National Certification Centre

News

News 2020

Announcement of 29 January 2020

Please be informed that on 3 February 2020 the new “Certification Policy of the National Certification Centre, version 3.5” will enter into force. The most important change in comparison to version 3.4 is the less frequent publication of the revoked certificate list. From 3 February 2020, revoked certificate lists will be published at least once a month and the maximum time span between the subsequent lists of revoked certificates will not exceed 35 days. An updated revoked certificate list will also be published following each case of revocation of a certificate to a Trust Service Provider. As previously, such an updated revoked certificate list will be published no later than within 1 hour from the revocation of the Trust Service Provider Certificate.


News 2017

Announcement of 5 September 2017

Narodowy Bank Polski advises that “Certification Policy of the National Certification Centre, version 3.2” is effective from 5 September 2017. As compared with Version 3.1, the new document includes recommendations of the auditor following an audit made by an external company this year. The present version of the document is available at the following address:

http://www.nccert.pl/files/PC_NCCert_EN.pdf


Announcement of 13 March 2017

Narodowy Bank Polski advises that “Certification Policy of the National Certification Centre, version 3.1” is effective from 13 March 2017. As compared with Version 3.0, paragraph 6.1.5 was amended to allow the use of algorithms based on elliptic curves in Trust Service Providers Certificates. The present version of the document is available at the following address:

http://www.nccert.pl/policies/PC_NCCert_EN.pdf


News 2016

Announcement of 5 December 2016

Narodowy Bank Polski advises that – by implementation of the request of the minister in charge of Digital Affairs of 5 December 2016 – on 9 December 2016 it launched a new Certification Authority (CA), as part of the National Certification Centre, and issued a new certificate for the new CA.

Cryptographic Keys of the new Certification Authority have been generated using 4096 bit RSA algorithm. The certificate was created using SHA512 abbreviation. The validity period of the National Certification Centre’s new certificate is 23 years, and the distinguishing identifier has the following structure:

Country : PL

Organization : Narodowe Centrum Certyfikacji

Common name : Narodowe Centrum Certyfikacji

Organisation Identifier : VATPL-5250008198

Certificates of a Trust Service Provider issued by the new Certification Authority will be based on RSA 4096 and SHA512 algorithms, and their validity period will be 11 years.

The certificate of the new Certification Authority is available at the following address:

https://www.nccert.pl/files/nccert2016.crt

and CRL at the following address:

http://www.nccert.pl/arl/nccert2016.crl

The existing Certification Authority, launched in 2009, will operate on the current terms until 27 October 2020.


Announcement of 7 October 2016

Narodowy Bank Polski advises that owing to the entry into force of the Act of 5 September 2016 on Trust Services and Electronic Identification the website of the National Certification Centre has been adjusted to the provisions of the Act.

The changes primarily include:

  1. Introduction of a new term list.
  2. Updating of the list of legal regulations published in the “Regulations” tab.
  3. Transfer of data included in the former register of Qualified Trust Service Providers to the register of Trust Service Providers.

Data needed for the authentication of qualified eSignatures, that is Certificate of the National Certification Centre (formely “certificate of a minister”), Trust Service Providers Certificates (formely “certificates”), Trust Service Providers Certificate Revocation List (formely “Certificate Revocation List”) and Polish Trusted List (formely „TSL”) are available under the same addresses.


News 2015

Announcement of 30 October 2015

The National Certification Centre has decided to postpone the date of the generation of new cryptographic keys and the issue of certificates. New cryptographic keys and the certificate will be generated in July 2016, i.e. following the entry into force of the eIDAS Regulation. This means that from October 2015 to July 2016, certificates for qualified certification service providers will be issued for a period shorter than 5 years. Such a solution is not in contradiction to the provisions of Para. 8 Clause 2 of the Regulation of the Minister of Economy of 9 August 2002 on determining the procedure of creating and issuing an electronic signature-related certificate. The current NCCert CA will be operational until the expiry of the present certificate. The new certificate will implement the RSA 4096 algorithm and the SHA 512 hash function.

