Scenario SCOK

As it was mentioned above, all the certificates in this scenario are valid.

This scenario is aligned with the figure below. It is built on the following:

1. Three certification levels, with the root being Root_CA_OK, and two additional levels formed by Level_A_CA_OK and Level_B_CA_OK. This last one is the Certification Authority certifying the purported signer (entity Signing_User in the figure).
2. Three OCSP responders, PROVIDED AS ON-LINE SERVICES for this Plugtest. The OCSP responders are actually the CAs issuing certificates in each level of the trust framework (Direct Trust Model). Each CA serves requests on the status of the certificates issued by itself. Details on how to request to the CAs the generation of the OCSP responses may be found in the Online PKI services details page.
3. One Time-Stamping Authority. The time-stamping service WILL BE PROVIDED AS AN ON-LINE SERVICE during the plugtest, so that the participants may get the required time-stamps while generating the different XAdES signature forms. Details on how to access this service may be found in the Online TSP Services access page
4. The cryptographic material that each entity has in possession, namely:
1. Each Certification Authority has its own p12 file (p12 suffix), its own certificate (.crt suffix), and its own Certificate Revocation List (.crl suffix). Certificates and CRLs are published in the . The figure shows the file names for each p12 file, each certificate and each CRL.
2. Each participant will have its own certificate file and P12 file with the private key, as issued by Level_CA_OK CA deployed in the portal.

The figure below shows the entities and the files containing cryptographic material for this scenario. Please note that, as it has been said before, each CA in the hierarchy also provides OCSP services for requests dealing with certificates issued by themselves. It is RECOMMENDED that participants store OCSP responses in files whose suffix is .ocsp.