UGTI India Private Limited
PRIVATE / INTERNAL USE ONLY

UGTI Vajra Certificate Authority

UGTI India Private Limited  ·  Country: IN  ·  https://umaleindustries.com

Certificate Policy / Certification Practice Statement (CP/CPS)

Version 1.0  ·  July 2026
OID: 2.16.356.100.10.1.1
ℹ️ Scope: Private / Internal CA Only This Certificate Authority is operated exclusively for internal use by UGTI India Private Limited. Certificates issued under this hierarchy are not publicly trusted and are not submitted to any browser root program (CCADB, Mozilla, Microsoft, Apple, or Google). This CP/CPS describes the practices of a private enterprise PKI.
1

Introduction

This document is the combined Certificate Policy (CP) and Certification Practice Statement (CPS) for the private PKI operated by UGTI India Private Limited under the UGTI Vajra Root G1 hierarchy.

This CP/CPS is structured in accordance with RFC 3647. It governs the issuance, management, and revocation of certificates used within UGTI's internal network infrastructure.

Document TitleCertificate Policy / Certification Practice Statement
Version1.0
Effective DateJuly 11, 2026
OID2.16.356.100.10.1.1
CP/CPS URLhttps://umaleindustries.com/pki/cps/
CA Organisation NameUGTI Vajra Certificate Authority
Legal EntityUGTI India Private Limited
JurisdictionIndia
Root CA CNUGTI Vajra Root G1
Intermediate CA CNUGTI Vajra Intermediate G1
PKI TypePrivate / Internal Enterprise CA — Not Publicly Trusted

1.1 PKI Participants

1.2 Certificate Usage

Certificates issued under this hierarchy are intended solely for:

These certificates are not for public issuance. They are not intended to be trusted by browsers or operating systems outside of UGTI's explicitly managed device fleet.

2

Publication & Repository

UGTI maintains the following internal PKI repository at https://umaleindustries.com/pki/:

PKI Portalhttps://umaleindustries.com/pki/
Root CA Certificatehttps://umaleindustries.com/pki/root.crt
Intermediate Certificatehttps://umaleindustries.com/pki/intermediate.crt
CP/CPS Documenthttps://umaleindustries.com/pki/cps/
CRL (future)https://umaleindustries.com/pki/crl/

This CP/CPS is reviewed annually and updated whenever material changes occur. All prior versions are retained.

3

Certificate Lifecycle

3.1 Certificate Validity Periods

Root CA Certificate10 years (expires July 8, 2036)
Intermediate CA Certificate5 years
Internal TLS Certificates1 year (maximum)
Device / Client Certificates2 years (maximum)

3.2 Certificate Issuance

Certificate requests are submitted by authorised UGTI IT personnel. Requests are validated against the internal device registry or server inventory before issuance. No certificates are issued to parties outside UGTI.

3.3 Revocation

Certificates are revoked promptly when: a private key is suspected compromised, a device is decommissioned, or an employee leaves the organisation. Revocation requests are submitted to the PKI team at pki@ugti.in. A Certificate Revocation List (CRL) is maintained and updated at least every 30 days.

4

Physical & Operational Controls

4.1 CA Key Storage

The Root CA private key is stored in an encrypted key file protected by a strong passphrase. The key file is kept offline on secured, access-controlled storage when the Root CA is not performing signing operations. Access to the Root CA key requires authorisation from the UGTI IT Security lead.

The Intermediate CA private key is stored on the CA server in encrypted form and is protected by system-level access controls and a strong passphrase.

4.2 Key Generation

CA key pairs were generated using OpenSSL with the following parameters:

Root CA KeyRSA-4096, sha256WithRSAEncryption
Intermediate CA KeyRSA-4096, sha256WithRSAEncryption
End-Entity KeysRSA-2048 minimum, sha256WithRSAEncryption
Generation ToolOpenSSL 3.x on secure workstation
Generation DateJuly 11, 2026

Key generation was performed on an internal, secured workstation with no network access during the operation. The process was performed by the UGTI IT Security team.

4.3 Backup & Access Control

4.4 Audit Logging

All CA operations (certificate issuance, revocation, key usage) are logged. Logs are retained for a minimum of 3 years and reviewed quarterly by the IT Security team.

5

Certificate Profiles

5.1 Root CA Certificate

Subject / IssuerC=IN, O=UGTI India Private Limited, CN=UGTI Vajra Root G1
Serial Number6C:D8:AC:22:26:A8:C5:28:1A:DF:E3:C8:A1:C5:12:51:90:D9:A4:AE
Algorithmsha256WithRSAEncryption, RSA-4096
Valid FromJuly 11, 2026
Valid ToJuly 8, 2036
Key UsageCertificate Sign, CRL Sign (critical)
Basic ConstraintsCA:TRUE (critical)
Subject Key Identifier5C:3D:D8:A1:28:DF:4D:37:90:7E:76:EB:CF:DC:B6:2C:15:7B:23:05

5.2 Intermediate CA Certificate

SubjectC=IN, O=UGTI India Private Limited, CN=UGTI Vajra Intermediate G1
IssuerUGTI Vajra Root G1
Algorithmsha256WithRSAEncryption, RSA-4096
Key UsageCertificate Sign, CRL Sign (critical)
Basic ConstraintsCA:TRUE, pathLen:0 (critical)
Certificate PoliciesOID 2.16.356.100.10.1.1 → https://umaleindustries.com/pki/cps/
6

Legal & Contact

6.1 Governing Law

This CP/CPS is governed by the laws of the Republic of India. Any disputes are subject to the jurisdiction of courts in India.

6.2 Limitation of Liability

This is a private, internal CA. UGTI India Private Limited makes no warranties to external parties. Certificates are for internal use only. External reliance on these certificates is at the relying party's sole risk.

6.3 CP/CPS Amendments

This document will be updated at least annually. Material changes will be communicated to internal stakeholders. All versions are archived at https://umaleindustries.com/pki/cps/.

6.4 Contact

OrganisationUGTI India Private Limited
PKI Enquiriespki@ugti.in
Revocation Requestspki@ugti.in
Websitehttps://umaleindustries.com
CP/CPS URLhttps://umaleindustries.com/pki/cps/

Document Approval

This CP/CPS has been reviewed and approved by the authorised personnel of UGTI India Private Limited.

Authorised Signatory
UGTI India Private Limited
Date: July 11, 2026
IT Security Lead
UGTI India Private Limited
Date: July 11, 2026