The SPOC CA is a regular X.509 CA that issues TLS certificates to servers and clients in the SPOC ecosystem. It is configured as a normal X.509 CA, following the profiles of the SPOC specification (CSN 369791:2009).

In the specification of the SPOC CA, two private Extended Key Usages are defined in the standard and must be configured to be used in the certificate profiles.

  • CSN 369791 TLS client: 1.2.203.7064.1.1.369791.1
  • CSN 369791 TLS server: 1.2.203.7064.1.1.369791.2

A SPOC client should use Client Authentication, CSN369791-TLS-CLIENT, while a SPOC server should use Server Authentication, CSN369791-TLS-SERVER.