All entities receiving documents generated and signed with the use of electronic signatures verified by means of qualified certificates are requested to take steps aiming at the adjustment of their IT systems and applications to the new cryptographic algorithms.


News 2013

Announcement of 14 December 2013

The National Certification Centre is pleased to inform that as from 14 December 2014, the old Root Certification Authority work was finished. Since that day the new "Certification Policy of the National Certification Centre” version 2.4. will take effect. Information about the old Root Certification Authority is available on the www.nccert.pl website under the ARCHIVES section.

Announcement of 18 September 2013

Please be advised that on 21 September 2013 the website of the National Certification Centre www.nccert.pl will have its layout changed. The new layout will be adjusted to current NBP standards regarding its corporate identity and will emphasize the involvement of the NBP in the operations of the root certification authority for the system of public key infrastructure in Poland.

The introduced alterations will not affect the content of the site or its address and localisation of resources such as ARL lists or the TSL list.

Below please find enclosed an example of a screen shot presenting the new graphic layout of the National Certification Centre website.

jpg.gif Plik: Screenshot 1

Announcement of 15 May 2013

The National Certification Centre is pleased to inform that as from 03 June 2013 the "Certification Policy of the National Certification Centre” version 2.3. will take effect.

The amendments introduced by the new version of certification policy affect:

  • Assigning the task of making backup copies to the System Operators. This task has been so far executed by System Administrators,
  • Allowing the Director of the Security Department of the NBP to take detailed decisions on technical matters, which do not affect the scope of duties and responsibilities of the National Certification Centre.

Additionally, the new version of the "Certification Policy of the National Certification Centre" has been made compliant with the requirements indicated in the document RFC 3647 Public Key Infrastructure Certificate Policy and Certification Practices Framework.


News 2012

Announcement of 12 November 2012

Please be advised that on 19 November 2012 the website of the National Certification Centre www.nccert.pl will be expanded to include a module with "text-to-speech functionality" enabling you to hear the content of the site.

The module will be available both for the Polish and English language version of the website.

The functionality can be activated by clicking the "Listen" button in the website's top right corner.


News 2011

Announcement of 17 November 2011

Please be advised that on 26 November 2011 the website of the National Certification Centre www.nccert.pl will have its layout changed. The introduced alterations will not affect the content of the site or its address and localisation of resources such as ARL lists or the TSL list.

Below please find enclosed examples of screen shots presenting the new graphic layout of the National Certification Centre website.

jpg.gif Plik: Screenshot 1

jpg.gif Plik: Screenshot 2

jpg.gif Plik: Screenshot 3


News 2010

Announcement of 01 December 2010

The National Bank of Poland hereby announces that following entry into force of the "Commission Decision of 28 July 2010" amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States", as of 1 December 2010 the national Trusted List published by the National Certification Centre will additionally be signed. The certificate issued to the operator of the polish TSL which can be used to validate the signature made on the list is published on the www.nccert.pl website under the "TSL" section.

In view of the above, the "Certification Policy of the National Certification Centre" version 2.2 takes effect as of 1 December 2010.

Announcement of 05 January 2010

The Ministry of Economy informs that in 2010 works connected with the replacement of cryptographic algorithms used for e-signature will be carried out in co-operation with qualified certification service providers. In pursuit of ensuring full security for the recipients of certification services new stronger algorithms will be introduced, among others, those used for the hash function.

