Enrolment Requirements
Applicants for digital certificates must have their identities authenticated and their
eligibility to hold a certificate validated before any certificate can be issued.
This is vital if a certificate that is intended to be used to subsequently
authenticate online identities, or to sign communications, transactions and documents, is
to be trusted as really belonging to the person or organisation indicated in the
certificate.
The following table outlines the requirements for documentary evidence that may be
supplied in support of an application, for any applicant wishing to be issued with a
digital certificate and is subject to a detailed and audited process that is followed by
our Registration Authority Administrators.
If you are an organisation that is already registered with the NHS Address
Registration Service, you will have already met these evidential requirements and can
return to the enrolment form.
|
Type of Applicant |
Type of Evidence Required |
| An Organisation, for whom a certificate is being
requested (commonly required to be able to support the enrolment of devices or
applications acting on behalf of the organisation, for example webservers). This
requires both the Organisation and the Organisation
Representative to have their identities authenticated. |
organisational
acceptable evidence |
- An Organisation Representative, making the application on behalf of an
organisation
|
Either
pre-vetted applicant acceptable evidence
or
general person acceptable evidence
Plus:
- evidence of affiliation to the organisation
- evidence of authority to act on behalf of the organisation
- verification of the representative through "back contact" with the
organisation
|
Pre-vetted individuals, e.g.:
- staff of the Registration Authority's organisation
- other classes of individuals, specially selected by the Registration Authority (and
approved by the Issuing Authority), with whom the Registration Authority has an existing
documented relationship and already has evidence of their identity and eligibility to hold
a certificate
|
pre-vetted applicant
acceptable evidence |
| Other individuals, (without the benefit of such a close
relationship supported by existing evidence of identity and eligibility to hold a
certificate) |
general person acceptable evidence |
In each case and for each certificate applicant, the Registrar may:
- Take further steps to confirm the identity and eligibility of the intended
subscriber. This may include the use of independent confirmation with other parties.
- Approve the certificate request if the Registrar is sufficiently satisfied of the
identity and eligibility of the intended certificate holder (Subscriber). In this case,
prior to approving the certificate request, the Registrar may:
- further restrict or enhance the capabilities to be supported by the certificate (e.g.
validity period, key usage, etc.) provided that the governing Certificate Policy is not
contravened
- correct any subscriber information to be contained within the certificate that is
inaccurate
- add any subscriber information that may be required to avoid naming conflicts
- remove any subscriber information that is not required to be published in the
certificate
- indicate whether the location from which the issued certificate may be securely
obtained, is to be provided directly to the intended subscriber or to the Registrar for
further management of the delivery to the intended subscriber
- Defer the certificate request, pending further investigation of the identity and
eligibility of the intended subscriber
- Reject the request
| 
