Statistics Act, 1999
R 385
Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)Accreditation RegulationsChapter III : Requirements for certification service providers13. Technical requirements |
| (1) | A certification service provider whose authentication products and services are based on PKI must comply with SANS 21 188. |
| (2) | All certificates issued by a certification service provider must, if accredited by the South African Accreditation Authority, conform to the ITU X.509 standard and must contain the following data, among other things— |
| (a) | The serial number of the certificate that distinguishes it from other certificates; |
| (b) | The signature algorithm identifier that identifies the algorithm used by the certification service provider to sign the certificate; |
| (c) | The name of the certification service provider that issued the certificate; |
| (d) | The period of validity of the certificate; |
| (e) | The name of the subscriber whose public key the certificate identifies; |
| (f) | The public key information of the subscriber; |
| (g) | Confirmation that it is a certificate that has been accredited by the South African Accreditation Authority and reference to the uniform resource locator of the South African Accreditation Authority's website. |
| (3) | Three-factor authentication or a similar acceptable level of security is required for the storage of the private key where authentication products and services are based on PKI. |
