 |
VeriSign®
Code Signing Certificate Subscriber Agreement
YOU MUST
READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER AGREEMENT") BEFORE
APPLYING FOR, ACCEPTING, OR USING A VERISIGN CODE SIGNING CERTIFICATE,
AUTHENTICATED CONTENT SIGNING PUBLISHER ID, OR AUTHENTICATED CONTENT
SIGNING CONTENT ID (EACH, A "CERTIFICATE" AS FURTHER DEFINED
IN SECTION 2). IF YOU DO NOT AGREE TO THE TERMS OF THIS SUBSCRIBER AGREEMENT,
DO NOT APPLY FOR, ACCEPT, OR USE THE CERTIFICATE. BY CLICKING "ACCEPT"
BELOW OR BY ACCEPTING OR USING A CERTIFICATE, YOU AGREE TO BECOME A
PARTY TO, AND BE BOUND BY, THE TERMS OF THIS AGREEMENT. BY CLICKING
"DECLINE" BELOW, YOU INDICATE THAT YOU DO NOT AGREE TO THE
TERMS OF THIS AGREEMENT AND WILL NOT BE A VERISIGN SUBSCRIBER.
ALL REFERENCES TO "VERISIGN"
IN THIS SUBSCRIBER AGREEMENT SHALL BE UNDERSTOOD AS REFERENCES TO THE
VERISIGN LEGAL ENTITY SPECIFIED ON THE HOMEPAGE OF THE WEBSITE ON WHICH
YOU APPLIED FOR YOUR CERTIFICATE.
IF YOU ARE THE CUSTOMER OF A WEB
HOST (AS DEFINED HEREIN), YOU REPRESENT AND WARRANT THAT YOUR WEB HOST
IS AUTHORIZED TO APPLY FOR, ACCEPT, INSTALL MAINTAIN AND, IF NECESSARY,
INITIATE REVOCATION OF, THE CERTIFICATE ON YOUR BEHALF. YOU MUST ALSO
READ AND AGREE TO THIS SUBSCRIBER AGREEMENT BEFORE ACCEPTING OR USING
A CERTIFICATE. BY ALLOWING YOUR WEB HOST TO USE THE CERTIFICATE, YOU
ARE AGREEING TO BE BOUND BY THE TERMS OF THIS SUBSCRIBER AGREEMENT.
IF YOU DO NOT AGREE TO THE TERMS OF THIS SUBSCRIBER AGREEMENT, CONTACT
VERISIGN IMMEDIATELY AT THE TELEPHONE NUMBER SET FORTH IN SECTION 24
BELOW AND VERISIGN WILL REVOKE THE CERTIFICATE.
IF YOU ARE A WEB HOST AND ARE ACTING
AS THE AUTHORIZED REPRESENTATIVE OF A CUSTOMER IN APPLYING FOR A CERTIFICATE,
YOU REPRESENT AND WARRANT AS SET FORTH IN SECTION 8.3. IF YOU ARE A
WEB HOST AND ARE APPLYING FOR YOUR OWN CERTIFICATE OR ARE APPLYING FOR
A SHARED HOSTING SECURITY SERVICE CERTIFICATE, THIS SUBSCRIBER AGREEMENT
APPLIES TO YOU IN ITS ENTIRETY, EXCEPT FOR SECTION 8.3.
1. Definitions. The capitalized terms used in this Agreement
shall have the following meanings unless otherwise specified and any
reference to the singular includes the plural and vice versa.
"ACS Content ID" means a single-use
(private key is destroyed immediately after signing) Certificate that
chains up to a private root CA used to re-sign individual applications
submitted by Publishers to the VeriSign Authenticated Content Signing
Service upon VeriSign's verification of the validity of the subscriber's
ACS Publisher ID.
"ACS Publisher ID" means a VeriSign
Code Signing Digital Certificate issued to organizations that wish to
authenticate themselves to and securely access the VeriSign Authenticated
Content Signing Service for support platforms, service provider or other
private entities.
"Authenticate" or "Authentication"
shall mean the actions a CA takes to confirm that (i) the Subscriber
is entitled to use the domain name listed in the Certificate Application,
if a domain name is listed in such Certificate Application, (ii) the
Subscriber's organization does in fact exist, (iii) the Subscriber's
organization has authorized the Certificate Application, and (iv) the
person submitting the Certificate Application on behalf of the Subscriber
is authorized to do so.
