Trust Service Provider - TSP (Dutch site)
The Trust Service Provider of the Ministry of Infrastructure and Water Management is assosiated with the Public Key Infrastructure of the Dutch government. Currently the IenW TSP issues so called smartcards for use with the on-Board Computer Taxi (BCT).
These onboardcomputercards and system cards are issued with certificates from the hierarchy of the Public Key Infrastructure of the Dutch government (PKIoverheid). The onboardcomputercards are used to gain access to the onBoard Computer Taxi and to digitally sign the data gathered by the BCT. The system cards identify the on-board computer taxi and enables it to sign data.
Organisation and Certification
The IenW TSP issues certificates from the PKIoverheid hierarchy.
To this end the TPS of the Ministry has implemented a management system that has been certified against the ETSI EN 319 411
part 1 and 2 standards and the eIDAS regulation EU 910/2014.
The current certificates are listed below:
As an eIDAS Qualified Trust Service Provider, the IenW TSP is supervised by the Dutch Authority for Digital Infrastructure and is listed on the EU Trusted List.
Terms and conditions and other documentation
Certification Practice Statement, terms and conditions
The issuance and use of the cards are bound by both rights and obligations. For instance only a taxidriver that meets certain criteria can request a Driverscard. The following information on the issuance and use of onboardcomputercards is available mainly in Dutch:
- Certification Practice Statement G3 (English version) - applicable to G3 certificates, issuance started November 2019. For the latest changes to the Certification Practice Statement, see the 'revisions' section. Older versions of the CPS can be obtained from the IenW TSP. See contact info in CPS.
- Certification Practice Statement G3 (Dutch version)
- Algemene Voorwaarden - Terms and Conditions (Dutch version only)
- PKI Disclosure Statement
Other documentation
The following documentation is relevant for manufacturers of onboard computers and software developers. For the production environment this concerns:
Documentation about the acceptance environment can be found at the website Acceptance environment
CA certificates and CRL's
The IenW TSP issues two types of card. These are onboardcomputercards and systemcards. The onboardcomputercards are used by the different users of the onboard computer, while the systemcard is used by the device itself. The certificates on both types of card have their own Certification Authority (CA) hierarchy.
To verify the validity of a certificate requires at least the following checks are required:
- the certificate must not be expired;
- the CA hierarchy must lead to a valid PKIoverheid root CA certificate;
- the certificate must not be revoked i.e. the certificate serialnumber must not be listed on the so called Certificate Revocation List (CRL).
Below the download links of CA certificates and CRL's are listed both for the G3 and expired G2 generation.
CA Certificates generation G3
Root CA (all card types)
CA certificates Taxidriver and Inspection cards
CA certificates Entrepreneur and Control cards
CA certificates systemcards
CRL's generation G3
Responsible Disclosure
If you discover a weak spot in one of the ICT systems of the Ministry of Infrastructure and Water Management,
let us know before you make this known to the outside world. We can then take measures first. We call this
method 'responsible disclosure'.
The Ministry of Infrastructure and Water Management makes use of the facilities described on Rijksoverheid.nl.
For more information, see for example how to make a report and the further conditions on the
'Responsible Disclosure'
page of Rijksoverheid.nl.