8.

List of documents necessary for rendering the state service in issue and withdrawal of the registration certificate

1. In case of the address of uslugopoluchatel (or his representative by proxy) in the State corporation or to the service provider, for issue of registration certificates NUTs RK:
1) physical person:
the application on issue of registration certificates NUTs RK in form according to appendix 1 to this Standard of the state service received from the portal, PEP or by means of the integrated information system (further – IIS) the State corporation and containing unique number (further – the statement on issue of registration certificates NUTs RK for physical person);
the identity document of uslugopoluchatel, or his representative (for identification of the personality);
the notarized power of attorney on the representative of uslugopoluchatel, with indication of powers to submit documents for issue of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney – in case of representation of interests of uslugopoluchatel.
2) the individual entrepreneur, peasant economy or farm performing activities in the form of joint venture:
the application on issue of registration certificates NUTs RK in form according to appendix 2 to this Standard of the state service received from the portal, PEP or by means of IIS of the State corporation, containing unique number (further – the statement on issue of registration certificates NUTs RK for the legal entity or the individual entrepreneur, peasant economy or farm, performing activities in the form of joint venture of the Republic of Kazakhstan);
the identity document of uslugopoluchatel, or his representative (for identification of the personality);
the notarized power of attorney on the representative of uslugopoluchatel, with indication of powers to submit documents for issue of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney – in case of representation of interests of uslugopoluchatel.
3) legal entity, its branches and representations:
the statement on issue of registration certificates NUTs RK for the legal entity or the individual entrepreneur, peasant economy or farm, performing activities in the form of joint venture of the Republic of Kazakhstan;
the identity document of the representative of uslugopoluchatel (for identification of the personality);
the power of attorney on the representative of uslugopoluchatel on one-time receipt or withdrawal of registration certificates NUTs RK in form according to appendix 3 to this Standard of the state service – in case of representation of interests of person specified in the statement for issue or withdrawal of registration certificates NUTs RK (further – the power of attorney on the representative of uslugopoluchatel). In case of lack of seal of the organization, the power of attorney on the representative of uslugopoluchatel is certified notarially, with indication of powers to submit documents for issue of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney.
For receipt of registration certificates on the first head of branch or representation of the legal entity the power of attorney from authorized body of the legal entity is provided, with indication of powers to submit documents for issue of registration certificates NUTs RK and to undersign for the relevant documents for execution of the order (for reconciliation).
4) physical person – the owner of domain name of Internet resource:
the application on issue of SSL of the registration certificate NUTs RK in form according to appendix 4 to this Standard of the state service received from the portal, PEP or by means of IIS of the State corporation and containing unique number;
the identity document of uslugopoluchatel, or his representative (for identification of the personality);
the notarized power of attorney on the representative of uslugopoluchatel, with indication of power to submit documents for issue of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney – in case of representation of interests of uslugopoluchatel;
one of supporting documents on right of possession domain name of Internet resource on paper:
the certificate on ownership of the domain name issued by the Kazakhstan center of network information;
the statement from service of receipt of registration data on owners of domain names.
5) the legal entity – the owner of domain name of Internet resource:
the application on issue of SSL of the registration certificate NUTs RK in form according to appendix 5 to the present the Standard of the state service at received from the portal, PEP or by means of IIS of the State corporation and containing unique number;
the identity document of the representative of uslugopoluchatel (for identification of the personality);
the power of attorney on the representative of uslugopoluchatel. In case of lack of seal of the organization, the power of attorney on the representative of uslugopoluchatel is certified notarially, with indication of powers to submit documents for issue of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney;
one of supporting documents on right of possession domain name of Internet resource on paper:
the certificate on ownership of the domain name issued by the Kazakhstan center of network information;
the statement from service of receipt of registration data on owners of domain names.
6) participant of information system "Treasury client":
the application on issue of registration certificates NUTs RK in form according to appendix 6 to this Standard of the state service received from the portal, PEP or by means of IIS of the State corporation and containing unique number;
the identity document of the representative of uslugopoluchatel (for identification of the personality);
the agreement, or the supplementary agreement on use of the EDS between Committee of Treasury of the Ministry of Finance of the Republic of Kazakhstan and the client on paper (if signature date of the agreement and date of provision of the agreement, or supplementary agreement in NUTs RK exceeds 3 working days, excepting day of agreement signature (supplementary agreement), then this agreements is rejected);
the power of attorney on the representative of uslugopoluchatel.
7) physical nonresident person:
the statement on issue of registration certificates NUTs RK for physical person;
the identity document of uslugopoluchatel, or his representative (for identification of the personality);
one of documents the containing individual identification number and confirmatory that this nonresident is registered in the territory of the Republic of Kazakhstan according to Item 3 of article 9 of the Law of the Republic of Kazakhstan of January 12, 2007 "About national registers of identification numbers";
the notarized power of attorney on the representative of uslugopoluchatel, with indication of power to submit documents for issue of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney – in case of representation of interests of uslugopoluchatel.
The foreigner, person without citizenship who are constantly living in the territory of other state with production of documents also represent notarially attested transfer of their text in the Kazakh or Russian languages (except as specified provisions of documents in Russian). Fidelity of transfer of the text of documents of the foreigner, stateless person, can be attested in diplomatic representation or consular establishment, or in Foreign Ministry of the state which citizen is the foreigner, or the states of permanent residence of the stateless person.
8) legal nonresident person:
the statement on issue of registration certificates NUTs RK for the legal entity or the individual entrepreneur, peasant economy or farm, performing activities in the form of joint venture of the Republic of Kazakhstan);
the identity document of the representative of uslugopoluchatel (for identification of the personality);
one of documents the containing individual identification number according to Item 3 of article 9 of the Law of the Republic of Kazakhstan of January 12, 2007 "About national registers of identification numbers" – in case of submission of documents by the nonresident;
