Electronic Signatures and Infrastructures (ESI); Guidance for Auditors and CSPs on ETSI TS 102 042 for Issuing Publicly-Trusted TLS/SSL Certificates (V1.1.1)
The present document provides guidance on the assessment of Certification Authorities issuing Certificates primarily for use with Transport Layer Security (TLS) protocol [i.8] or the earlier equivalent Secure Socket Layer (SSL) protocol based on TS 102 042 [i.1] and the CA/Browser Forum Baseline Requirements for the issuance and the management of publicly-trusted certificates@ (BRG) [i.2]. The present document is aimed at providing guidance to Certification Authorities issuing Publicly trusted TLS/SSL certificates to be aware of how they may be assessed and for auditors in carrying out assessment of the conformance of such certification authorities according to TS 102 042 [i.1]. Annex A provides a checklist that may be used by auditors in carrying out an audit based on these guidelines. Annex B provides a suggested framework for the final audit report.