Although no attacks making use of hash function collisions have been recorded so far, the European Telecommunications Standards Institute (ETSI) does no longer recommend the use of the SHA1 and RIPEMD-160 algorithms. They will be replaced with respect to various implementations related to electronic signature with the SHA2 group of algorithms. From the e-signature user point of view, this will entail the necessity of updating the applications. Pertinent notification will be made to the users by qualified certification service providers. Since no direct threat has been recorded to date, electronic signature devices will be replaced gradually as the validity of the certificates for placing the e-signature expires. With respect to big IT systems equipped with their own mechanisms for signing and verifying electronic signature, we kindly request users to report the presence of such systems to the National Certification Centre (at e-mail: nccert@nccert.pl). Entities interested in the above-mentioned activities will be informed about the progress of the works, which will enable appropriate modifications to be made to their software. To date, the new type of algorithms has been introduced at the National Certification Centre and at some of the qualified certification service providers. The Ministry of Economy has hosted expert effort, carried out in co-operation with an external company, in technical preparation for the amendment of binding legal provisions. The replacement of algorithms is intended to be conducted while preserving the continuity of provided certification services and reducing all possible inconvenience for the subscribers of this type of services. Any additional information will be published at the website of the National Certification Centre (https://www.nccert.pl).

The conducted update of cryptographic algorithms will have no effect on the validity of electronic signature. The replacement of algorithms will be carried out in particular countries at various dates and with various transition periods. Electronic signatures placed with the use of old and new algorithms may be functioning in parallel in legal relations.


News2009

Announcement of 28 December 2009

The National Certification Centre informs that implementing the European Commission Decision of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the 'points of single contact' under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market, on 28 December 2009 it made available the national trusted list (TSL List) at the https://www.nccert.pl website.

The list is available in the human readable form (PDF format) as well as the xml format.

Due to the above, on 28 December 2009 the Certification policy of the National Certification Centre - version 2.1 entered into force.

Announcement of 15 December 2009

The National Certification Centre informs that in line with previous announcements the "Certification Policy of the National Certification Centre" Version 2.1 will enter into force on 28 December 2009. Changes introduced in the above mentioned certification policy are connected with the fact that on 28 December 2009 the National Certification Centre will start publishing the national trusted list (TSL).

Announcement of 7 December 2009

The National Certification Centre informs that in line with previous announcements starting from 7 December 2009 the www.nccert.pl web site can be accessed through SSL protocol. From 7 to 21 December 2009 the page will be available both through http and https protocols, while starting from 22 December 2009 it will only be possible to access it through https protocol. The introduced changes are connected with the preparations for launching the publication of a national trusted list (TSL). This change does not apply to Certificate Revocation Lists, which will still be available through http protocol.

Announcement of 26 October 2009

The National Certification Centre informs that in line with previous announcements, on 26 October 2009 the National Certification Centre launched a new Root Certification Authority (new root), in which:

  • new profiles were defined: certificate of the Ministry of Economy and certificates issued to qualified certification service providers,
  • new certificate of the Ministry of Economy valid until 26 October 2020 was generated,
  • certificate revocation list of the new root (nccert-n.crl) was generated.

The new root, with distinguished name indicating the Ministry of Economy shall be charged with the following functions:

  • generation, issuance and publication of certificates for qualified certification service providers,
  • revoking certificates issued by the new root,
  • generation and publication of the CRL (nccert-n.crl).

The former Root Certification Authority (old root), with distinguished name indicating CZiC Centrast SA shall be charged with two functions:

  • possible revoking certificates of qualified certification service providers, issued by the old root,
  • issuance and publication of CRL (nccert.crl).

Both authorities will function simultaneously until the expiry of the existing certificate of the Ministry of Economy i.e. until 14 December 2013. From 15 December 2013 only the new root will function. Therefore, we kindly inform you that from 26 October 2009 the "Certification Policy of the National Certification Centre" version 2.0 shall be in force.

Announcement of 19 October 2009

In connection with the scheduled replacement of the certificate issued by the Ministry of Economy at the National Certification Centre, we kindly inform that from 26 October 2009 the "Certification Policy of the National Certification Centre" version 2.0 shall be in force. It is consistent with the idea of certificate replacement approved by the Ministry of Economy, providing for certificate replacement without cross-certification and renouncement of indicating CZiC Centrast SA in the certificate. For detailed information concerning the adopted idea of replacement of the certificate of the Ministry of Economy at the National Certification Centre please refer to the announcement of 5 March 2009.

