AOC Digital Certification Service – Complete Guide

In this guide, intended for organizations that subscribe to the AOC Certification Service (SCD) , we explain how the entire process of requesting certificates from AOC works, from the time the organization becomes a subscriber until it requests and receives the certificates.

Key concepts of the Digital Certification Service (SCD)

Certification service providers: These are entities authorized to issue digital certificates and that guarantee the veracity of the data they contain. These providers must comply with current regulations on electronic signatures and are supervised by the Ministry of Digital Transformation and Public Administration. AOC is a qualified certification service provider.

Digital certificate: a digital certificate is an electronic means for the secure identification of both natural and legal persons on the Internet. It allows identification on websites, the performance of online transactions and the digital signing of documents with legal validity. Issued by recognized authorities, it links a public key to an identity, guaranteeing the identification of the issuer, the integrity of the transaction, the irrefutability of commitments and the confidentiality of communication.

Subscriber entities: these are the Catalan public sector organizations registered with the AOC Digital Certification Service and which can request certificates from AOC.

Registration Entity T-CAT: These are organizations authorized to issue digital certificates for the public administrations to which they are assigned. Some Registration Entities are, for example, the Regional Councils, which issue digital certificates to organizations in their region.

Some certificates, by their nature, are only issued by the AOC Registration Entity (such as Pseudonym and Representative certificates).

Roles of the AOC Digital Certification service: when we talk about SCD roles we are talking about the different people who intervene in the certificate application process. The Roles are:

• Service manager: contact person with the AOC and responsible for delivering the certificates.
• Data certifier : person who guarantees the veracity of the data in certificate requests.
• Applicant for personal and application certificates : person who can request the issuance, renewal or revocation of personal or application certificates (depending on whether they are an applicant for personal or application certificates).

Subscriber file: is the document through which the subscribing organization defines the roles of its personnel for the management of the AOC Digital Certification Service. With the first sending of the file to AOC, the organization requests registration for the service and with subsequent sendings communicates any changes. The file must be updated every two years whether there are changes or not.

Subscriber Folder: The Subscriber Folder is the web space that the AOC Consortium offers to those responsible for the service to manage the delivery of personal certificates and the generation of application certificates for their organization.

What certificates does AOC issue to Catalan public administrations?

The AOC issues the following types of certificates to public administrations:

• Employee and public worker certificates of an organization (on card and in software)
• Certificates of Representative of an organization
• Pseudonym Certificates
• Application Certificates
• Electronic Seal Certificates

Check the detailed list in the AOC Digital Certificate Catalog .

How much do AOC certificates cost?

Check the specific cost of each certificate at Public Prices of the AOC Digital Certification Service (AOC Electronic Office). The price will vary depending on whether the certificate is requested urgently or in the ordinary term (More information about the terms at What is the term for issuing digital certificates? )

Which organizations can request certificates from AOC?

The AOC Digital Certification Service is aimed at all organizations belonging to the Catalan public sector and its related organizations that wish to provide certificates to their personnel or their systems, according to the definition of its scope of application regulated by article 2.1 of Law 29/2010 .

For more information, you can consult the Specific Conditions of the digital certification service available in Conditions of provision of services AOC.

How to register for the AOC Digital Certification Service?

You must follow some steps to request registration for the service and thus be able to become a subscribing entity:

1. Join EACAT, if the organization is not already a member. Information on How to join EACAT ?

2. Register in EACAT the users who will be involved in the certificate application and issuance process, so that once the subscriber file has been received, the corresponding roles can be assigned to each user from AOC. The registration of users will be carried out by the organization's EACAT user manager.

3. Send the subscriber form by email following the steps in: Registration for the AOC digital certification service (First sending of the subscriber entity form).

Once the registration of the organization as a subscribing entity has been approved, the AOC Consortium will take some actions so that from the new subscribing entity you can make requests through EACAT:

• We will assign permissions to EACAT of applicants, certifiers and service managers.
• We will deliver the digital certificates of applicants, certifiers and responsible person and PIN and PUK codes by post, in separate shipments.
• We will activate the digital certification service in EACAT at the entity so that you can make new certificate requests completely digitally.
• We will authorize the Service Manager to access the Subscriber Folder for the delivery of the organization's certificates.

