Definition
Certificate Policy
A certificate policy is a document that describes the different entities that compose a PKI, their roles, duties, and working principles.
Content
A certificate policy typically describes:
- the PKI’s architecture
- the registration process and verification modalities
- the key generation process
- implemented mechanisms to protect the PKI
- management of certificate revocation lists
- legal assurance
Purpose
Trustworthiness Analysis
The purpose of the document is to allow outsiders to analyze the PKI’s trustworthiness.