Login IconLogin
Basket Icon0
RofS LogoNADC Logo

السلطة القومية للمصادقة الالكترونية

National Authority for Digital Certification

Home
Our Products

Products

Country Sign Certificate Authority (CSCA) Certificate

As per responsibility by the law of e-transaction Act 2007 mended 2015 NADC creating Country Sign Certificate Authority (CSCA) for Sudan which is every important for any Country that is issuing e-Passports would need to establish a CSCA as its national trust point. CSCA certificates are generated by the CSCA (Root CA) matching ITU (X.509) and ICAO (9303 Docv9) standards and are generally valid for periods of Five to ten years. As the anchor in the trust chain, CSCA certificates are often exchanged bilaterally or published in ICAO PKD to ensure maximum security and trust in the rest of the chain. However, CSCA certificates can also be obtained via Master Lists and validated by other means.

Document Signer Certificate (DSC)

A DSC is a certificate that contains the information required to verify the digital signature on an ePassport. In contrast to CSCA certificates which remain relatively static due to the longer validity period a large number of DSCs will be created over time. While there are no minimum or maximum periods prescribed in Doc 9303 with respect to validity periods, the commonly held best practice is for a validity period of no more than 3 months or for signing traveler documents, whichever is sooner. Border control systems would need to validate the DSC associated with an ePassport against the CSCA certificate for the issuing Country to confirm the ePassport is authentic and has not been tampered with.

Certificate Revocation List (CRL)

CRLs are issued to reflect the revocation status of the Country's DSCs or CSCAs that have been compromised. In addition, CRLs also serve to confirm that no such revocations exist for any of their certificates. CRLs must be issued at least every 90 days, even if no certificates have been revoked.

Border Control – ePassport Validation Solution

e-Passports are the most secure of travel documents. But without proper validation of the contents of the chip in an ePassport, the advantages of this increased security are not realized. Improper validation of e-Passports leads to a "false" sense of security.

The challenges to proper validation of the chip include:

  • Distributing your Country credentials to others through the ICAO PKD.
  • Sourcing of CSCA/DSC/CRL from multiple countries and downloading from the ICAO PKD.
  • Ensuring proper due diligence before using the ICAO PKD certificates and other sourced data.
  • Secure distribution to all validation points (border control).
  • Hiding the complexity of the ePassport validation process from the border control Immigration Officer and presenting the results in an easy-to-understand format.
  • Management of central Validation policies that can be pushed to the validation points.
  • Understanding the complexity, and the state of affairs and level of compliance (or non-compliance) of the actual e-Passports in circulation.

ICAO PKD Participation

The International Civil Aviation Organization (ICAO) is a United Nations agency which helps 193 countries to cooperate together and share their skies to their mutual benefit. The ICAO PKD is the central platform to manage the world-wide exchange of public key certificates needed for the electronic verification of electronic Machine-Readable Travel Documents (e-MRTDs), other ICAO-specified digitally signed document formats and Certificate Revocation Lists (CRLs). The PKD content is validated before being made available for download to participants via dedicated download connections. The contents can also be downloaded for free at http://download.pkd.icao.int/. The Public Key Directory will be accessible 24 hours a day, 7 days a week. Nadc take the role of its responsibilities in accordance of e-transaction Act2007 as only one entity in Sudan has a right to participate in ICAO PKD, date of participation is in Jan-2021 (ICAO PKD - participants).

Foreign Products

The reasons that led the National Authority for Electronic Authentication to partner with a third party to provide electronic security services:

  • After establishing the public key infrastructure and creating the national root certificate, this certificate was not included in browsers as this step requires certain procedures that are reviewed by international auditors and specialized companies such as Bugzilla, and the arrangements for including the Sudanese root certificate are similar to applying for an ISO certificate as an example, with differences in the method.
  • Government institutions need a governmental entity with expertise in dealing with digital certificates that adopts dealing with any trusted third party and dealing with it on behalf of the state.
  • Websites with the extension (.gov.sd) could not be secured except after establishing this partnership with the globally trusted third party.
  • The process of including the Sudanese root certificate in browsers requires a long time due to the periodic review process during the workflow of the National Authority for Electronic Authentication and the continuous improvement of workflow, devices, equipment, buildings, and others.
  • Note that the regulations of the National Authority for Electronic Authentication guarantee its dealing with foreign certificates and their accreditation (Regulation for Organizing Certification for Electronic Certification Service Providers for the year 2018)

Foreign Products

SSL/TLS
Web Certificates

Certificates from a Certification Authority CA trusted by all internet browsers, provided in partnership with Sectigo under the Sudan RootCA Security Services platform

Vector

Electronic authentication plays a vital role in securing electronic transactions, as it is the essential step to verify the identity of interacting parties online, whether they are individuals, systems, or applications. These are the most prominent points that illustrate this role:

Local Products

Digital certificates issued through the National Root Authority Sudan RootCA: intermediate CA issuing CA which are not approved in internet browsers and are not included in the ATTL & CDS list and are used to secure electronic transactions, encryption and identity verification internally.

Vector 2

SSL Certificates Comparison

Learn about the different types of SSL certificates and the features of each type to choose the most suitable for your needs

Certificate TypePriceCertificate TypesKey Features

DV

Domain Validation

DV

Lowest Cost
  • SSL DV
  • SSL DV multi-domain/UCC
  • SSL DV wildcard
  • Subscription period from 1 to 6 years
  • Domain validation
  • Average issuance within minutes
  • Unlimited server licenses
  • Strongest SHA2 and ECC encryption
  • $500,000 warranty

OV

Organization Validation

OV

Medium
  • SSL OV
  • SSL OV multi-domain/UCC
  • SSL OV Wildcard
  • Subscription period from 1 to 6 years
  • Organization validation for public sites
  • Within 1 day of receiving all documents
  • Unlimited server licenses
  • Strongest SHA2 and ECC encryption
  • $1,000,000 warranty

EV

Extended Validation

EV

Highest
  • SSL EV
  • SSL EV multi-domain/UCC
  • Subscription period from 1 to 6 years
  • Highest level of authentication
  • Your organization name displayed in certificate
  • Within 1 day of receiving all documents
  • Unlimited server licenses
  • $1,750,000 warranty
W

Wildcard SSL Certificate

Secure the main domain and unlimited subdomains with just one certificate

Wildcard SSL (DV) - For simple websites
Wildcard SSL (OV) - For business websites
M

Multi-Domain

Secure multiple different domains with one certificate (UCC/SAN)

Multi-Domain DV/OV/EV
Up to 250 additional domains
S

Single Certificates

Secure a single domain quickly and cost-effectively

Single Domain DV/OV/EV
With or without WWW

Cart

Your cart is empty