Queensland Health Public Key Infrastructure

Public Key Infrastructure (PKI) is a set of policies, procedures, services and technology that work together to provide trust within a digital world. The digital certificates that are issued by the Certificate Authorities within a PKI can provide authentication of an identity and protection of data (through encryption and digital signing). These features are key enablers of electronic processes, workflows and business.

This site contains key documentation associated with the Queensland Health PKI (QHPKI) service

The QHPKI Service

The new QHPKI Service uses a trust chain that is wholly owned by the Queensland Department of Health. The PKI service is a managed service provided by a leading managed services provider, DigiCert. The issuance of certificates and all other certificate lifecycle services (certificate download, revocation, renewal) are managed by QHPKI Administrators, which are part of the eHealth Queensland Infrastructure and Operations team. There is a Queensland Health Root certification authority and three subordinate issuing certification authorities. The QHPKI hierarchy only supports the issuance of SHA#2 certificates with key sizes at least 2048 bits.

QHPKI Certification Authorities (CAs)

Certification Authorities

The QHPKI certification authority hierarchy consists of a root CA and three subordinate issuing CAs.

• QHPKI Root CA.
• QHPKI Device Basic Issuing CA.
• QHPKI User Basic Issuing CA.
• QHPKI Mobility Basic Issuing CA.

Policy Documents

The following supporting policy documents should be downloaded to help Certificate Managers and relying parties understand their obligations.

• QHPKI Hierarchy Certificate Policy and Practice Statement

Server Authentication Certificates

Servers that need to authenticate for a TLS (SSL) session can use a server authentication certificate. A server authentication certificate can be enrolled for using the enrolment page available here. To complete the enrolment a Certificate Signing Request (CSR) will be required. Instructions on how to complete this enrolment are available here. Once the enrolment has been submitted it will be reviewed by the QHPKI Administrators and either approved and a certificate issued via email or rejected and a reason provided.

Device Authentication Certificates

Queensland Health domain joined devices should automatically enrol for certificates. If you have a device that is a member of the domain and it is not auto-enrolling please contact IT Support.

User Authentication Certificates

User authentication certificates are not currently implemented on the service.

User Signing Certificates

User signing certificates are not currently implemented on the service.

Associated material

• Download the Queensland Health Object ID (OID) Register

Contact Information

The Queensland Health PKI is strictly controlled by the QHPKI Policy Authority (QHPKI PA). All requests for additional information, or modification of the items referenced in this website must be directed to the QHPKI PA (whose contact details are shown below).

The contact details for the Queensland Health Public Key Infrastructure Policy Authority are:

Post: Department of Health Queensland
Attn: QHPKI Policy Authority Chair
c/o- Cyber Security Group
GPO Box 48
Brisbane, Queensland 4001

Email: qhpkipa@health.qld.gov.au