"Certification Authority"
("CA") shall mean VeriSign, an RA or any other VeriSign authorized
entity, authorized to issue, manage, revoke, and renew Certificates
in the VTN.
"Certificate Applicant"
is an individual or organization that requests the issuance of a Certificate
by a CA, provided, however, that when a Web Host acts on behalf of its
customer through the VeriSign ISP Center, such customer shall be deemed
the Certificate Applicant.
"Certificate Application"
is a request from a Certificate Applicant (or authorized agent of the
Certificate Applicant) to a CA for the issuance of a Certificate.
"Code Signing Certificate" includes
ACS Content IDs and ACS Publisher IDs that are used to verify the identity
of and to affirm the integrity of code supplied by Publishers.
"Compromise" shall mean
a loss, theft, disclosure, modification, unauthorized use, or other
compromise of the security of a private key.
"Derivative Work" shall
have the meaning set forth in Section 10.
"Device" shall mean any
hardware appliance or software application, such as a server load balancer
or SSL accelerator, that routes electronic data from one point to other
single or multiple point(s) on a network.
"Domain" shall mean a
domain name, host name or IP address assigned to a server and/or Device,
accessible from the Internet (publicly facing), and owned by the Subscriber
used in a VeriSign Class 3 organizational Certificate.
"Internet Service Provider"
("ISP") shall mean a business, such as an internet service
provider, systems integrator, webhost or technology consultant, that
provides server space, Web services and file maintenance for Web sites
controlled by individuals or companies that do not have their own Web
servers.
"Netsure Protection Plan"
shall mean the extended warranty program offered by VeriSign, as detailed
in the Repository.
"Publisher" means the developer
and/or publisher of software code or applications.
"Radius Server" shall
mean a remote access dial-up server used for wireless local area network
connectivity.
"Registration Authority"
("RA") shall mean an individual and/or entity approved by
a CA to perform Authentication, assist Subscribers in applying for Certificates,
and to approve or reject Certificate Applications, revoke Certificates,
or renew Certificates.
"Relying Party" shall
mean an individual or organization that acts in reliance on a Certificate
and/or a digital signature.
"Relying Party Agreement"
shall mean an agreement used by a Certification Authority setting forth
the terms and conditions under which an individual or organization acts
as a Relying Party, such as the VeriSign Relying Party Agreements that
are published in the Repository.
"Repository" shall mean
the collection of documents located at the link for the repository which
may be accessed from the homepage of the website from which you applied
for your Certificate.
"Secured Seal" shall mean
an electronic image featuring a VeriSign mark. When displayed by you
on your website (i) the image indicates to a website visitor that you
have purchased VeriSign services; and (ii) when such visitor clicks
the image, a splash page is displayed which indicates to the visitor
which VeriSign services you have purchased and whether that service
is still active.
"Secured Seal License Agreement"
shall mean the VeriSign Secured Seal License Agreement, which may be
accessed from the Repository.
"Subject" is the holder
of a private key corresponding to a public key. A Subject is assigned
an unambiguous name, which is bound to the public key contained in the
Subject's Certificate.
"Subscriber" is an organization
that owns the equipment or Device that is the Subject of, and that has
been issued a Certificate. A Subscriber is capable of using, and is
authorized to use, the private key that corresponds to the public key
listed in the Certificate; provided, however, that an entity acting
as a Web Host that submits a Certificate Application on behalf of its
customer and manages the lifecycle processes of such customer's Certificate
is not the Subscriber and the Web Host's customer is the actual Subscriber
and is ultimately responsible for the Subscriber's obligations under
the appropriate Subscriber Agreement.
"VeriSign CPS" shall mean
the VeriSign Certification Practice Statement, as amended from time
to time, which may be accessed from the Repository.
"VeriSign Intellectual Property
Rights" shall have the meaning set forth in Section 10.
"VeriSign Trust Network(SM)"
("VTN") shall mean the VeriSign Trust Network that is a global
public key infrastructure that provides Certificates for both wired
and wireless applications.
"Web Host" shall mean
an entity hosting the website of another, such as an Internet Service
Provider, a systems integrator, a reseller, a technical consultant,
an application service provider, or similar entity.
