7. Certificate, CRL and OCSP profiles
7.1 Certificate profile
ERPly Pro issues X.509 v3 certificates under five profiles. The canonical details for each profile live in its respective CP:
| Profile | Policy OID | CP |
|---|---|---|
qc-natural-person | 1.3.6.1.4.1.<PEN_PENDING>.1.1.1 | /cp/qc-natural-person |
qc-legal-person-rep | 1.3.6.1.4.1.<PEN_PENDING>.1.1.2 | /cp/qc-legal-person-rep |
qc-psfe-automated | 1.3.6.1.4.1.<PEN_PENDING>.1.1.3 | /cp/qc-psfe-automated |
qcs-electronic-seal | 1.3.6.1.4.1.<PEN_PENDING>.1.1.4 | /cp/qcs-electronic-seal |
tsa-responder | 1.3.6.1.4.1.<PEN_PENDING>.1.1.5 | /cp/tsa-responder |
7.1.1 Version number
X.509 v3.
7.1.2 Certificate extensions
See individual CPs.
7.1.3 Algorithm OIDs
Pending.
7.2 CRL profile
X.509 v2 CRL with IssuingDistributionPoint (idp) extension and
partitioning; nextUpdate ≤ 2 hours from thisUpdate.
7.3 OCSP profile
RFC 6960 with delegated responder certified under the same policy arc. Responses are signed with the responder's algorithm.