/07/ /10/12 I

Certificate Policy Version 1.10 2018 10 12

1.00 2018/07/24 1.10 2018/10/12 I

1.... 1 1.1... 1 1.2... 1 1.3 PKI... 2 1.3.1 CA... 2 1.3.2 RA... 2 1.3.3... 2 1.3.3.1... 2 1.3.3.2... 3 1.3.4... 3 1.3.5... 3 1.4... 3 1.4.1... 3 1.4.2... 3 1.5... 3 1.5.1... 3 1.5.2... 3 1.5.3... 4 1.5.4... 4 1.6... 5 2.... 9 2.1... 9 2.2... 9 2.3... 9 2.4... 9 3.... 10 3.1... 10 3.1.1... 10 3.1.2... 10 3.1.3... 10 3.1.4... 10 3.1.5... 10 3.1.6... 10 3.2... 10 3.2.1... 10 II

3.2.2... 11 3.2.3... 11 3.2.4... 11 3.2.5... 11 3.2.6... 11 3.2.7... 11 3.3... 12 3.3.1... 12 3.3.2... 12 3.4... 12 4.... 13 4.1... 13 4.1.1... 13 4.1.2... 13 4.2... 13 4.2.1... 13 4.2.2... 13 4.2.3... 13 4.2.4 CAA... 13 4.3... 14 4.3.1... 14 4.3.2... 14 4.4... 14 4.4.1... 14 4.4.2... 14 4.4.3... 14 4.5... 14 4.5.1... 14 4.5.2... 14 4.6... 15 4.6.1... 15 4.6.2... 15 4.6.3... 15 4.6.4... 15 4.6.5... 15 4.6.6... 15 III

4.6.7... 15 4.7... 15 4.7.1... 15 4.7.2... 15 4.7.3... 16 4.7.4... 16 4.7.5... 16 4.7.6... 16 4.7.7... 16 4.8... 16 4.8.1... 16 4.8.2... 16 4.8.3... 16 4.8.4... 16 4.8.5... 16 4.8.6... 16 4.8.7... 17 4.9... 17 4.9.1... 17 4.9.2... 18 4.9.3... 18 4.9.4... 18 4.9.5... 18 4.9.6... 18 4.9.7... 18 4.9.8... 18 4.9.9 /... 18 4.9.10 /... 19 4.9.11... 19 4.9.12... 19 4.9.13... 19 4.9.14... 19 4.9.15... 19 4.9.16... 19 4.10... 19 4.10.1... 19 IV

4.10.2... 19 4.10.3... 19 4.11... 20 4.12... 20 4.12.1... 20 4.12.2... 20 5.... 21 5.1... 21 5.2... 21 5.3... 21 5.4... 21 5.5... 21 5.5.1... 21 5.5.2... 21 5.5.3... 21 5.5.4... 22 5.5.5... 22 5.5.6... 22 5.5.7... 22 5.6... 22 5.7... 22 5.7.1... 22 5.7.2... 22 5.7.3... 23 5.7.4... 23 5.8... 23 6.... 24 6.1... 24 6.1.1... 24 6.1.2... 24 6.1.3... 24 6.1.4 CA... 24 6.1.5... 24 6.1.6... 24 6.1.7... 24 6.2... 25 V

6.2.1... 25 6.2.2... 25 6.2.3... 25 6.2.4... 25 6.2.5... 25 6.2.6... 25 6.2.7... 26 6.2.8... 26 6.2.9... 26 6.2.10... 26 6.2.11... 26 6.3... 26 6.3.1... 26 6.3.2... 26 6.4... 26 6.5... 27 6.6... 27 6.7... 27 6.8... 27 7. OCSP... 28 7.1... 28 7.2 CRL... 30 7.3 OCSP... 30 7.3.1... 30 7.3.2 OCSP... 30 8.... 31 8.1... 31 8.2... 31 8.3... 31 8.4... 31 8.5... 31 8.6... 31 9.... 32 9.1... 32 9.2... 32 9.3... 32 VI

