ACP 185
ACP 185
ACP 185
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
UNCLASSIFIED<br />
<strong>ACP</strong> <strong>185</strong><br />
• Web server authentication<br />
• Digitally signed email<br />
• Encrypted email<br />
• Smartcard login<br />
Dry run of the Cross-certification signing ceremony<br />
309. It is recommended that the two nations perform dry run testing of the crosscertification<br />
signing ceremony using the national Test Infrastructures. This may include:<br />
• Generation of the cross-certificate requests<br />
• Verification of the integrity of the cross-certificate requests upon receipt<br />
• Generation of the Principal Cross-Certificate<br />
• Understanding of roles and responsibilities related to the cross-certificate<br />
signing ceremony<br />
Interoperability CA testing<br />
310. Each CCEB Nation is expected to perform internal testing on the CA that will be<br />
used for CCEB Interoperability as part of the process of deploying the operational CA.<br />
These tests should align with the relevant self-assertions made in relation to the NDPKI<br />
CPs against the CPMC.<br />
Operational testing<br />
311. After the generation of a cross-certificate in the operational environment, one or<br />
more certificate chains that include the newly generated cross-certificate should be<br />
validated to ensure that cross-certification was successful.<br />
REASONS FOR RE-TESTING<br />
312. After a CCA is operational, changes to the configuration of a NDPKI may warrant<br />
re-testing. Re-testing should occur prior to the implementation of the configuration<br />
change, but may occur post implementation if prior testing is not possible. Re-testing<br />
may be initiated by the Nation making the change or may be requested by the other<br />
Participant in response to an update to the CCA or self-assertion. Types of changes that<br />
will likely require re-testing include:<br />
Uncontrolled copy when printed<br />
• Establishment of a CA used for interoperability by the NDPKI<br />
• Changes to algorithms used for hashing, encryption, or key agreement<br />
• Changes to applicable CAs or end entity certificate profiles<br />
3-3<br />
UNCLASSIFIED