the power of attorney on the representative of uslugopoluchatel. In case of lack of seal of the organization, the power of attorney on the representative of uslugopoluchatel is certified notarially, with indication of power to submit documents for issue of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney.
For receipt of registration certificates on the first head of branch or representation of legal nonresident person the power of attorney from authorized body of the legal entity with indication of powers is provided to represent the interests of branch or representation of legal nonresident person (for reconciliation).
The foreigner, person without citizenship who are constantly living in the territory of other state with production of documents also represent notarially attested transfer of their text in the Kazakh or Russian languages (except as specified provisions of documents in Russian). Fidelity of transfer of the text of documents of the foreigner, stateless person, can be attested in diplomatic representation or consular establishment, or in Foreign Ministry of the state which citizen is the foreigner, or the states of permanent residence of the stateless person.
2. In case of the address of uslugopoluchatel (or his representative by proxy) in the State corporation or to the service provider, for withdrawal of registration certificates NUTs RK:
1) physical person, the physical person - the owner of domain name of Internet resource, the physical person – the nonresident:
the application on withdrawal of registration certificates NUTs RK in form according to appendix 7 to this Standard of the state service received from the portal, PEP or by means of IIS of the State corporation;
the identity document of uslugopoluchatel, or his representative (for identification of the personality);
the notarized power of attorney on the representative of uslugopoluchatel, with indication of power to submit documents on withdrawal of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney.
2) the individual entrepreneur, peasant economy or farm performing activities in the form of joint venture of the Republic of Kazakhstan:
the application on withdrawal of registration certificates NUTs RK in form according to appendix 8 to this Standard of the state service received from the portal, PEP or by means of IIS of the State corporation (further – the statement on withdrawal of registration certificates NUTs RK for the legal entity or the individual entrepreneur, peasant economy or farm, performing activities in the form of joint venture of the Republic of Kazakhstan);
the identity document of uslugopoluchatel, or his representative (for identification of the personality);
the notarized power of attorney on the representative of uslugopoluchatel, with indication of power to submit documents on withdrawal of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney.
In case of lack of the power of attorney, the withdrawal of registration certificates NUTs RK is performed by uslugopoluchatel by means of portal "personal account".
3) the legal entity, its branches and representations, the legal entity – the nonresident, the legal entity - the owner of domain name of Internet resource, the participant of information system "Treasury client":
the statement on withdrawal of registration certificates NUTs RK for the legal entity or the individual entrepreneur, peasant economy or farm, performing activities in the form of joint venture of the Republic of Kazakhstan;
the identity document of the representative of uslugopoluchatel (for identification of the personality);
the power of attorney on the representative of uslugopoluchatel. At the same time the signature, persons specified in the statement for withdrawal of registration certificates NUTs RK, in the power of attorney is not required. The legal entity has opportunity to withdraw the registration certificate granted on its branch and/or representation by provision of the power of attorney on the representative of uslugopoluchatel from the legal entity.
In case of lack of seal of the organization, the power of attorney on the representative of uslugopoluchatel is certified notarially, with indication of power to submit documents on withdrawal of registration certificates NUTs RK and to undersign for the relevant documents for the execution of the order determined by the power of attorney.
The foreigner, person without citizenship who are constantly living in the territory of other state with production of documents also represent notarially attested transfer of their text in the Kazakh or Russian languages (except as specified provisions of documents in Russian). Fidelity of transfer of the text of documents of the foreigner, stateless person, can be attested in diplomatic representation or consular establishment, or in Foreign Ministry of the state which citizen is the foreigner, or the states of permanent residence of the stateless person.
Data on the identity document (for physical persons), the information about the first head, constituent documents, data on state registration (re-registration) of the legal entity (for legal entities) the service provider or the employee of the State corporation receives from the corresponding state information systems through lock of "the electronic government". In case of representation of interests by the representative of uslugopoluchatel under the notarized power of attorney, the service provider or the employee of the State corporation checks the power of attorney, makes the copy of the power of attorney and puts to the main document package then returns the original to uslugopoluchatel. In case of submission of the power of attorney on the representative of uslugopoluchatel the certified seal of the organization, the service provider or the employee of the State corporation checks the power of attorney and puts to the main document package.
The service provider or the employee of the State corporation receives the written consent to use of the data which are the secret protected by the law, containing in information systems when rendering the state systems if other is not provided by the laws of the Republic of Kazakhstan.
In case of delivery of all necessary documents for receipt of the state service through the State corporation, the employee of the State corporation issues to uslugopoluchatel the receipt on acceptance of the relevant documents with indication of the list of the accepted documents, surnames, name and middle name (in the presence) of the worker who adopted the statement, dates and time of filing of application, and also date of issue of ready documents.
3. In case of the address on the portal or PEP for issue of registration certificates by means of "personal account" the uslugopoluchatel (except for participants of information system "Treasury client" and owners of the registration certificate SSL) sends inquiry in electronic form, containing open key (i) and certified by the existing digital signature of uslugopoluchatel.
For receipt of the registration certificate on information system, uslugopoluchatel – the owner of information system (physical person or legal entity), by means of the portal sends inquiry in electronic form containing open key (i) and certified by the existing digital signature of uslugopoluchatel by means of the portal. For application, it is necessary to specify the registered object identifier information system.
If the inquiry is sent by the employee of the legal entity, the first head of the legal entity (branch, representation), or person given the right of confirmation of requests for issue of the registration certificate NUTs RK confirms the request for issue of the registration certificate NUTs RK by the certificate it with the digital signature.
On the portal or PEP the uslugopoluchatel has opportunity to withdraw the registration certificate, having sent inquiry for withdrawal of the registration certificate in electronic form certified by the existing digital signature of uslugopoluchatel.

