Interoperability Guidelines (IOG)

The interoperability challenges facing the Indian PKI are two fold - first being standardization of certificate fields and second being the scalability of accommodating business requirements of various classes of certificates and sub-CAs. The interoperability model that has been defined by the CA recommends two major initiatives – organizational guidelines and certificate profile guidelines.

Organizational Guidelines: Under this initiative, the CCA has recommended changes in the way Certifying Authorities are structured and issue certificates. This includes flexibility in operating sub-CAs for business purposes.

Certificate Profile Guidelines: Under Certificate Profile guidelines, CCA has issued detailed guidelines pertaining to certificate fields and extensions. This includes guidance on mandated or recommended values, interpretation and usage for certificate fields / extensions.

The guidelines issued by the Controller of Certifying Authorities are to be strictly followed by CAs. Unless and otherwise the date of implementation is specified, the effective date of implementation of guidelines will be from the date of publication on the website of Office of CCA.

Identity Verification Guidelines (IVG)

Certificates are issued subjected to the verification requirements specified under CCA-IVG, for the identity verification for different types of certificates like personal, organizational person, SSL, encryption, code signing, system certificate etc.

In order to retain eKYC of applicant by CA, the process of applicant’s identity verification is followed as specified under CCA-IVG. CA verifies the information relating to the authenticity of the requesting representative as per the requirements mentioned under CCA-IVG.

CA verifies that the information in certificate applications is accurate based on the attested supporting documents, telephonic interaction, Video Verification and other procedures specified under CCA-IVG.