How are certificates requested?

Once we at AOC have approved the registration of the organization and have taken the different actions so that you can request the certificates through EACAT, the steps to follow to request the certificates are:

1. Identify yourself at EACAT
2. Access Procedures> Consortium Provider AOC>Digital Certification Service
3. Select the type of certificate to request.
4. Complete the application and send it signed by the applicant and certifier.

You will find all the information on how to request certificates in Requesting digital certificates through EACAT .

What happens once the certificates are requested?

If, upon receiving the request, an error is detected (for example, that a requested certificate already exists), the Digital Certification Service Manager will receive a warning email, and the request will not be processed.

If no errors are detected in the sent request:

1. Registration of the request in EACAT: it will be registered in the corresponding T-CAT Registration Entity (ER T-CAT). You can consult the ER to which the request is addressed in the entry generated in EACAT.
2. Approval and issuance from the ER T-CAT: the next step is the review by the person with the approver role within the ER T-CAT who, if they do not detect any obvious error in the data of the requested certificate, will approve it (For more information, consult the deadlines ).
   
   • In the case of T-CAT in software (T-CAT P), once approved, it will be pending issuance by the person responsible for the subscribing entity (requesting organization).
   • In the case of T-CAT on card, in addition to approval, the ER T-CAT must generate the physical certificate and send it.
3. Delivery of the certificate: The Service Manager of the Subscriber entity will then receive an email informing them that the certificate is pending delivery. They will need to deliver the personal certificate or download it in the case of an application certificate through the Subscriber Folder.

What is the deadline for issuing digital certificates?

The deadline (except in the case of representative and pseudonym certificates*) is:

• Regular service: 16 working days
• Urgent service: 4 working days

* Representative and pseudonym certificates:

• Ordinary service: maximum 20 working days.
• Urgent service (Only applicable to renewals or in case of loss, theft, etc.): 4 working days. It is limited to five requests per organization per week.

How to modify the subscriber file? (Changes in roles, in the organization's data)

Every time there is a change in the data of the organization or the people involved in the certificate application process, the file must be modified.

See how to do this in Updating your subscriber listing .

Resending the subscriber file every two years

According to the conditions of the AOC Digital Certification Service, organizations must send the "Service Sheet" every 24 months, even if there are no changes.

See how to do this in Subscriber Listing Forwarding .

Resources for subscribing entities and certificate holders

Training

The AOC carries out different types of online training through the AOC CAMPUS. In the case of the T-CAT, the Course is offered by those responsible for the Digital Certification Service (SCD) of the subscribing Entities .

User support

From AOC we make available to users a Support Portal for each service. In these portals you will find FAQ's, manuals and other resources that answer most of the questions that may arise.

The Digital Certification Service Support Portal has the URL https://suport-tcat.aoc.cat . If you cannot find the answer to your question or incident, you can contact the User Service Center, which will assist you from Monday to Friday from 8 am to 7 pm, except holidays.

Blog AOC

If you want to stay up to date with the latest news on electronic administration and the different services of AOC, you can access our blog at www.aoc.cat/blog . If there are any new developments in the Digital Certification Service, we publish them on the Digital Certification Blog .

Status of services AOC

At www.aoc.cat/estatserveis you will find published incidents and scheduled interventions of the AOC Consortium services. You can subscribe to receive notifications when publications are made in a specific service or in all.

Archiving and security procedures

Security procedure for Registration Entities and Subscribers

Filing procedure for Registration Entities and Subscribers

Digital Certification Service Audits

The AOC carries out supervision and control audits to assess compliance with established regulations and procedures. In general, audits are carried out every two years.

You will find all the information in Audit - Subscribers of this support portal.

Applicable regulations

Consult the current Terms, certification policies and practice statements.

You might be interested

• Good practices if you are a holder of a T-CAT
• Registration for the AOC digital certification service (First submission of the subscriber entity file)
• Public prices for the AOC Digital Certification Service (AOC Electronic Office)
• Catalog of Digital Certificates of the AOC .