№ of payment order

Surname, name, middle name (in case of its availability).

IIN

BIN

Organization

Area, city, area

The e-mail address (for the notification about the expiration of actions)

Subscriber number of cellular communication

1

2

3

4

5

6

7

8

№

Surname, name, middle name (in case of its availability)

IIN

BIN

Organization

Area, city, area

Requisition number (it is filled when giving online)

The e-mail address (for the notification about the expiration of actions)

Subscriber number of cellular communication

1

2

3

4

5

6

7

8

9

Type

Description

Value

Obligation/criticality

Version

Version

V3

Not crucially

Serial Number

Serial number

Value of integer in hexadecimal representation

Not crucially

Signature Algorithm

Signature algorithm

GOST 34.310-2004

Not crucially

Issuer

Publisher (Unique name)

CN = MEMLEKETT_K ORGANDARDYN KUELANDYRU OF THE ORTALYGA
O = "ULTTYK AKPARATTYK TEKHNOLOGIYALAR" OF JOINT STOCK COMPANY
WITH = KZ

Not crucially

Valid From

It is valid with

Day/month/year hours/minute/second

Not crucially

Valid To

It is valid to

Day/month/year hours/minute/second

Not crucially

Subject

Subject (Unique name)

E = ELEKTRONDYK MAIL
G = EKES_N_N ATA
SERIALNUMBER = IIN XXXXXXXXXXXX
CN = ТЕГІ ATY
OU = BIN XXXXXXXXXXXX
O = MEKEME ATAUY
S = OBLYS
C = KZ

Not crucially

Public Key

Open key

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Not crucially

Key Usage

Use of keys

Digital signature, Neotrekayemost

Not crucially

CRL Distribution Point

Point of distribution of lists of response

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.ucgo.gov.kz/ucgo.crl
URL=http://crl1.ucgo.gov.kz/ucgo.crl

Not crucially

Authority Information Access

Access to data of the center of certification

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name: URL=http://ucgo.gov.kz/cert/ucgo.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the certificate through network (1.3.6.1.5.5.7.48.1)
Additional name:
URL = http://ocsp.ucgo.gov.kz

Not crucially

Certificate Policy

Politicians of the registration certificate

[1] Policy of the certificate:
Identifier of policy =1.2.398.5.3.2.1.1
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy of =CPS
Qualifier:
http://ucgo.gov.kz/cps

Not crucially

Subject Key Identifier

Identifier of key of the subject

Serial number of the registration certificate

Not crucially

Certificate Authority Key Identifier

Identifier of key of the center of certifications

Key identifier = serial number
Supplier of the certificate:
Catalog address:
CN = MEMLEKETT_K ORGANDARDYN KUELANDYRU OF THE ORTALYGA
O = "ULTTYK AKPARATTYK TEKHNOLOGIYALAR" OF JOINT STOCK COMPANY
WITH = KZ
Serial number of the certificate = serial number

Not crucially

Type

Description

Value

Obligation/criticality

Version

Version

V3

Not crucially

Serial Number

Serial number

Value of integer in hexadecimal representation

Not crucially

Signature Algorithm

Signature algorithm

GOST 34.310-2004

Not crucially

Issuer

Publisher (Unique name)

CN = MEMLEKETT_K ORGANDARDYN KUELANDYRU OF THE ORTALYGA
O = "ULTTYK AKPARATTYK TEKHNOLOGIYALAR" OF JOINT STOCK COMPANY
WITH = KZ

Not crucially

Valid From

It is valid with

Day/month/year hours/minute/second

Not crucially

Valid To

It is valid to

Day/month/year hours/minute/second

Not crucially

Subject

Subject (Unique name)

Phone = + 7XXXXXXXXXX
E = ELEKTRONDYK MAIL
G = EKES_N_N ATA
SERIALNUMBER = IIN XXXXXXXXXXXX
CN = ТЕГІ ATY
OU = BIN XXXXXXXXXXXX
O = MEKEME ATAUY
S = OBLYS
C = KZ

Not crucially

Public Key

Open key

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Not crucially

Key Usage

Use of keys

Digital signature, Enciphering of keys

Not crucially

Extended Key Usage

Expanded use of key

2.5.29.37

Check of authenticity of the client
1.3.6.1.5.5.7.3.2

CRL Distribution Point

Point of distribution of lists of response

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.ucgo.gov.kz/ucgo.crl
URL=http://crl1.ucgo.gov.kz/ucgo.crl