Announcement of 05 March 2009

In connection with the scheduled replacement of the certificate issued by the Ministry of Economy at the National Certification Centre, we kindly request you to familiarize yourself with the following information.

The current certificate of the Ministry of Economy was generated on 17 December, 2002 and shall be valid until 14 December 2013. Implementing the decision of the Ministry of Economy contained in the letter reference number DRE-V-4332-7-mf/08 of 27 November 2008 , in line with point 5. 7. 1 of the "Certification Policy of the National Certification Centre", the National Bank of Poland has started the key replacement process.

The idea of certificate replacement approved by the Ministry of Economy provides for certificate replacement without cross-certification and renouncement of indicating CZiC Centrast SA in the certificate.

In order to remove from the existing distinguished name the non-existing CZiC Centrast SA entity, it is agreed that the distinguished name of the certificate of the Ministry of Economy will have the following form:

Country : PL

Organisation : Minister Właściwy Do Spraw Gospodarki

Common name : Narodowe Centrum Certyfikacji (NCCert)

This change is connected with the establishment of the technologically new authority as the algorithm of certification path construction is recognised by the central certification authority on the basis of its distinguished name.

In order to maintain the continuity of the national PKI, in particular, maintain the validity of the issued certificates, simultaneous functioning of two certification authorities is necessary until the expiry of validity of the existing certificate.

The former certification authority (old root), with identifier indicating CZiC Centrast SA, shall be charged with two functions:

  • possible revoking of certificates of qualified certification service providers, issued by the old root,
  • issuance and publication of the certificate revocation lists (nccert.crl), issued by the old root.

The new authority, with the above mentioned new distinguished name (new root), after generation of data used to submit digital validation by the National Certification Centre (new key) and a new certificate of the Ministry of Economy, shall be charged with the following functions:

  • generation, issuance and publication of certificates for qualified certification service providers, issued by the new root,
  • revoking of certificates issued by the new root,
  • generation and publication of the certificate revocation lists (nccert-n.crl), issued by the new root.

Both authorities will function simultaneously until the expiry of the existing certificate of the Ministry of Economy i.e. until 14 December 2013. From 15 December 2013 only the new root will function.

It should be noted that the used model of replacement of certificate of the Ministry of Economy requires that the application verifying the digital signature chooses the appropriate certification path, i.e.

  • path constructed on the basis of the existing certificate valid until 2013.

    or

  • path constructed on the basis of the new certificate valid until 2020.

Providers of verification applications are kindly requested to adjust the software to changes in the national public key infrastructure. Any further questions in this respect should be addressed to: nccert@nccert.pl

By the time the new root becomes operational, the certification service providers will conduct their operations making use of certificates issued by the old root.

At present, the National Certification Centre is conducting technical adjustment works involving, inter alia, the construction of technical infrastructure for the new root, modification of the web site www.nccert.pl, creation of the test environment as well as organisation and legal actions aimed at modifying the NCCert system documentation, change of certification policy and preparation for an independent audit.

After finalisation of adaptation works, positive completion of tests and approval by the Board of the NBP of the certification policy agreed with the Ministry of Economy and qualified certification service providers:

  • the new root will become operational, containing new profiles: certificate of the Ministry of Economy and certificates issued to qualified certification service providers,
  • a new certificate of the Ministry of Economy will be generated,
  • new certificates for qualified certification service providers will be generated,
  • modified web site www.nccert.pl will contain, in particular, the following: new version of the certification policy, certificates of the Ministry of Economy, nccert.crl list containing revoked certificates issued by the old root, nccert-n.crl list containing revoked certificates issued by the new root.

The new Root Certification Authority is scheduled to become operational in May 2009.

All works connected with replacement of the certificate of the Ministry of Economy at the National Certification Centre are conducted by the National Bank of Poland in coordination and cooperation with the Ministry of Economy.

We would also like to inform you that all three qualified certification service providers which currently operate on the market have declared their willingness to meet the technical and organisational requirements connected with the replacement of the certificate of the Ministry of Economy at the National Certification Centre according the above described procedure.

The qualified trust service providers