This section presents the requirements for the issuance of certificates. It also lists the specific representations issuing authorities make upon issuing certificates.
6.6 IA'S Representations Upon Publication
6.7 Limitations on IA Representations
6.8 Time of Certificate Issuance
Upon approving a certificate application (per CPS Section 5), an IA issues a certificate. The issuance of a normal certificate indicates a complete and final approval of the certificate application by an IA. The normal certificate is deemed to be a valid certificate upon the subscriber's acceptance of it (see CPS Section 7 regarding acceptance).
Provisional certificates are issued within certain certificate classes (currently Class 2) pending verification of the subscriber's postal mailing address. A provisional certificate becomes a "normal" certificate at the end of the provisional period provided there has been no revocation. See Table 9.
An IA shall not issue certificates without the certificate applicant's consent. Consent to issue is presumed from applicant's submission of an application notwithstanding the fact that acceptance of a certificate has not yet occurred.
An IA may refuse to issue a certificate to any person, at its sole discretion, without incurring any liability or responsibility for any loss or expenses arising out of such refusal. Upon an IA's refusal to issue a certificate, the IA shall promptly refund to any certificate applicant any paid certificate enrollment fee, unless the certificate applicant submitted fraudulent or falsified information to the IA.
(i) Unless otherwise provided in this CPS or mutually agreed upon by both the IA and the subscriber in an authenticated record, the IA promises to the subscriber named in the certificate that
(a) there are no misrepresentations of fact in the certificate known to the IA or originating from the IA,
(b) there are no data transcription errors as received by the IA from the certificate applicant resulting from a failure of the IA to exercise reasonable care in creating the certificate, and
(c) the certificate meets all material requirements of this CPS.
(ii) Unless otherwise provided in this CPS or mutually agreed upon by both the IA and the subscriber in an authenticated record, the IA promises to the subscriber to make reasonable efforts, consistent with the terms of this CPS,
(a) to promptly revoke or suspend certificates in accordance with CPS Section 9, and
(b) to notify subscribers of any facts known to it that materially affect the validity and reliability of the certificate it issued to such subscriber.
(iii) The obligations and representations in CPS Sections 6.5.1 (i) and (ii) are made and undertaken solely for the benefit of the subscriber and are not intended to benefit or be enforceable by any other party. An IA makes reasonable efforts, for purposes of CPS Section 6.5.1(ii), if its conduct substantially complies with this CPS and applicable law.
By issuing a certificate an IA represents to all who reasonably rely on a digital signature verifiable by the public key listed in the certificate that consistent with this CPS:
(i) all information in or incorporated by reference within the certificate, except nonverified subscriber information (NSI), is accurate, and
(ii) the IA has substantially complied with the CPS when issuing the certificate.
By publishing a certificate, an IA certifies to the VeriSign repository and to all who reasonably rely on the information contained in the certificate that it has issued the certificate to the subscriber and that the subscriber has accepted the certificate, as described in CPS Section 7.1.
6.7 Limitations on IA Representations
The foregoing representations in CPS Sections 6.5 and 6.6 are subject to either (i) the disclaimers of warranty and limitations of liability in CPS Sections 11.4, 11.5, and 11.6 or, (ii) in the case of subscribers who have obtained certificates (other than demo, free, or test certificates) on or after the effective date of the NetSureSM Protection Plan, CPS Section 11.2 and the disclaimers of warranty and limitations of liability in the NetSureSM Protection Plan.
IAs shall make reasonable efforts to confirm certificate application information and issue end-user subscriber certificates once all relevant information is received by the IA within the following time periods:
|
Class 1 |
Class 2 |
Class 3 |
|
| Time
Period |
"Immediately" to 2 hours |
"Immediately" to 1 business day |
1-5 business days |
TABLE 8 - CERTIFICATE ISSUANCE DEADLINES
VeriSign's and IA's satisfaction of these deadlines depends upon a certificate applicant's timely submission of complete and accurate information, and responsiveness to any VeriSign and IA administrative requests, including the provision of appropriate and accurate payment information and approval.
All certificates shall be considered valid upon issuance by the applicable IA and acceptance by the subscriber (see CPS Section 7). The standard operational periods for the various classes of certificates are as follows, subject to earlier termination of the operational period due to suspension or revocation.
|
Certificate Issued By: |
Class 1 |
Class 2 |
Class 3 |
|
| VR to PCA | 3 years | 3 years | 2 years | |
| PCA to CA | 2 years | 2 years | 2 years | |
| CA to Subordinate CA | n/a | TBD | TBD | |
| CA to End-user/ Subscriber | 1 year | Provisional
Cert.: 21 days |
Norm.
Cert.: 1 year |
1 year |
TABLE 9 - CERTIFICATE OPERATIONAL PERIODS
All certificates begin their operational period at the date and time of issuance, unless a later date and time (no later than sixty (60) days after the date of issue) is indicated in the certificate. The operational period begins at this date and time even if the certificate has not yet been accepted and is therefore not yet valid.
A subscriber must not create digital signatures using a private key
corresponding to the public key listed in a certificate (or otherwise use
such private key) if the foreseeable effect would be to induce or allow
reliance upon a certificate which is invalid (because it has not been accepted).