2. Description of the Certificate. This Section sets forth
the terms and conditions regarding your application for a Certificate
and, if VeriSign and/or the RA accepts your Certificate Application,
the terms and conditions regarding your use of the Certificate to be
issued by VeriSign to you as the "Subscriber" of that Certificate.
A "Certificate" is a digitally signed message that contains
an organization's public key and associates it with information Authenticated
by VeriSign or a VeriSign-authorized entity. The Certificate provided
under this Agreement is issued within the VTN by VeriSign.
The Certificate for which you have
applied on behalf of your organization is a VeriSign Class 3 organizational
Certificate within the VTN. Class 3 organizational Certificates are
issued to Devices to provide authentication, message, software, and
content integrity and signing, and confidentiality encryption. VeriSign
Class 3 organizational Certificates provide assurances of the identity
of the Subscriber based on a confirmation that the Subscriber organization
does in fact exist, that the organization has authorized the Certificate
Application, and that the Certificate Applicant was authorized to do
so. The Certificate also provides assurances that the Subscriber is
entitled to use the Domain listed in the Certificate Application, if
a Domain is listed in such Certificate Application.
3. Processing the Certificate Application. Upon VeriSign's
receipt of the necessary payment and upon completion of Authentication
procedures required for the Certificate you have purchased, VeriSign
will process your Certificate Application, and VeriSign will notify
you whether your Certificate Application is approved or rejected. Note
that VeriSign will issue a Certificate only after it has communicated
directly, over the telephone, with the corporate contact listed in the
Certificate Application. If VeriSign is not able to reach the
corporate contact, it is the responsibility of the corporate contact
to reply to VeriSign at the callback telephone number provided.
Your failure to respond in a timely manner may delay the approval and
issuance of your Certificate Application. For VeriSign Managed
PKI for SSL Certificate Service customers, upon the RA's completion
of the Authentication procedures required for the Certificate you have
purchased, VeriSign will process your Certificate Application, and the
RA will notify you whether your Certificate Application is approved
or rejected. If your Certificate Application is approved, VeriSign will
issue you a Certificate for your use in accordance with this Subscriber
Agreement. After you pick up or otherwise install your Certificate,
you must review the information in it before using it and promptly notify
VeriSign of any errors. Upon receipt of such notice, VeriSign may revoke
your Certificate and issue you a corrected Certificate.
4. Use Restrictions. You are prohibited from using your Certificate
(i) for or on behalf of any other organization; (ii) to perform private
or public key operations in connection with any Domain and/or organization
name other than the one submitted by you on your Certificate Application;
(iii) to distribute malicious or harmful content of any kind including,
but not limited to, content that would otherwise have the effect of
inconveniencing the recipient of such content; (iv) in a manner that
transfers control or permits access of the private key corresponding
to the public key of the Certificate to anyone other than an employee
authorized by the Subscriber (any such transfer to be in a secure manner
so as to protect the private key);or (v) for use as control equipment
in hazardous circumstances or for uses requiring fail-safe performance
such as the operation of nuclear facilities, aircraft navigation or
communication systems, air traffic control systems, or weapons control
systems, where failure could lead directly to death, personal injury,
or severe environmental damage. If you choose to display VeriSign's
Secured Seal, you must install and display such Secured Seal only in
accordance with the Secured Seal License Agreement and other terms and
conditions as may be posted on the VeriSign website. Additional Provisions Applicable to Microsoft Windows Mobile Applications: This subsection applies
only if you have purchased or have had code signed by ACS Publisher
or Content ID for Microsoft Windows Mobile Applications.
You shall be wholly responsible for implementing policies and procedures
for the protection of any smart card on which your Certificate is issued,
if applicable, including any loss or unauthorized use of or access to
it. You shall notify VeriSign immediately in the event of the
loss or unauthorized use of or access to any smart card on which you
Certificate is issued, if applicable. You shall maintain reliable
written or electronic records of all individuals authorized to have
access to or use the your smart card, if applicable, and of all uses
of your ACS Publisher ID, including dates and times of access or use,
individuals(s) authorized and/or using the Certificate, and application(s)
signed. When submitting code to be signed by an ACS Content ID, you
shall provide VeriSign with the complete code or a unique representation
of the code in executable form, digitally signed using your ACS Publisher
ID. If you are signing applications with the Microsoft Privileged Certificate
for Microsoft Windows Mobile devices, you agree to comply with the Microsoft
Technology Requirements available at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsmtphn2k3/html/smartphone_security.asp
as updated from time to time. You further agree that Microsoft shall
be an express third party beneficiary of the obligations contained in
this subsection.