Not crucially

Authority Information Access

Access to data of the center of certification

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name: URL=http://ucgo.gov.kz/cert/ucgo.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the certificate through network (1.3.6.1.5.5.7.48.1)
Additional name:
URL = http://ocsp.ucgo.gov.kz

Not crucially

Certificate Policy

Politicians of the registration certificate

[1] Policy of the certificate:
Identifier of policy =1.2.398.5.3.2.1.1
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy of =CPS
Qualifier:
http://ucgo.gov.kz/cps

Not crucially

Subject Key Identifier

Identifier of key of the subject

Serial number of the registration certificate

Not crucially

Certificate Authority Key Identifier

Identifier of key of the center of certifications

Key identifier = serial number
Supplier of the certificate:
Catalog address:
CN = MEMLEKETT_K ORGANDARDYN KUELANDYRU OF THE ORTALYGA
O = "ULTTYK AKPARATTYK TEKHNOLOGIYALAR" OF JOINT STOCK COMPANY
WITH = KZ
Serial number of the certificate = serial number

Not crucially

___________________________________,
(name of the settlement)

"__" _______________ 20 ___.

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the v3 X.509 format

Version

Version of the X.509 Standard

–

V3

SerialNumber

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Issuer

Data of the Publisher of the registration certificate

CN=2.5.4.3
O=2.5.4.10
C=2.5.4.6

CN = НЕГІЗГІ KUELANDYRUSHA ORTALYK (RSA)
O = PMK "MEMLEKETT_K TEKHNIKALYK KYZMET"
WITH = KZ

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with:
YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

PublicKey

Value of open key (4096 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the v3 X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Basic Constraints

Main restrictions

2.5.29. 19, critical

Subject's type = Center of certification
Restriction for length of way = Is absent

Key Usage

Use of key

2.5.29. 15, critical

Signing of the registration certificate, Autonomous signing of the list of response (CRL), Signing of the list of response (CRL) (06)

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Policy identifier = 1.2.398.3.3.1.1
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://root.gov.kz/cert/root_rsa.cer

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.root.gov.kz/rsa.crl
URL=http://crl1.root.gov.kz/rsa.crl

Digital Signature

Digital signature of the center of certification (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the v3 X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the Publisher of the registration certificate

CN=2.5.4.3
O=2.5.4.10
C=2.5.4.6

CN = НЕГІЗГІ KUELANDYRUSHA ORTALYK (RSA)
O = PMK "MEMLEKETT_K TEKHNIKALYK KYZMET"
WITH = KZ

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the owner registration
certificates

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Public Key

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the v3 X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Basic Constraints

Main restrictions

2.5.29. 19, critical

Subject's type = center of certification
Restriction for length of way = Is absent

Key Usage

Use of key

2.5.29. 15, critical

Signing of registration certificates, Autonomous signing of the list of response (CRL), Signing of the list of response (CRL) (06)

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.3.3.1.1
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://root.gov.kz/cert/root_gost.cer

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.root.gov.kz/gost.crl
URL=http://crl1.root.gov.kz/gost.crl

Digital Signature

Digital signature of the center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

à =
SERIALNUMBER = 2.5.4.5
SN=2.5.4.4
G=2.5.4.42
CN =2.5.4.3
C=2.5.4.6

E = E-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
CN = Surname Name (obligatory field)
C = KZ (obligatory field)

PublicKey

Value of open key (2048 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Neotrekayemost

Extended Key Usage

Expanded use of key

2.5.29.37

The protected e-mail-1.3.6.1.5.5.7.3.4
Physical person - 1.2.398.3.3.4.1.1
Digital-ID identification - 1.2.398.3.3.4.3.2.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.3.3.2.3
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps
[1,2] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = Text of the notification
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_rsa.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_rsa.crl
URL = http://crl1.pki.gov.kz/nca_rsa.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_d_rsa.crl
URL = http://crl1.pki.gov.kz/nca_d_rsa.crl

Digital Signature

Digital signature of the Center of certification (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

 sha256WithRSAEn cryption

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

Е =
SERIALNUMBER = 2.5.4.5
SN=2.5.4.4
G=2.5.4.42
CN =2.5.4.3
C=2.5.4.6

E = e-mail address of physical person (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
CN = Surname Name (obligatory field)
C = KZ (obligatory field)

PublicKey

Value of open key (2048 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Enciphering of keys

Extended Key Usage

Expanded use of key

2.5.29.37

Check of authenticity of the client-1.3.6.1.5.5.7.3.2
Physical person - 1.2.398.3.3.4.1.1
Digital-ID identification - 1.2.398.3.3.4.3.2.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.3.3.2.4
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier: http://pki.gov.kz/cps
[1,2] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = Text of the notification
http://pki.gov.kz/cps qualifier

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_rsa.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_rsa.crl
URL=http://crl1.pki.gov.kz/nca_rsa.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_rsa.crl
URL=http://crl1.pki.gov.kz/nca_d_rsa.crl

Digital Signature

Digital signature of the Center of certification (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

à =
SERIALNUMBER = 2.5.4.5
SN=2.5.4.4
G=2.5.4.42
CN =2.5.4.3
C=2.5.4.6

E = E-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
CN = Surname Name (obligatory field)
C = KZ (obligatory field)

