This indicator expressed as a URI indicates:
A qualified certificate issuing trust service creating
and signing qualified certificates based on the identity and other
attributes verified by the relevant registration services, and under
which are provided the relevant and related revocation and certificate
validity status information services (e.g. CRLs, OCSP responses) in
accordance with EU Directive 1999/93/EC [i.3] or with Regulation (EU) No
910/2014 [i.10] whichever is in force at the time of provision. This may
also include generation and/or management of the associated private keys
on behalf of the certified entity.
When the listed service is a "root" certificate
generation service issuing certificates to one or more subordinates
certificate generation services and from which a certification path can
be established down to a certificate generation service issuing
end-entity qualified certificates, this service type shall be further
identified by using the "http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/RootCA-QC"
identifier (described in clause D.4) which is included in the
additionalServiceInformation extension (clause 18.104.22.168) within a Service
information extension (clause 5.5.9).
When applicable, this service type shall be further specified through
the use of an additionalServiceInformation extension (clause 22.214.171.124)
within a Service information extension (clause 5.5.9) by using the
appropriate identifiers indicating the nature of the qualified
certificates for which the qualified status has been granted, i.e.
qualified certificates for electronic signatures, qualified certificates
for electronic seals, and/or qualified certificates for website
authentication (as specified in clause 126.96.36.199).
When, in accordance with Annex II of Regulation (EU) No 910/2014 [i.10],
the above described service includes the management of the electronic
signature creation data on behalf of the signatory for qualified
electronic signatures as part of the provision of qualified electronic
signature creation device, and/or includes the management of the
electronic seal creation data on behalf of the seal creator for
qualified electronic seals as part of the provision of qualified
electronic seal creation device, then the qualified certificates for
which the private key resides in such a device shall be further
identified and specified through the use of a Qualifications extension
(clause 188.8.131.52) within a Service information extension (clause 5.5.9)
by using the appropriate criteria and qualifiers (clause 184.108.40.206.3).
When the certificate validity status information (e.g. CRLs, OCSP
responses) related to the qualified certificates issued by the listed
"CA/QC" identified service are not signed by the private key
corresponding to the listed public key and when no certificate
chain/path exists from the related certificate validity status
information services (either CRL issuing entities or OCSP responders) to
the listed "CA/QC" identified service public key, those certificate
validity status information services shall be listed separately.