The Controller of Certifying Authorities operates the National Repository of Digital Signatures (NRDC) as required under Section 20 of the IT Act 2000. Copies of all Digital Signature Certificates and the corresponding Certificate Revocation List (CRL) issued by all licensed Certifying Authorities in the country are maintained in the NRDC.

Access to these Digital Signature Certificates is provided with a search facility so that the public keys contained in these certificates are available to any member of the public.

The NRDC is updated through weekly submission by all the licensed CAs as prescribed in the Guidelines for submission to NRDC. For latest Information users and relying parties are advised to verify the certificates and CRL from the website of the issuing CA.

Guidelines for submission to NRDC

GUIDELINES FOR SUBMISSION OF CERTIFICATES AND CRLS TO THE CCA FOR PUBLISHING IN NRDC BY CERTIFYING AUTHORITIES

As per Section 20 of the IT Act 2000, the Controller is required to act as the Repository of all Digital Signature Certificates issued under the Act. For this purpose the Certifying Authorities licensed under the Act have to submit the Certificates and the CRLs issued by them to the National Repository of Digital Certificates (NRDC), maintained by the CCA.

The following is the procedure for submission of the Certificates and CRLs by the Certifying Authorities:

1. Certifying Authorities shall submit Certificates and CRLs to the NRDC on a weekly basis. All these submissions shall reach the designated email address by 12 noon every Monday. If it is a gazetted holiday the same shall reach on the next working day by 12 noon.
2. Submission shall be through e-mail
3. The e-mail shall be digitally signed by an authorised person and be addressed to nrdc@cca.gov.in. The digital signature certificate of the authorised person shall be formally submitted to the CCA on CD and be accompanied by a letter physically signed by the authorised signatory of the CA (one time or when the authorized person is changed by the CA).
4. Separate e-mails shall be sent for
   • Certificates (Sub: NRDC Update – Certificates)
   • CRLs. (Sub: NRDC Update – CRLs)
5. The actual data pertaining to certificates and CRLs shall be submitted as an attachment file in LDIF format including the following:
   • Certificates – All entries to be added (incremental)
   • CRL - All entries, accumulated to date
6. The convention for file names shall be as follows:
   • Certificates : NRDC_CA Name_Cert_Update_DDMMYYYY.ldif
   • CRLs : NRDC_CA Name_CRL_Update_DDMMYYYY.ldif
7. Certificates and CRLs updated in NRDC shall be stored as indicated in the DIT structure attached.
8. A sample LDIF file is included in the Annexure.

The Certifying Authorities shall comply with this Guideline with immediate effect.

Structure of the Directory Information Tree (DIT) of NRDC

LDIF format for submission by LCA

dn: c=IN
objectclass: Country

dn: o=LCAxx,c=IN
objectclass: Organisation

dn: ou=India CA Services,o=LCAxx,c=IN
objectclass: XX

dn: cn=usr2,ou=CA Services,o=LCAxx,c=IN
objectclass: XX

dn: mail=usr2@xyz.com,cn=usr2,ou=CA Services,o=LCAxx,c=IN
mail:usr2@xyz.com
cn:usr2
ou:CA Services
o:LCAxx
c:IN

usercertificate;binary::MIID6TCCAtGgAwIBAgIQQta2AuwXSe1OLZryR/4uZDANBgkqhkiG9w0BAQQFADCBlzELM AkGA1UEBhMCSU4xGzAZBgNVBAoTElNhZmVzY3J5cHQgTGltaXRlZDFCMEAGA1UECxM5VGVybXMgb2YgdXNlIGF0IG h0dHBzOi8vd3d3LnNhZmVzY3J5cHQuY29tL2luZGlhcnBhIChjKTAyMScwJQYDVQQDEx5TYWZlc2NyeXB0IENsYXNzIEMg Q29uc3VtZXIgQ0EwHhcNMDIwMjA2MDAwMDAwWhcNMDMwMjA2MjM1OTU5WjCBpzELMAkGA1UEBhMCSU4xFDAS BgNVBAgUC01haGFyYXNodHJhMQ8wDQYDVQQHFAZNdW1iYWkxGzAZBgNVBAoUElNhZmVzY3J5cHQgTGltaXRlZDEa MBgGA1UECxQRSW5kaWEgQ0Eg

objectclass: XX