5. Revocation. If you discover or have reason to believe there
has been a Compromise of your private key or the activation data protecting
such private key, or the information within the Certificate is incorrect
or has changed, or if your organizational name and/or Domain registration
has changed, you must immediately notify VeriSign and request revocation
of the Certificate and you must notify any person that may reasonably
be expected by you to rely on or to provide services in support of the
Certificate or a digital signature verifiable with reference to the
Certificate. VeriSign retains the right to revoke your Certificate
if, within forty-five (45) days of receiving an invoice from VeriSign,
you do not pay the invoice. VeriSign retains the right to revoke your
Certificate at any time without notice if (i) VeriSign discovers that
the information within your Certificate is no longer valid; (ii) you
fail to perform your obligations under the terms of this Subscriber
Agreement; or (iii) in VeriSign's sole discretion, you have engaged
in activities which VeriSign determines are harmful to the VTN. Additional
Revocation Conditions applicable to VeriSign ACS Content IDs only:
You further agree to cooperate with the operating system licensor, its
licensees, or other parties who are responsible for the private root(s)
that sign(s) the ACS Content IDs ("private root providers") to resolve
any security and quality issues they may discover in the code submitted
by you for signing by the ACS Content IDs. Additionally, VeriSign
may revoke your ACS Content ID at any time upon the request of a private
root provider.
6. Obligations Upon Revocation or Expiration. Upon expiration
or notice of revocation of your Certificate, you shall permanently remove
your Certificate from the Device on which it is installed and shall
not use it for any purpose thereafter and, if you have installed a Secured
Seal and have not purchased other VeriSign services that would permit
you to post the Secured Seal, you shall remove such Secured Seal from
your Web site.
7. Third-Party Service Providers. If you are purchasing a service
from VeriSign that includes one or more services provided by a third
party, VeriSign may disclose your Certificate Application and enrollment
information to these third party service providers and they may contact
you directly regarding their services. You hereby agree to VeriSign's
disclosure of your Certificate Application and enrollment information
to these third party service providers and agree that they may contact
you directly regarding their services. For further information on processing
of personal data, please see VeriSign's Privacy Statement. Unless otherwise
stated herein, any terms and conditions for these products shall be
provided to you directly by the third party service provider. VeriSign
disclaims any and all warranties, refuses any and all liability, and
shall not provide partial refunds for any service provided by a third
party.
8. Representations and Warranties.
8.1 VeriSign Representations and Warranties. VeriSign represents
and warrants to you that (i) there are no errors introduced by VeriSign
in your Certificate information as a result of VeriSign's failure to
use reasonable care in creating the Certificate; (ii) your Certificate
complies in all material respects with the VeriSign CPS; and (iii) VeriSign's
revocation services and use of the Repository conform to the VeriSign
CPS in all material aspects.
8.2 Your Representations and Warranties. You represent and
warrant to VeriSign and anyone who relies on your Certificate that (i)
all the information you provide and all the representations you make
to VeriSign in your Certificate Application are accurate; (ii) you will
inform VeriSign if the information you provided or the representations
you made to VeriSign in your Certificate Application changed or is no
longer valid; (iii) no Certificate information you provided (including
your e-mail address) infringes the intellectual property rights of any
third parties; (iv) the Certificate Application information you provided
(including your email address) has not been and will not be used for
any unlawful purpose; (v) only persons authorized by Subscriber has
had or will have access to the private key corresponding to the public
key of the Certificate; (vi) only person(s) authorized by Subscriber
has had access or will have access (since the time of its creation)
any challenge phrase, PIN, software, or hardware mechanism protecting
your private key corresponding to the public key of the Certificate;
(vii) you will use your Certificate exclusively for authorized and legal
purposes consistent with this Subscriber Agreement; (viii) you will
use your Certificate as an end-user Subscriber and not as a Certification
Authority issuing Certificates, certification revocation lists, or otherwise;
(ix) each digital signature created using your private key is your digital
signature, and the Certificate has been accepted and is operational
(not expired or revoked) at the time the digital signature is created;
and (xi) you manifest assent to this Subscriber Agreement as a condition
of obtaining a Certificate; and (xii) you will not monitor, interfere
with, or reverse engineer (save to the extent that you can not be prohibited
from so doing under applicable law) the technical implementation of
the VTN, except with the prior written approval from VeriSign, and shall
not otherwise intentionally compromise the security of the VTN. You
further represent and warrant that you have sufficient information to
make an informed decision as to the extent to which you choose to rely
on the information in a digital certificate issued within the VTN, that
you are solely responsible for deciding whether or not to rely on such
information, and that you shall bear the legal consequences of your
failure to perform any obligations you might have as a Relying Party
under the applicable Relying Party Agreement.