PublicKey

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Neotrekayemost

Extended Key Usage

Expanded use of key

2.5.29.37

The protected e-mail-1.3.6.1.5.5.7.3.4
Physical person - 1.2.398.3.3.4.1.1
Digital-ID identification - 1.2.398.3.3.4.3.2.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.3.3.2.3
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps
[1,2] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = Text of the notification
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_gost.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_gost.crl
URL = http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_d_gost.crl
URL = http://crl1.pki.gov.kz/nca_d_gost.crl

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner of the registration certificate

Е =
SERIALNUMBER = 2.5.4.5
SN=2.5.4.4
G=2.5.4.42
CN =2.5.4.3
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6

E = e-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
CN = Surname Name (obligatory field)
OU = BIN012345678910 (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)

Public Key

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Neotrekayemost

Extended Key Usage

Expanded use of key

2.5.29.37

The protected e-mail-1.3.6.1.5.5.7.3.4
Legal person / the individual entrepreneur performing activities in the form of joint venture - 1.2.398.3.3.4.1.2
Available identifiers:
1.2.398.3.3.4.1.2.1 – The first head of legal person / the individual entrepreneur performing activities in the form of joint venture
1.2.398.3.3.4.1.2.2 – Person given right to sign
1.2.398.3.3.4.1.2.3 - Person given right to sign of financial records
1.2.398.3.3.4.1.2.4 – Employee of personnel department
1.2.398.3.3.4.1.2.5 – Employee of the organization
Digital-ID identification - 1.2.398.3.3.4.3.2.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.3.3.2.1
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy of =CPS
Qualifier:
http://pki.gov.kz/cps
[1,2] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = Text of the notification
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name: URL=http://pki.gov.kz/cert/nca_gost.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL = URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_gost.crl
URL=http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_gost.crl
URL=http://crl1.pki.gov.kz/nca_d_gost.crl

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

Е =
SERIALNUMBER =2.5.4.5
SN=2.5.4.4
G=2.5.4.42
CN =2.5.4.3
OU=2.5.4.11
About =2.5.4.10
C=2.5.4.6

E = Mail e-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
CN = Surname Name (obligatory field)
OU = BIN012345678910 (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)

Public Key

Value of open key (2048 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Enciphering of keys

Extended Key Usage

Expanded use of key

2.5.29.37

Check of authenticity of the client (1.3.6.1.5.5.7.3.2)
Legal person / the individual entrepreneur performing activities in the form of joint venture - 1.2.398.3.3.4.1.2
Available identifiers:
1.2.398.3.3.4.1.2.1 – The first head of legal person / the individual entrepreneur performing activities in the form of joint venture
1.2.398.3.3.4.1.2.2 – Person given right to sign
1.2.398.3.3.4.1.2.3 - Person given right to sign of financial records
1.2.398.3.3.4.1.2.4 – Employee of personnel department
1.2.398.3.3.4.1.2.5 – Employee of the organization
Digital-ID identification - 1.2.398.3.3.4.3.2.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.3.3.2.2
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps
[1,2] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = Text of the notification
Qualifier: http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_rsa.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_rsa.crl
URL=http://crl1.pki.gov.kz/nca_rsa.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_rsa.crl
URL=http://crl1.pki.gov.kz/nca_d_rsa.crl

Digital Signature

Digital signature of TsS (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, Criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

Е =
SERIALNUMBER =2.5.4.5
SN=2.5.4.4
G=2.5.4.42
CN =2.5.4.3
BUSINESSCATEGORY = 2.5.4.15
DC=0.9.2342.19200300.100.1.25
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6

E = e-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
CN = Surname Name (obligatory field)
BUSINESSCATEGORY = KS01234 (obligatory field)
DC = ROLE01 (obligatory field)
OU = BIN012345678910 (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)

PublicKey

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Neotrekayemost

Extended Key Usage

Expanded use of key

2.5.29.37

The protected e-mail-1.3.6.1.5.5.7.3.4
Legal person / the individual entrepreneur performing activities in the form of joint venture-1.2.398.3.3.4.1.2;
Digital-ID identification - 1.2.398.3.3.4.3.2.1
The information system K2 - 1.2.398.5.19.1.2.2.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.5.19.1.2.2.1.2
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL = http://pki.gov.kz/cert/nca_gost.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name:
URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_gost.crl
URL=http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_gost.crl
URL=http://crl1.pki.gov.kz/nca_d_gost.crl

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

Е =
SERIALNUMBER =2.5.4.5
SN=2.5.4.4
G=2.5.4.42
CN =2.5.4.3
BUSINESSCATEGORY = 2.5.4.15
DC=0.9.2342.19200300.100.1.25
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6

E = e-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
CN = Surname Name (obligatory field)
BUSINESSCATEGORY = KS01234 (obligatory field)
DC = ROLE01 (obligatory field)
OU = BIN012345678910 (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)

Public Key

Value of open key (2048 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Enciphering of keys

Extended Key Usage

Expanded use of key

2.5.29.37

Check of authenticity of the client (1.3.6.1.5.5.7.3.2)
Available identifiers:
1.2.398.3.3.4.1.2 – Legal person / the individual entrepreneur performing activities in the form of joint venture;
Digital-ID identification - 1.2.398.3.3.4.3.2.1;
1.2.398.5.19.1.2.2.1 – Information system K2

