Deutsch | English

1. Introduction and Overview

Name of the Certification Authority: "A1-Telekom-Austria-AG-IssuingCA01-Silver"
Purpose: This issuer statement describes the policies and practices of the certification authority "A1 Telekom Austria AG Silver".

Scope:
The certificates issued by "A1-Telekom-Austria-AG-IssuingCA01-Silver" are primarily used to secure and authenticate internal connections between two endpoints within the infrastructure of A1 Telekom Austria AG. These endpoints may include various devices or systems, such as servers, clients, routers, switches, or other network-based devices.
These certificates ensure that connections are secure and encrypted, and only authorized devices or users can access the network systems. The certificates primarily serve the following purposes:

• Authentication:
  The issued certificates enable secure authentication of devices and users within the internal network. They ensure that only verified and trusted endpoints can communicate with each other, preventing unauthorized access to critical systems.
• Encryption:
  By using certificates, data exchanged between endpoints is encrypted. This ensures that confidential information shared within A1 Telekom Austria AG cannot be intercepted or manipulated by third parties.
• Security Protocols:
  The certificates are used for protocols such as TLS (Transport Layer Security) or IPSec (Internet Protocol Security) to enable secure connections. These protocols protect against eavesdropping attacks and guarantee the integrity and confidentiality of transmitted data.
• Network Security (802.1X):
  The certificates can be used to secure network access points, such as via 802.1X in wired or wireless networks. This ensures that only authenticated devices and users can access the internal network.
• VPN (Virtual Private Network):
  The certificates enable secure and encrypted communication over VPN connections (e.g., Site-to-Site or Remote Access VPN), used to connect internal networks or provide remote access to corporate resources.
• Infrastructure Management:
  They are also used for the management and administration of internal network infrastructure. This includes certificates for devices acting as part of the management layer, such as network administration consoles, management servers, and other administrative systems.
• Restrictions:
  The issued certificates are intended solely for internal use within the infrastructure of A1 Telekom Austria AG. They are not intended for public use or connections outside the corporate network.
  The certificates must not be used for external communication with untrusted systems or to secure connections outside the internal IT infrastructure.

2. Trust Level and Usage

"A1 Telekom Austria AG Silver" is responsible for issuing certificates at the "Silver" trust level. Silver is the average trust level of a certificate within A1 Telekom Austria AG.
These certificates are intended for:

• Client Authentication
• Server Authentication
• Remote Desktop Authentication
• Code Signing
• File Encryption
• Key Recovery Agent

3. CA Responsibilities

• Ensuring the security of the CA's private key.
• Verifying the identity of all applicants before issuing certificates.
• Publishing and managing the CRL (Certificate Revocation List) and/or OCSP (Online Certificate Status Protocol).

4. Responsibilities of Certificate Holders

• Ensuring the secure storage of the certificate's private key.
• Using the certificate only for its authorized purpose.
• Immediate notification of the CA in case of suspected key compromise or misuse.

5. Technical Details

• Key Length: 2048-bit RSA
• Certificate Format: X.509 Version 4
• Certificate Lifetime: up to 24 months
• Allowed Algorithms: RSA - SHA 256
• Extended Key Usage (EKU):
  Client Authentication (1.3.6.1.5.5.7.3.2)
  Server Authentication (1.3.6.1.5.5.7.3.1)
  Remote Desktop Authentication (1.3.6.1.4.1.311.54.1.2)
  Code Signing (1.3.6.1.5.5.7.3.3)
  Time Stamping (1.3.6.1.5.5.7.3.8)
  Document Signing (1.3.6.1.4.1.311.10.3.12)
  Key Recovery (1.3.6.1.4.1.311.21.6)
  Encrypting File System (EFS) (1.3.6.1.4.1.311.10.3.4)
  OCSP Signing (1.3.6.1.5.5.7.3.9)

6. Revocation and Recovery

A certificate may be revoked under the following conditions:

• Compromise or suspected misuse of the private key.
• False information provided in the certificate application.

Certificates are marked as revoked in the CRL or via OCSP.
CRL URL: CRL RootCA
CRL URL: CRL IssuingCA01
OCSP URL: OCSP Responder URL

7. Audit and Monitoring Procedures

"A1 Telekom Austria AG Silver" undergoes regular internal and external audits to ensure compliance with certificate policies.
Compliance: ISO 27001:2013 and ISO 20000:2018 certified.

8. Liability and Legal Notices

• Liability: The CA assumes no liability for damages resulting from improper use of the certificates.
• Governing Law: In the event of disputes, Austrian law applies.
• Jurisdiction: Commercial Court of Vienna

9. Contact Information

For technical support or questions regarding certificate usage, please contact:
Email: Servicedesk (A1 Telekom Austria)
Phone: +43 50 664 08 664 800