Versions Compared

Old Version 2

changes.mady.by.user Marita Gustavsen

Saved on

compared with

New Version Current

changes.mady.by.user Marita Gustavsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

RoleNameContact information
Key custodian

Other

Resources

...

BankID:

RoleNameContact information
Coordinator

PKI

App

...

StepDescriptionResponsibleTaskDeadlineStatusDocuments and notes
1) Send order forms to BankID

The respective TSP or Bank have to fill out required order forms and send it to BankID signed before or during the RA ceremony.

A copy must be sent before the RA ceremony.

TSP or Bank

Status
titlePlanning

Order form templates can be found here: Misc forms for BankID Support

2) Make sure that the prerequisites are in order

Primary CAO token "Dongle" is normally stored in a safe at the respective TSP (CA responsible).

The respective Key Custodian for the TSP is responsible to carry and bring the RA XML request and the Primary CAO token "dongle" to the RA ceremony.

Key custodian for TSP
  • Create an RA XML request on the TSP system, for example through HAT tool.
  • Make sure that the USB stick is new and unused
  • Make sure that the Key Custodian have approved identification such as a passport or driver license (if the Key Custodian is a non-Norwegian citizen, they must bring their passport)

Status
titlePlanning


3) RA ceremony coordination

BankID will ensure that everything is in place and coordinate the ceremony and switchover with all stakeholders.

BankID

Check that the following is in place:

  •  Formal order received
  •  Signed order forms
    •  Signed - Naming of RA (Required)
    •  Signed - Revoke RA XML Request (Optional)
  •  TSPs Primary CAO token
  •  TSPs/Bank RA XML Request

If all is in place, all stakeholders align and agree on date and time for the following:

  •  1. RA ceremony
  •  2. Activation of New RA XML Sign Certificate
  •  3. Revoke RA XML (Optional)

Normally step 2 and 3 happens within the same 24h.


Status
titlePlanning


4) Invitations

BankID will send out a meeting invite for the ceremony

BankID

Create and send out the invitation to all stakeholders.

The invitation should contain, but not limited to:

  • Purpose and description
  • Date
  • Time
  • Duration
  • Address
  • Attendees and contact points
  • Information on what to bring

Status
titlePlanning


...

StepDescriptionResponsibleTaskDeadlineStatusDocuments and notes
5) Pre RA ceremony checkBankID will greet the participants and check that all is OK for moving on with the ceremony.

BankID

  • Participants need to sign in and out
  • All necessary resources are in place
    • Key Custodian
    • PKI
  • Key Custodian ID check is done by PKIthe SO
  • USB virus scan is done manually before High secure room (USB stick that contains the RA XML Sign request)
  • All required documentation is in place
    • Note that RA order forms are to be stored in the BankID High secure room. When the documentation is signed electronically, a copy of the document is to be stored

Status
titlePlanning


6) Perform RA ceremony

BankID is to perform the RA ceremony

BankID

BankID will guide the key custodian through issuing of the new RA XML/SSL certificate(s).

Key custodian will need to oversee that everything is according to the documentation.


Status
titlePlanning


...

StepDescriptionResponsibleTaskDeadlineStatusDocuments and notes
7) Activation/ Revocation (optional)

BankID is to activate the new certificates.

BankID

Activate the new RA XML Sign certificate(s) in BankID COI.
Optional: Revoke the old certificate. Normally done within 24 hours after the ceremony.

Performed by AO with PKI involved.

BankID will inform the TSP/Bank when this has been done.


Status
titlePlanning


8) Certificate checkCheck that the certificate is workingTSP and Bank

TSP/Bank needs to check that the new activated certificate is working towards ODS.

Optional: Check that the revoked certificate is no longer working towards ODS.


Status
titlePlanning


...