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.5.19.1.2.2.1.3
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps

Authority Info Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_rsa.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_rsa.crl
URL=http://crl1.pki.gov/kz/nca_rsa.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/crl/nca_d_rsa.crl
URL=http://crl1.pki.gov.kz/crl/nca_d_rsa.crl

Digital Signature

Digital signature of the Center of certification (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Issuer

Data of the Publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

Е =
SERIALNUMBER = 2.5.4.5
CN =2.5.4.3
C=2.5.4.6

E = E-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
CN = Domain name (obligatory field)
C = KZ (obligatory field)

Public Key

Value of open key (2048 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Extended Key Usage

Expanded use of key

2.5.29.37

Check of authenticity of the server
(1.3.6.1.5.5.7.3. 1)
Physical person - 1.2.398.3.3.4.1.1
Digital-ID identification - 1.2.398.3.3.4.3.2.1

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Enciphering of keys

Subject Alternative
Name

Additional
name of the subject

DNS name = Domain name-1
DNS name = Domain name-2
DNS name = N
(obligatory field)
Maximum quantity of admissible domain names = 10 domain names

Authority Info Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL = http://pki.gov.kz/cert/nca_rsa.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Certificate Policy

Policy of the registration certificate

2.5.29.32

1] Policy of the certificate:
Policy identifier = 1.2.398.3.3.2.5
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy of =CPS
Qualifier:
http://pki.gov.kz/cps

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_rsa.crl
URL=http://crl1.pki.gov.kz/nca_rsa.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_rsa.crl
URL=http://crl1.pki.gov.kz/nca_d_rsa.crl

Digital Signature

Digital signature of TsS (4096 bits)

1.2.840.113549.1.1.1.1

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

Е =
SERIALNUMBER =2.5.4.5
SN=2.5.4.4
CN =2.5.4.3
OU=2.5.4.11
About =2.5.4.10
L=2.5.4.7
S=2.5.4.8
C=2.5.4.6

E = Mail e-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
CN = Domain name (obligatory field)
OU = BIN012345678910 (obligatory field)
O = Name of the organization (obligatory field)
L = City of registration of the legal entity (obligatory field)
S = Field of registration of the legal entity (obligatory field)
C = KZ (obligatory field)

Public Key

Value of open key (2048 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Extended Key Usage

Expanded use of key

2.5.29.37

Check of authenticity of the server
(1.3.6.1.5.5.7.3. 1)
Legal person / the individual entrepreneur performing activities in the form of joint venture - 1.2.398.3.3.4.1.2
Digital-ID identification - 1.2.398.3.3.4.3.2.1

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Enciphering of keys

Subject Alternative Name

Additional name of the subject

DNS name = Domain name-1
DNS name = Domain name-2
DNS name = N
(obligatory field)
Maximum quantity of admissible domain names = 10 domain names

Authority Info Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL = http://pki.gov.kz/cert/nca_rsa.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Certificate Policy

Policy of the registration certificate

2.5.29.32

1] Policy of the certificate:
Policy identifier = 1.2.398.3.3.2.5
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy of =CPS
Qualifier:
http://pki.gov.kz/cps

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_rsa.crl
URL=http://crl1.pki.gov.kz/nca_rsa.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_rsa.crl
URL=http://crl1.pki.gov.kz/nca_d_rsa.crl

Digital Signature

Digital signature of TsS (4096 bits)

1.2.840.113549.1.1.1.1

Value

Field

Description

OID, Criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

SERIALNUMBER =2.5.4.5
CN =2.5.4.3
UID=0.9.2342.19200300.100.1.1
C=2.5.4.6

SERIALNUMBER = IIN012345678910 (obligatory field)
CN = Name of information system (obligatory field)
UID = OID of information system issued by authorized body (the obligatory field)
C = KZ (obligatory field)

PublicKey

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Neotrekayemost

Extended Key Usage

Expanded use of key

2.5.29.37

Physical person-1.2.398.3.3.4.1.1; The Information system of physical person - 1.2.398.3.3.4.1.1.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.5.19.1.2.2.1.2
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL = http://pki.gov.kz/cert/nca_gost.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name:
URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_gost.crl
URL=http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_gost.crl
URL=http://crl1.pki.gov.kz/nca_d_gost.crl

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, Criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

CN =2.5.4.3
UID=0.9.2342.19200300.100.1.1
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6

CN = Name of information system (obligatory field)
UID = OID of information system issued by authorized body (the obligatory field)
OU = BIN012345678910 (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)

PublicKey

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Neotrekayemost

Extended Key Usage

Expanded use of key

2.5.29.37

Legal person / the individual entrepreneur performing activities in the form of joint venture 1.2.398.3.3.4.1.2;
Information system of the legal entity-1.2.398.3.3.4.1.2.6

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.5.19.1.2.2.1.2
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL = http://pki.gov.kz/cert/nca_gost.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name:
URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_gost.crl
URL=http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_gost.crl
URL=http://crl1.pki.gov.kz/nca_d_gost.crl

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

à =
SERIALNUMBER = 2.5.4.5
SN=2.5.4.4
G=2.5.4.42
CN =2.5.4.3
C=2.5.4.6

E = E-mail address (optional field)
SERIALNUMBER = IIN012345678910 (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
CN = Surname Name (obligatory field)
C = KZ (obligatory field)

PublicKey

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject consists of twenty byte formats, degree of the first byte which shall be between values 0x10 and 0x7F, otherwise the first byte will change on any values between 0x10 and 0x7F.
Generation happens, when forming PKCS10 of request.

