of adaptation works, positive completion of tests and approval by the Board of the NBP of the certification policy agreed with the Ministry of Economy and qualified certification service providers:

• the new root will become operational, containing new profiles: certificate of the Ministry of Economy and certificates issued to qualified certification service providers,
• a new certificate of the Ministry of Economy will be generated,
• new certificates for qualified certification service providers will be generated,
• modified web site www.nccert.pl will contain, in particular, the following: new version of the certification policy, certificates of the Ministry of Economy, nccert.crl list containing revoked certificates issued by the old root, nccert-n.crl list containing revoked certificates issued by the new root.

The new Root Certification Authority is scheduled to become operational in May 2009.

All works connected with replacement of the certificate of the Ministry of Economy at the National Certification Centre are conducted by the National Bank of Poland in coordination and cooperation with the Ministry of Economy.

We would also like to inform you that all three qualified certification service providers which currently operate on the market have declared their willingness to meet the technical and organisational requirements connected with the replacement of the certificate of the Ministry of Economy at the National Certification Centre according the above described procedure.

The qualified certification service providers