• About this guide
    • Acronyms
    • Revision information
    • Other documents
    • Documentation feedback
  • Introduction
    • Scope
    • Identification
    • PKI Participants
    • Certificate Usage
    • Policy Administration
    • Definitions
  • Publication and Repository Responsibilities
  • Identification and Authentication
    • Naming
    • Initial Identity Validation
    • Identification and Authentication for Re-Key Requests
    • Identification and Authentication for Revocation Requests
  • Certificate Life-Cycle Operational Requirements
    • Certificate Application
    • Certificate Application Processing
    • Certificate Issuance
    • Certificate Acceptance
    • Key Pair and Certificate Usage
    • Certificate Renewal
    • Certificate Re-Key
    • Certificate Modification
    • Certificate Revocation and Suspension
    • Certificate Status Services
    • End of Subscription
    • Key Escrow and Recovery
  • Management, Operational and Physical Controls
    • Physical Security Controls
    • Procedural Controls for the CA
    • Personnel Controls
    • Audit Logging Procedures
    • Records Archival
    • Key Changeover
    • Compromise and Disaster Recovery
    • CA Termination
  • Technical Security Controls
    • Key Pair Generation
    • Private Key Protection
    • Other Aspects of Key-Pair Management
    • Activation Data
    • Computer Security Controls
    • Life-Cycle Technical Controls
    • Network Security Controls
    • Time-stamping
  • Certificate and CRL Profiles
    • Certificate Profile
      • Version Numbers
      • Certificate Extensions
      • Algorithm Object Identifiers
      • Name Forms
      • Name Constraints
      • Certificate Policy Object Identifier
      • Usage of Policy Constraints Extension
      • Policy Qualifiers Syntax and Semantics
      • Processing Semantics for the Critical Certificate Policy Extension
    • CRL Profile
    • OCSP Profile
  • Compliance Audit and Other Assessment
  • Other Business and Legal Matters
  • PKIaaS CA & VA certificate profiles
  • PKIaaS subscriber cerficate profiles
    • Active Directory (WSTEP) certificate profiles
    • CMPv2 certificate profiles
    • Code signing certificate profile
    • eSIM certificate profiles
    • EST certificate profiles
    • External subordinate CA certificate profiles
      • Azure Firewall Intermediate CA certificate profile
      • TLS Proxy CA certificate profile
    • Intune certificate profiles
    • MDMWS certificate profiles
    • Mobile device certificate profile
    • Multiuse certificate profiles
    • Private SSL (ACMEv2) certificate profiles
    • S/MIME Secure Email certificate profiles
    • SCEP certificate profiles
    • Smartcard certificate profiles
    • V2G certificate profiles