On this page you will everything related to the PKI provided by IN Groupe Denmark, including practices statements, profiles, terms, certificates, and endpoints.

Practices statements

The trust services provided by IN Groupe Denmark is provided cf. practice statements found below, which describes how the services complies with the required politics.

• Trust Service Provider Practice Statement v1.1 (PDF)
• Certificate Practice Statement v1.1 (PDF)
• Advanced Certificate Practice Statement v1.0 (PDF)
• Remote Qualified Siganture Creation Device Practice Statement v1.1 (PDF)
• Timestamp Authority Practice Statement v1.1 (PDF)

Previous versions

• Trust Service Provider Practice Statement v1.0 (PDF)
• Certificate Practice Statement v1.0 (PDF)
• Remote Qualified Siganture Creation Device Practice Statement v1.0 (PDF)
• Timestamp Authority Practice Statement v1.0 (PDF)

Profiles

IN Groupe Denmark Trust Services uses and issues certificates, certificate revocation lists, OCSP requests/responses, and time stamp tokens in accordance with specified profiles. The profiles are documented in the document found below.

• IN Groupe Denmark A/S Certificate Profiles v1.0.2 (PDF)
• IN Groupe Denmark A/S Advanced Certificate Profiles v1.0 (PDF)

Previous versions

• IN Groupe Denmark A/S Certificate Profiles v1.0.1 (PDF)
• IN Groupe Denmark A/S Certificate Profiles v1.0 (PDF)

Certificates

IN Groupe Denmark provides a Production environment and a Pre-Production environment for testing purposes. Below you will find the certificates and CRL that make up the PKI for each environment.

Production

Root certificate authority

• Certificate (DER)
• Certificate Revocation List

Issuing certificate authorities

• IN Groupe Denmark Qualified issuing CA I (DER)
• IN Groupe Denmark Advanced issuing CA I (DER)

Timestamp unit

• IN Groupe Denmark TimeStamping Unit I (DER)

OCSP Responder

• Endpoint: https://ocsp.pki.ingroupe.dk/

Pre-Production

Root certificate authority

• Certificate (DER)
• Certificate Revocation List

Issuing certificate authorities

• Test - IN Groupe Denmark Qualified issuing CA I (DER)
• Test - IN Groupe Denmark Advanced issuing CA I (DER)

Timestamp unit

• Test - IN Groupe Denmark TimeStamping Unit I (DER)

OCSP Responder

• Endpoint: https://ocsp.pki.pp.ingroupe.dk/

Certificate terms

The current terms for receiving a certificate:

• Qualified/Advanced Natural Person Certificate v1.0.1 - English (PDF)
• Qualified/Advanced Natural Person Certificate v1.0.1 - German (PDF)
• Qualified/Advanced Natural Person Certificate v1.0.1 - Danish (PDF)

Notes

OCSP Responder

The OCSP Responder requires the caller to use SNI when establishing the TLS connection.
OpenSSL OCSP doesn't support this out of the box, so cURL can be utilized to transmit the request and receive the response.
Below is an example of how to perform this validation.

openssl ocsp -issuer <PEM ENCODED CA CERT FILE> -serial <SERIAL IN DECIMAL> -nonce -reqout ocsp.req
curl -o ocsp.resp -X POST -H "Content-Type: application/ocsp-request" --data-binary @ocsp.req https://ocsp.pki.ingroupe.dk/
openssl ocsp -reqin ocsp.req -respin ocsp.resp 

---