9.4... 32 9.5... 32 9.6... 32 9.6.1... 32 9.6.1.1 IA... 32 9.6.1.2 RA... 32 9.6.2... 33 9.6.3... 33 9.6.4... 33 9.7... 33 9.8... 33 9.9... 34 9.10... 34 9.10.1... 34 9.10.2... 34 9.10.3... 34 9.11... 34 9.12... 35 9.12.1... 35 9.12.2... 35 9.12.3... 35 9.13... 35 9.14... 35 9.15... 35 9.16... 35 9.16.1... 35 9.16.2... 35 9.16.3... 36 9.16.4... 36 9.17... 36 VII

1. 1.1 CP SC Domain Validation CA CA CA CPS CA Security Communication RootCA2 CA 825 CA CP CPS CA https://www.cabforum.org/ca/ Browser Forum Baseline Requirements BR CA PB-SSL/TLS CP CPS CP CPS CP CPS CP CA CP IETF RFC3647 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework 1.2 CP P-1

CP 1.2-1 OID CP OID CP 1.2-1 OID CP OID SC Domain Validation CA1 1.2.392.200091.110.213.1 SC Domain Validation CA2 1.2.392.200091.110.213.2 SC Domain Validation CA3 1.2.392.200091.110.213.3 CP CPS OID 1.2-2 OID CPS CPS 1.2-2 OID CPS OID 1.2.392.200091.100.401.1 1.3 PKI 1.3.1 CA CA Certification Authority IA RA CA IA CRL Certificate Revocation List OCSP Online Certificate Status Protocol 1.3.2 RA RA CA CA 1.3.3 CA CA 1.3.3.1 P-2

CA 1.3.3.2 CA CP CA 1.3.4 Web CP CPS 1.3.5 1.4 1.4.1 CA 1.4.2 CA 1.5 1.5.1 CP 1.5.2 CP CA 181-8528 8-10-16 P-3

ca-support@secom.co.jp 1.5.3 CP 1.5.4 CP CA P-4

1.6 CA CA CRL P-5

A Z Baseline Requirements CA/Browser Forum CA Certification Authority CA CAA (Certificate Authority Authorization) DNS CA/Browser Forum CP Certificate Policy CA CPS Certification Practices Statement CA CA CRL Certificate Revocation List CT Certificate Transparency RFC 6962 FIPS140-2 NIST National Institute of Standards and Technology 4 P-6

IA Issuing Authority CA CA INAN(Internet Assigned Numbers Authority) IP OID Object Identifier OCSP Online Certificate Status Protocol PKI Public Key Infrastructure RA Registration Authority CA CA RFC3647 Request For Comments 3647 IETF The Internet Engineering Task Force CP/CPS RSA SHA-1 Secure Hash Algorithm 1 P-7

160 SHA-256 Secure Hash Algorithm 256 256 WebTrust for CA AICPACICA WebTrust for Baseline Requirements AICPACICA SSL WHOIS IP X.500 P-8

2. 2.1 CA CRL 24 365 OCSP 2.2 CA CP CPS 2.3 CP CPS CRL CP 2.4 HTTP HyperText Transfer Protocol HTTPS HTTP SSL Web P-9

3. 3.1 3.1.1 CA X.500 DN Distinguished Name 3.1.2 CA CA Web DNS 3.1.3 CA 3.1.4 X.500 3.1.5 CA (DN) Web 3.1.6 CA CA CA 3.2 3.2.1 Certificate Signing Request CSR CSR P-10

3.2.2 CA 3.2.3 CA 3.2.4 3.2.5 CA 3.2.6 CA Security Communication RootCA2 3.2.7 CA admin administrator webmaster hostmaster postmaster FQDN WHOIS FQDN Baseline Requirements IP IP IP Web P-11