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Neotrekayemost

Extended Key Usage

Expanded use of key

2.5.29.37

The protected e-mail-1.3.6.1.5.5.7.3.4
Physical person - 1.2.398.3.3.4.1.1
Digital-ID identification - 1.2.398.3.3.4.3.2.1
Storage of the closed keys of users of "Certex Cloud" - 1.2.398.3.3.5.3.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Identifier of policy =1.2.398.3.3.2.3
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS (1.3.6.1.5.5.7.2.1)
Qualifier:
http://pki.gov.kz/cps
[1,2] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = Notification of the user (1.3.6.1.5.5.7.2.2)
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_gost.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_gost.crl
URL = http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_d_gost.crl
URL = http://crl1.pki.gov.kz/nca_d_gost.crl

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Subject

Data of the Owner registration
certificates

SERIALNUMBER = 2.5.4.5
CN =2.5.4.3
SN=2.5.4.4
G=2.5.4.42
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6
à =

SERIALNUMBER = IIN012345678910 (obligatory field)
CN = Surname Name (obligatory field)
SN = Surname (optional field)
G = Middle name (optional field)
OU=BIN12345678902 (obligatory field)
O= Name of the organization (obligatory field)
C = KZ (obligatory field)
E = E-mail address (optional field)

PublicKey

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject consists of twenty byte formats, degree of the first byte which shall be between values 0x10 and 0x7F, otherwise the first byte will change on any values between 0x10 and 0x7F.
Generation happens, when forming PKCS10 of request.

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Key Usage

Use of key

2.5.29. 15, critical

Digital signature, Neotrekayemost

Extended Key Usage

Expanded use of key

2.5.29.37

The protected e-mail-1.3.6.1.5.5.7.3.4
The legal entity - 1.2.398.3.3.4.1.2
Available identifiers: 1.2.398.3.3.4.1.2.1 – The first head of the legal entity having right to sign 1.2.398.3.3.4.1.2.2 – Person given right to sign
1.2.398.3.3.4.1.2.3 - Person given right to sign of financial records 1.2.398.3.3.4.1.2.4 – the Employee of personnel department given the right to confirm the applications for release of registration certificates submitted from employees of the legal entity
1.2.398.3.3.4.1.2.5 – Employee of the organization
Digital-ID identification - 1.2.398.3.3.4.3.2.1
Storage of the closed keys of users of "Certex Cloud" - 1.2.398.3.3.5.3.1

Certificate Policy

Policy of the registration certificate

2.5.29.32

[1] Policy of the registration certificate:
Policy identifier = 1.2.398.3.3.2.1
[1,1] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = CPS (1.3.6.1.5.5.7.2.1)
Qualifier:
http://pki.gov.kz/cps
[1,2] of the Data of the qualifier of policy:
Identifier of the qualifier of policy = Notification of the user (1.3.6.1.5.5.7.2.2)
Qualifier:
http://pki.gov.kz/cps

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_gost.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_gost.crl
URL = http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL = http://crl.pki.gov.kz/nca_d_gost.crl
URL = http://crl1.pki.gov.kz/nca_d_gost.crl

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields SORS in the X.509 format

Version

Version of the Standard X.509

–

V2

Issuer

Data of the publisher of SORS

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

This Update

SORS edition time

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Next Update

SORS following updating

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Additional fields SORS in the X.509 format

Number CRL

Sequence number of SORS

2.5.29.20

Consistently increasing number

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Digital Signature

Digital signature of TsS (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, criticality

Content

Basic fields SORS in the X.509 format

Version

Version of the Standard X.509

–

V2

Issuer

Data of the Publisher of SORS

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

This Update

SORS edition time

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Next Update

SORS following updating

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Additional fields SORS in the X.509 format

Number CRL

Sequence number of SORS

2.5.29.20

Consistently increasing number

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields SORS in the X.509 format

Version

Version of the Standard X.509

–

V2

Issuer

Data of the Publisher of SORS

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

This Update

SORS edition time

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Next Update

SORS following updating

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Additional fields SORS in the X.509 format

Number CRL

Sequence number of SORS

2.5.29.20

Consistently increasing number

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Freshest CRL

Identifier of differential SORS

2.5.29. 46, critical

–

Digital Signature

Digital signature of TsS (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, criticality

Content

Basic fields SORS in the X.509 format

Version

Version of the Standard X.509

–

V2

Issuer

Data of the Publisher of SORS

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

This Update

SORS edition time

UTC TIME

It is valid with: YYMMDDHHMMSSZ UTC

Next Update

SORS following updating

UTC TIME

It is valid on: YYMMDDHHMMSSZ UTC

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Additional fields SORS in the X.509 format

Number CRL

Sequence number of SORS

2.5.29.20

Consistently increasing number

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Freshest CRL

Identifier of differential SORS

2.5.29. 46, critical

–

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ GMT

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ GMT

Subject

Data of the Owner registration
certificates

CN =2.5.4.3
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6

CN = Name of service (obligatory field)
OU = Division (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)

