Assigned ETSI XML URIs

This indicator expressed as a URI indicates:

Description:

A qualified certificate issuing trust service creating and signing qualified certificates based on the identity and other attributes verified by the relevant registration services, and under which are provided the relevant and related revocation and certificate validity status information services (e.g. CRLs, OCSP responses) in accordance with EU Directive 1999/93/EC [i.3] or with Regulation (EU) No 910/2014 [i.10] whichever is in force at the time of provision. This may also include generation and/or management of the associated private keys on behalf of the certified entity.

Requirements:

When the listed service is a "root" certificate generation service issuing certificates to one or more subordinates certificate generation services and from which a certification path can be established down to a certificate generation service issuing end-entity qualified certificates, this service type shall be further identified by using the "http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/RootCA-QC" identifier (described in clause D.4) which is included in the additionalServiceInformation extension (clause 5.5.9.4) within a Service information extension (clause 5.5.9).
When applicable, this service type shall be further specified through the use of an additionalServiceInformation extension (clause 5.5.9.4) within a Service information extension (clause 5.5.9) by using the appropriate identifiers indicating the nature of the qualified certificates for which the qualified status has been granted, i.e. qualified certificates for electronic signatures, qualified certificates for electronic seals, and/or qualified certificates for website authentication (as specified in clause 5.5.9.4).
When, in accordance with Annex II of Regulation (EU) No 910/2014 [i.10], the above described service includes the management of the electronic signature creation data on behalf of the signatory for qualified electronic signatures as part of the provision of qualified electronic signature creation device, and/or includes the management of the electronic seal creation data on behalf of the seal creator for qualified electronic seals as part of the provision of qualified electronic seal creation device, then the qualified certificates for which the private key resides in such a device shall be further identified and specified through the use of a Qualifications extension (clause 5.5.9.2) within a Service information extension (clause 5.5.9) by using the appropriate criteria and qualifiers (clause 5.5.9.2.3).
When the certificate validity status information (e.g. CRLs, OCSP responses) related to the qualified certificates issued by the listed "CA/QC" identified service are not signed by the private key corresponding to the listed public key and when no certificate chain/path exists from the related certificate validity status information services (either CRL issuing entities or OCSP responders) to the listed "CA/QC" identified service public key, those certificate validity status information services shall be listed separately.