This section explains the requirements for certificate acceptance by subscribers, the representations made by subscribers upon acceptance, subscribers' obligations to protect their private keys, and procedures for the publication of certificates.
7.1 Certificate Acceptance
7.2 Representations by Subscriber Upon Acceptance
7.3 Subscriber Duty to Prevent Private Key Disclosure
7.4 Indemnity by Subscriber
7.5 Publication
A subscriber is deemed to have accepted a certificate when, following communication of the application per CPS Section 4.2, approval is manifested as described in Table 10.
|
Class |
Means of Establishing Acceptance |
|
Class 1 |
Individuals: On-line (via the Web): The certificate applicant enters his or her PIN to obtain and accept the certificate. Note: The certificate applicant must notify the IA of any inaccuracy or defect in a certificate promptly after receipt of the certificate or publication of the certificate in the repository, or upon earlier notice of informational content to be included in the certificate. E-mail (S/MIME): The certificate applicant submits a CSR to the IA to accept the certificate. Upon completion of specified validation procedures, the IA then sends the certificate to the E-mail address from which the certificate application originated. Note: The certificate applicant must promptly notify the IA of any inaccuracy or defect in a certificate or publication of the certificate in the repository, or upon earlier notice of informational content to be included in the certificate.
Business Entities: n/a |
|
Class 2 |
Individuals: On-line (via the Web): Same as on-line Class 1. Additionally, upon the certificate applicantĘs receipt of the corroboration letter from the IA, the certificate applicant shall review the letterĘs content and contact the IA should the letter contain an error, in accordance with CPS Section 5.1.4 (Postal Address Confirmation). E-mail (S/MIME): Same as E-mail Class 1.
Business Entities: n/a |
|
Class 3 |
Individuals: On-line (via the Web): Same as on-line Class 1. E-mail (S/MIME): Same as E-mail Class 1. Business Entities: n/a |
TABLE 10 - METHODS OF CERTIFICATE ACCEPTANCE
By accepting a certificate issued by an IA, the subscriber certifies to and agrees with the IA and to all who reasonably rely on the information contained in the certificate that at the time of acceptance and throughout the operational period of the certificate, until notified otherwise by the subscriber,
(i) each digital signature created using the private key corresponding to the public key listed in the certificate is the digital signature of the subscriber and the certificate has been accepted and is operational (not expired, suspended or revoked) at the time the digital signature is created,
(ii) no unauthorized person has ever had access to the subscriber's private key,
(iii) all representations made by the subscriber to the IA regarding the information contained in the certificate are true,
(iv) all information contained in the certificate is true to the extent that the subscriber had knowledge or notice of such information and does not promptly notify the IA of any material inaccuracies in such information as set forth in CPS Section 6.1,
(v) the certificate is being used exclusively for authorized and legal purposes, consistent with this CPS, and
(vi) the subscriber is an end-user subscriber and not an IA, and will not use the private key corresponding to any public key listed in the certificate for purposes of signing any certificate (or any other format of certified public key) or CRL, as an IA or otherwise, unless expressly agreed in writing between subscriber and the IA.
BY ACCEPTING A CERTIFICATE, THE SUBSCRIBER ACKNOWLEDGES THAT HE, SHE, OR IT AGREES TO THE TERMS AND CONDITIONS CONTAINED IN THIS CPS AND THE APPLICABLE SUBSCRIBER AGREEMENT.
By accepting a certificate, the subscriber assumes a duty to retain control of the subscriber's private key, to use a trustworthy system, and to take reasonable precautions to prevent its loss, disclosure, modification, or unauthorized use.
BY ACCEPTING A CERTIFICATE, THE SUBSCRIBER AGREES TO INDEMNIFY AND HOLD THE IA, VERISIGN, AND THEIR AGENT(S) AND CONTRACTORS HARMLESS FROM ANY ACTS OR OMISSIONS RESULTING IN LIABILITY, ANY LOSS OR DAMAGE, AND ANY SUITS AND EXPENSES OF ANY KIND, INCLUDING REASONABLE ATTORNEYS' FEES, THAT THE IA, VERISIGN, AND THEIR AGENTS AND CONTRACTORS MAY INCUR, THAT ARE CAUSED BY THE USE OR PUBLICATION OF A CERTIFICATE, AND THAT ARISES FROM (I) FALSEHOOD OR MISREPRESENTATION OF FACT BY THE SUBSCRIBER (OR A PERSON ACTING UPON INSTRUCTIONS FROM ANYONE AUTHORIZED BY THE SUBSCRIBER); (II) FAILURE BY THE SUBSCRIBER TO DISCLOSE A MATERIAL FACT, IF THE MISREPRESENTATION OR OMISSION WAS MADE NEGLIGENTLY OR WITH INTENT TO DECEIVE THE IA, VERISIGN, OR ANY PERSON RECEIVING OR RELYING ON THE CERTIFICATE; OR (III) FAILURE TO PROTECT THE SUBSCRIBER'S PRIVATE KEY, TO USE A TRUSTWORTHY SYSTEM, OR TO OTHERWISE TAKE THE PRECAUTIONS NECESSARY TO PREVENT THE COMPROMISE, LOSS, DISCLOSURE, MODIFICATION, OR UNAUTHORIZED USE OF THE SUBSCRIBER'S PRIVATE KEY.
When a certificate is issued at the request of a subscriber's agent, both the agent and the subscriber shall jointly and severally indemnify the IA, VeriSign, and their agents and contractors pursuant to this subsection. The subscriber has a continuing duty to notify the issuer of any misrepresentations and omissions made by an agent.
Upon the subscriber's acceptance of the certificate, the IA shall publish a copy of the certificate in the VeriSign repository and in one or more other repositories, as determined by the IA and VeriSign. Subscribers may publish their VeriSign PCS certificates in other repositories.