IP IANA Internet Assigned Numbers Authority Regional Internet Registry RIPE APNIC ARIN AfriNIC LACNIC IP IP Baseline Requirements 3.3 3.3.1 3.2 3.3.2 3.2 3.4 CA CA P-12

4. 4.1 4.1.1 4.1.2 CP CPS CA 4.2 4.2.1 CA CP 3.2 4.2.2 CA IP CA 4.2.3 CA 4.2.4 CAA CA CAA CAA CA P-13

secomtrust.net 4.3 4.3.1 CA 4.3.2 4.4 4.4.1 4.4.2 CA 4.4.3 CA 4.5 4.5.1 CA 4.5.2 CP CPS CA P-14

CA 4.6 CA 4.6.1 4.6.2 4.1.1. 4.6.3 4.3.1. 4.6.4 4.3.2. 4.6.5 4.4.1. 4.6.6 4.4.2. 4.6.7 4.4.3. 4.7 4.7.1 4.7.2 4.1.1. P-15

4.7.3 4.3.1. 4.7.4 4.3.2. 4.7.5 4.4.1. 4.7.6 4.4.2. 4.7.7 4.4.3. 4.8 CA 4.8.1 4.8.2 4.1.1. 4.8.3 4.3.1. 4.8.4 4.3.2. 4.8.5 4.4.1. 4.8.6 P-16

4.4.2. 4.8.7 4.4.3. 4.9 4.9.1 CA CA CP CPS CA CA BR CP CPS CA CA IP CA CA P-17

4.9.2 CP/CPS 4.9.1 CA CA 4.9.3 CA CA CA 4.9.4 4.9.5 CA CRL 4.9.6 CA CRL URL OCSP URL CRL OCSP Web CRL CRL OCSP 4.9.7 CRL 24 CRL 4.9.8 CA CRL 4.9.9 / OCSP 24 OCSP P-18

4.9.10 / CRL OCSP 4.9.11 4.9.12 4.9.13 CA 4.9.14 4.9.15 4.9.16 4.10 4.10.1 OCSP 4.10.2 CA 24 365 OCSP OCSP 4.10.3 P-19

4.11 4.12 4.12.1 CA 4.12.2 P-20

5. 5.1 CPS 5.2 CPS 5.3 CPS 5.4 CPS 5.5 5.5.1 CA CPS 5.4.1. CA CRL CRL CPS CPS OCSP 5.5.2 CA 7 5.5.3 P-21

5.5.4 CRL CA 5.5.5 CA NTP Network Time Protocol CA CA 5.5.6 CA 5.5.7 5.6 CA CRL 5.7 5.7.1 CA CA CA 5.7.2 CA CA CA P-22

5.7.3 CA CA CA 5.7.4 CA CA 5.8 CA 3 CA CA P-23

6. 6.1 6.1.1 FIPS140-2 3 CA Web 6.1.2 CA 6.1.3 CA SSL 6.1.4 CA CA CA 6.1.5 CA RSA 2048 RSA 2048 6.1.6 CA 6.1.7 CA CA 6.1-1 CA CA digital Signature yes P-24

nonrepudiation keyencipherment yes dataencipherment keyagreement keycertsign yes crlsign yes encipheronly decipheronly 6.2 6.2.1 CA FIPS140-2 3 6.2.2 CA 6.2.3 CA CA CA 6.2.4 CA 6.2.5 CA CA 6.2.6 P-25

