EAC Roles and Access Rights
EAC Roles
Note the following regarding EAC roles:
When issuing a CV certificate using a Root CA profile, the EAC role will be CVCA.
When issuing a CV certificate using a Sub CA profile the EAC role will be DV-D if the country is the same as the country of the CVCA and DV-F if the country is not the same as the CVCA.
When issuing a CV certificate using an End Entity profile the EAC role will be IS (or AT or ST if one of those terminal types is being used).
In a certificate hierarchy with the ST terminal type, the DV role is specified using the Profile Signature Terminal DV role setting, either Accreditation Body or Certification Service Provider.
EAC Access Rights
The EAC access rights to use for issued certificates are configured in the certificate profile. The following access rights are available:
Read access to DG3.
Read access to DG4.
Combinations can be selected by Ctrl+clicking the items.
As of EAC 2.10, additional access rights are available, used by Authentication Terminals and Signature Terminals, and displayed when selecting one of these terminal types.