Public Key

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

GOST 34.310-2004

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Extended Key Usage

Expanded use of key

2.5.29.37

Online Certificate Status Protocol (1.3.6.1.5.5.7.3.9)

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_gost.cer

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_gost.crl
URL=http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_gost.crl
URL=http://crl1.pki.gov.kz/nca_d_gost.crl

OCSP No Revocation Checking

Check of irrevocability of OCSP

1.3.6.1.5.5.7.48.1.5

Empty value

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ GMT

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ GMT

Subject

Data of the Owner registration
certificates

CN =2.5.4.3
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6
SERIALNUMBER = 2.5.4.5

CN = Name of service (obligatory field)
OU = Division (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)
SERIALNUMBER = IIN012345678910 (obligatory field)

Public Key

Value of open key (2048 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Extended Key Usage

Expanded use of key

2.5.29.37

Online Certificate Status Protocol (1.3.6.1.5.5.7.3.9)

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_rsa.cer

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_rsa.crl
URL=http://crl1.pki.gov.kz/nca_rsa.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_rsa.crl
URL=http://crl1.pki.gov.kz/nca_d_rsa.crl

OCSP No Revocation Checking

Check of irrevocability of OCSP

1.3.6.1.5.5.7.48.1.5

Empty value

Digital Signature

Digital signature of the Center of certification (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.840.113549.1.1.11

sha256WithRSAEn cryption

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (RSA) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ GMT

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ GMT

Subject

Data of the Owner registration
certificates

CN =2.5.4.3
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6 SERIALNUMBER = 2.5.4.5

CN = Name of service (obligatory field)
OU = Division (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)
SERIALNUMBER = IIN012345678910 (obligatory field)

Public Key

Value of open key (2048 bits)

1.2.840.113549.1.1.1

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Extended Key Usage

Expanded use of key

2.5.29. 37, critical

Installation of mark of time (1.3.6.1.5.5.7.3.8)

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL=http://pki.gov.kz/cert/nca_rsa.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name: URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_rsa.crl
URL=http://crl1.pki.gov.kz/nca_rsa.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_rsa.crl
URL=http://crl1.pki.gov.kz/nca_d_rsa.crl

Digital Signature

Digital signature of the Center of certification (4096 bits)

1.2.840.113549.1.1.11

Value

Field

Description

OID, criticality

Content

Basic fields of the registration certificate in the X.509 format

Version

Version of the Standard X.509

–

V3

Serial Number

Serial number of the registration certificate

–

Positive, integer
(no more than 20 bytes)

Signature Algorithm

Signature algorithm

1.2.398.3.10.1.1.1.2

GOST 34.310-2004

Issuer

Data of the publisher of the registration certificate

C=2.5.4.6
CN =2.5.4.3

C = KZ (obligatory field)
CN = ULTTYK KUELANDYRUShY of ORTALYK (GOST) (obligatory field)

Validity from

Time of the beginning of effective period

UTC TIME

It is valid with: YYMMDDHHMMSSZ GMT

Validity to

Time of the termination of effective period

UTC TIME

It is valid on: YYMMDDHHMMSSZ GMT

Subject

Data of the Owner registration
certificates

SERIALNUMBER = 2.5.4.5
CN =2.5.4.3
OU=2.5.4.11
O=2.5.4.10
C=2.5.4.6

CN = Name of service (obligatory field)
OU = Division (obligatory field)
O = Name of the organization (obligatory field)
C = KZ (obligatory field)
SERIALNUMBER = IIN012345678910 (obligatory field)

Public Key

Value of open key (512 bits)

1.2.398.3.10.1.1.1.1
with parameters
1.2.398.3.10.1.1.1.1.1
1.2.398.3.10.1.3.1.1.0

Value

Additional fields of the registration certificate in the X.509 format

Subject Key Identifier

Identifier of key of the subject

2.5.29.14

Value the identifier of key of the subject in hexadecimal format

Authority Key Identifier

Identifier of key of the center of certification

2.5.29.35

Value of the identifier of key of the center of certification in hexadecimal format

Extended Key Usage

Expanded use of key

2.5.29. 37, critical

Installation of mark of time (1.3.6.1.5.5.7.3.8)

Certificate Authority Information Access

Information access about the centers of certification

1.3.6.1.5.5.7.1.1

[1] Access to data of the center of certification
Access method = Supplier of the center of certification (1.3.6.1.5.5.7.48.2)
Additional name:
URL = http://pki.gov.kz/cert/nca_gost.cer
[2] Access to data of the center of certification
Access method = the Protocol of determination of condition of the registration certificate through network (1.3.6.1.5.5.7.48.1)
Additional name:
URL=http://ocsp.pki.gov.kz

Crl Distribution Points

Points of distribution of lists of response

2.5.29.31

[1] Point of distribution of the list of response (CRL)
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_gost.crl
URL=http://crl1.pki.gov.kz/nca_gost.crl

Freshest Crl Distribution Points

The latest CRL

2.5.29.46

[1] The latest CRL
Distribution point name:
Complete name:
URL=http://crl.pki.gov.kz/nca_d_gost.crl
URL=http://crl1.pki.gov.kz/nca_d_gost.crl

Digital Signature

Digital signature of the Center of certification (512 bits)

1.2.398.3.10.1.1.1.2

Value