Category III: Foreign, Allied, or Coalition Partner PKIs or other PKIs
The Netherlands Ministerie van Defensie PKIoverheid Organisatie Persoon CA – G3 is cross-certified with the Federal Bridge via the CertiPath Bridge. However, Netherlands MOD does not currently publish their cross-certificate in a location discoverable during dynamic path building (a.k.a. “AIA chasing”). To utilize the cross-certificate path through the Federal Bridge, a system would need have the CertiPath Bridge CA – G3 > Ministerie van Defensie PKIoverheid Organisatie Persoon CA – G3 cross-certificate locally installed; this certificate can be found in the CertiPath Bridge SIA bundle at http://aia.certipath.com/IssuedBy-CertiPathBridgeCA-G3.p7c. When using this approach, a system should not install the Staat der Nederlanden Root CA – G3.
See the DoD PKI External Interoperability FAQ for more information on DoD approved partner PKI credentials.
Netherlands Ministry of Defence PKI
| Current Certification Authorities (CAs) Details | See Section 44.2 of DoD Approved External PKIs Master Document |
| Current CA Certificates | See Netherlands_Ministry_of_Defence folder in DoD Approved External PKI Certificate Trust Chains zip |
| Approved Certificate Assurance Levels* | See Section 5.18 of DoD Approved External PKIs Master Document |
| Certificate Revocation List (CRL) Distribution Points** | See Netherlands Ministry of Defence section of DoD Approved External CRL Distribution Points (CRLDPs) |
| Online Certificate Status Protocol (OCSP) Responder URL(s)** | None |
| Performs CA Rekeys? | No |
*As represented by OIDs listed in the Certificate Policies extension of the partner certificate; a certificate must assert at least one approved assurance level to be acceptable for use.
**Note: These lists are developed and maintained by DoD PKE based on CRLDP and AIA OCSP values asserted in sample certificates provided to DoD by the partner PKI for testing; they are provided for ease of reference and may not be exhaustive in all cases. Any CRL URL asserted in a CRLDP extension or OCSP URL asserted in an AIA extension of an approved certificate is approved for use by DoD relying parties.
| Title | Size | Updated | |
|---|---|---|---|
|
DoD Approved Assurance Levels from External Partner PKIs - Version 1.15
This file provides a listing of all DoD approved assurance levels from approved partner PKIs. Assurance levels are represented by Certificate Policy Object Identifiers (OIDs) which are asserted in the Certificate Policies x509 certificate extension. DoD relying party applications can only accept certificates with OIDs that map to FBCA medium hardware assurance level or higher (includes PIV and PIV-I OIDs).
|
12.1 KB |
19 Apr 2023
|
|
|
DoD Approved External CRL Distribution Points (CRLDPs) - Version 1.16
This file provides a listing of CRLDPs from DoD approved partner PKIs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates.
|
5.96 KB |
19 Apr 2023
|
|
|
DoD Approved External OCSP URLs - Version 1.15
This file provides a listing of all On-line Certificate Status Protocol (OCSP) URLs from DoD approved partner PKI OCSP responders. OCSP responders are represented by HTTP URLs that are asserted in the Authority Information Access certificate extension. OCSP validation is one of the mechanisms used by DoD relying party applications to validate certificates.
|
3.14 KB |
19 Apr 2023
|
|
|
DoD Approved External PKI Certificate Trust Chains - Version 10.0
This zip file contains certificate trust chains for DoD Approved External PKIs.
|
217.71 KB |
19 Apr 2023
|
|
|
DoD Approved External PKIs Master Document - Version 10.0
This document provides Certification Authority (CA) certificate trust chain and assurance level information for all Department of Defense (DoD) approved Public Key Infrastructures (PKIs).
|
1.18 MB |
19 Apr 2023
|