CA 6.2.7 CA 6.2.8 CA 6.2.9 CA 6.2.10 CA 6.2.11 CA CP 6.2.1. 6.3 6.3.1 CA CPS 6.2.1 6.3.2 CA 20 6.4 P-26

CPS 6.5 CPS 6.6 CPS 6.7 CPS 6.8 CPS P-27

7. OCSP 7.1 CA RFC5280 7.1-1 critical Version Version 3 - Serial Number ) 0123456789 - Signature Algorithm sha256 With RSA Encryption - Issuer Country C=JP - Organization O=SECOM Trust Systems CO.,LTD. - Common Name CN= - Validity NotBefore ) 2008/3/1 00:00:00 GMT - NotAfter ) 2009/3/1 00:00:00 GMT - Subject Country - State Or Province - Locality - Organization - Organizational Unit - Common Name - Subject Public Key Info 2048 - critical KeyUsage digitalsignature, keyencipherment y ExtendedKeyUsage serverauth n Subject Alt Name dnsname= n CertificatePolicies [1]policyIdentifier n OID= CP [1.2-1 OID] policyqualifiers policyqualifierid=cps qualifiier= URL [2]policyIdentifier=2.23.140.1.2.1 CRL Distribution Points URL n Authority Information Access accessmethod ocsp 1 3 6 1 5 5 7 48 1) n P-28

Authority Key Identifier Subject Key Identifier Certificate Transparency 1.3.6.1.4.1.11129.2.4.2 accesslocation URL SHA-1 160 SHA-1 160 SignedCertificateTimestampList n n n 7.1-2 OCSP critical Version Version 3 - Serial Number ) 0123456789 - Signature Algorithm sha256 With RSA Encryption - Issuer Country C=JP - Organization O=SECOM Trust Systems CO.,LTD. - Common Name CN= - Validity NotBefore ) 2008/3/1 00:00:00 GMT - NotAfter ) 2008/3/5 00:00:00 GMT - Subject Country C=JP - Organization SECOM Trust Systems CO.,LTD. - Common Name OCSP - Subject Public Key Info 2048 - critical KeyUsage digitalsignature y ExtendedKeyUsage OCSPSigning n OCSP No Check null n CertificatePolicies policyidentifier n OID= CP [1.2-1 OID] policyqualifiers policyqualifierid=cps qualifiier= URL Authority Key Identifier SHA-1 n P-29

Subject Key Identifier 160 SHA-1 160 n 7.2 CRL CA CRL RFC5280 7.2 CRL critical Version Version 2 - Signature Algorithm SHA256 with RSAEncryption - Issuer Country C=JP - Organization O= SECOM Trust Systems CO.,LTD. - Common Name CN= - This Update ) 2008/3/1 00:00:00 GMT - Next Update ) 2008/3/5 00:00:00 GMT - =24H =96H Revoked Serial Number ) 0123456789 - Certificates Revocation Date ) 2008/3/1 00:00:00 GMT - Reason Code unspecified, etc. - critical CRL Number CRL n Authority Key Identifier SHA-1 160 n 7.3 OCSP CA RFC5019 6960 OCSP 7.3.1 CA OCSP 1 7.3.2 OCSP P-30

8. CA CP CPS CA CP CPS 8.1 CA CA CP CP 8.2 CA CA WebTrust CA 8.3 CA 8.4 CA WebTrust for CA WebTrust for BR 8.5 CA 8.6 WebTrust for CA WebTrust for BR WebTrust for CA WebTrust for BR P-31

9. 9.1 CA 9.2 CA 9.3 CPS 9.4 CPS 9.5 CP 9.6 9.6.1 9.6.1.1 IA CA IA CA RA IA CRL OCSP 9.6.1.2 RA CA RA IA P-32

9.6.2 CP CPS CA 4.9.1 9.6.3 CA CA CP 9.6.4 9.7 CA CP 9.6.1 9.8 CP CA CA P-33

CA CRL OCSP CA CA 9.9 CA 9.10 9.10.1 CP 9.10.2 CP CA 9.10.3 CA CA 9.11 CA P-34

9.12 9.12.1 CP CA 9.12.2 CP CP 9.12.3 9.13 CA CA CA 9.14 CP CPS 9.15 CA 9.16 9.16.1 CP CPS 9.16.2 CA CP CPS P-35

9.16.3 CP CPS 9.16.4 9.17 P-36