Key pairs for the DutchGrid medium-security Certification Authority are generated exclusively by DutchGrid medium-security Certification Authority staff members on a dedicated, disconnected system, using a recent, trustworthy version of the OpenSSL software package.
End entities cryptographic keys are only generated locally by their application and never sent to the DutchGrid medium-security Certification Authority.