Deutsch | English

1. Introduction and Overview

Name of the Certification Authority: "A1-Telekom-Austria-AG-IssuingCA01-Bronze"
Purpose: This issuer statement describes the policies and practices of the certification authority "A1 Telekom Austria AG Bronze".

Scope:
The certificates issued by "A1-Telekom-Austria-AG-IssuingCA01-Bronze" are primarily used to secure email communication (S/MIME), the issuance of web server certificates, and the automated issuance of certificates via the ACME protocol. These certificates support various endpoints such as email clients, web servers, and other network-based systems.
These certificates ensure that emails are securely encrypted, web servers are authenticated, and communication is securely encrypted. The certificates primarily serve the following purposes:

• S/MIME (Secure/Multipurpose Internet Mail Extensions):
  The issued certificates enable the secure encryption and signing of emails to ensure the integrity and confidentiality of email communications.
• Web Server Certificates:
  Certificates issued automatically via ACME are used to secure encrypted communication between servers and clients over HTTPS.
• ACME (Automated Certificate Management Environment):
  The certificates are automatically distributed to web servers or other services via the ACME protocol, enabling efficient and fast issuance of web server certificates.

2. Trust Level and Usage

"A1 Telekom Austria AG Bronze" is responsible for issuing certificates at the "Bronze" trust level. Bronze is the basic trust level of a certificate within A1 Telekom Austria AG.
These certificates are intended for:

• S/MIME (Email encryption and signing)
• Web server certificates (HTTPS)
• Automated certificate issuance via ACME

3. CA Responsibilities

• Ensuring the security of the CA's private key.
• Verifying the identity of all applicants before issuing certificates.
• Publishing and managing the CRL (Certificate Revocation List) and/or OCSP (Online Certificate Status Protocol).

4. Responsibilities of Certificate Holders

• Ensuring the secure storage of the certificate's private key.
• Using the certificate only for the authorized purpose.
• Immediate notification of the CA in case of suspected key compromise or misuse.

5. Technical Details

• Key Length: 2048-bit RSA
• Certificate Format: X.509 Version 4
• Certificate Lifetime: up to 24 months
• Allowed Algorithms: RSA - SHA 256
• Extended Key Usage (EKU):
  Client Authentication (1.3.6.1.5.5.7.3.2)
  Server Authentication (1.3.6.1.5.5.7.3.1)
  S/MIME (1.3.6.1.5.5.7.3.4)
  Document Signing (1.3.6.1.4.1.311.10.3.12)
  OCSP Signing (1.3.6.1.5.5.7.3.9)

6. Revocation and Recovery

A certificate may be revoked under the following conditions:

• Compromise or suspected misuse of the private key.
• False information provided in the certificate application.

Certificates are marked as revoked in the CRL or via OCSP.
CRL URL: CRL RootCA
CRL URL: CRL IssuingCA01
OCSP URL: OCSP Responder URL

7. Audit and Monitoring Procedures

"A1 Telekom Austria AG Bronze" undergoes regular internal and external audits to ensure compliance with certificate policies.
Compliance: ISO 27001:2013 and ISO 20000:2018 certified.

8. Liability and Legal Notices

• Liability: The CA assumes no liability for damages resulting from improper use of the certificates.
• Governing Law: In the event of disputes, Austrian law applies.
• Jurisdiction: Commercial Court of Vienna

9. Contact Information

For technical support or questions regarding certificate usage, please contact:
Email: Servicedesk (A1 Telekom Austria)
Phone: +43 50 664 08 664 800