skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus

Policies and procedures

Underpinning the technicality of a public key infrastructure (PKI) is a system of rules and policies that dictate how digital certificates will be issued and used.

Each different type of digital certificate has different documents attached to it.

The effectiveness and reliability of the digital certificate and the transactions conducted using the digital certificate is based on the confidence all parties to a transaction have in the structure, policies and procedures surrounding the PKI system under which the digital certificate was issued and subsequently used.

The root certification authority, certification authority and a registration authority are important bodies in implementing the policies and procedures and thus creating the requisite level of trust. 

These bodies act in accordance with the requirements of the certification practice statement and any certificate policies.

Access ANZ's PKI documentation or visit our FAQs for further details.

Digital certificates can only be effective enablers of trade when all parties to a transaction have confidence in the certification authority that issued the digital certificate.

Trade is conducted globally and there will be times where a relying party will not be familiar with a certification authority and therefore may not feel confident in relying on a digital certificate they have issued.

To overcome this issue, certification authorities may be certified by a higher level certification authority that is more widely known and trusted.

This is known as a trust hierarchy and at the top of a hierarchy is the root certification authority, sometimes also referred to as a trust anchor.

The IdenTrust™ scheme is an example of a trust hierarchy. The IdenTrust™ organisation acts as a RCA and uses its own-signed digital certificate to certify a participating financial institution, which acts as certification authority. By doing this IdenTrust also states that they have qualified to the standards of the scheme.

The certification authority (CA) issues and signs digital certificates at the request of a registration authority.

The CA is one of the entities that provide the trust element of the PKI.

Parties relying on a digital certificate trust the CA to have correctly included the certificate holder's public key, and other details, in the digital certificate, and to have digitally signed the digital certificate to validate its authenticity and integrity.

A registration authority (RA) is responsible for processing digital certificate requests received from subscribers.

The RA firstly checks that requests are valid and comply with the certification practice statement and relevant certificate policy.

It then authenticates the identity of the user in accordance with any requirements in the certification practice statement and certificate policy.

Once satisfied, the RA forwards the request to the certification authority to sign and issue a digital certificate to the intended certificate holder.

The quality of the registration process determines the level of trust that can be placed in the digital certificates.

IdenTrust, IdenTrust System and the IdenTrust logo are trademarks and service marks of IdenTrust, LLC.