8.3 Web Host Representations and Warranties. Web Host represents
and warrants to VeriSign and anyone who relies on its customer's Certificate
that (i) it has the authority of its customer to enter into this Subscriber
Agreement on its customer's behalf and to bind its customer to the terms
and conditions of this Subscriber Agreement; (ii) it shall procure its
customer's compliance with the terms and conditions of this Subscriber
Agreement; (iii) any customer information it includes in the Certificate
Application shall be the exact information provided to it by such customer;
(iv) any of its information in the Certificate Application is accurate
and true; (v) no Certificate information it provided (including e-mail
address) infringes the intellectual property rights of any third parties;
(vi) it has been (since the time of such key's creation) and will remain
the only person possessing its customer's private key and any challenge
phrase, PIN, software, or hardware mechanism protecting its private
key and no unauthorized person has had or will have access to such private
key; (vii) it will use its customer's Certificate as set forth hereunder;
(viii) it will use its customer's Certificate as a Subscriber and not
as a Certification Authority issuing Certificates, certification revocation
lists, or otherwise; (ix) each digital signature created using its customer's
private key is its customer's digital signature, and the Certificate
has been accepted and is operational (not expired or revoked) at the
time the digital signature is created; and (x) it will not monitor,
interfere with, or reverse engineer (save to the extent that it can
not be prohibited from so doing under applicable law) the technical
implementation of the VTN, except with the prior written approval from
VeriSign, and shall not otherwise intentionally compromise the security
of the VTN. Web Host further represents and warrants that it has sufficient
information to make an informed decision as to the extent to which it
chooses to rely on the information in a digital certificate issued within
the VTN, that it is solely responsible for deciding whether or not to
rely on such information, and that it shall bear the legal consequences
of its failure to perform any obligations it might have as a Relying
Party under the applicable Relying Party Agreement.
8.4 Additional Representations and Warranties Applicable to ACS Publisher
and Content IDs only. You further represent and warranty
that (i) you shall ensure that only trustworthy individuals who have
been advised of and who have agreed to comply with the terms of this
Subscriber Agreement shall be authorized to digitally sign code
with the ACS Publisher ID; and (ii) you have exercised reasonable care
consistent with prevailing industry standards to exclude programs, extraneous
code, viruses, or data that may be reasonably expected to damage, misappropriate
or interfere with the use of data, software, systems, or operations
of private root providers.
8.5 Additional Representations and Warranties Applicable to Microsoft
Authenticode Code Signing Digital IDs. You hereby make
the following software publisher's pledge to all users and the applicable
Certification Authority concerning software that you sign with your
Certificate: In addition to the other representations, obligations,
and warranties in this Subscriber Agreement, you represent and warrant
that you will exercise reasonable care consistent with prevailing industry
standards to exclude programs, extraneous code, viruses, or data that
may be reasonably expected to damage, misappropriate, or interfere with
the use of data, software systems, or operations of any third party.
In no event shall any CA or VeriSign be held responsible for your breach
of such representation and warranty. The decision of the applicable
CA and VeriSign shall be final as to whether (i) you have materially
breached this Subscriber Agreement; and (ii) any responsive actions
taken (or not taken) by the CA and VeriSign were necessary and appropriate.
9. Fees, Payments and Term of Service. As consideration for
the Certificate and associated services you have purchased, you agree
to pay VeriSign the applicable service(s) fees set forth on our Web
site at the time of your selection, or, if applicable, upon receipt
of your invoice from VeriSign. All fees are due immediately and are
non-refundable, except as otherwise expressly noted below in this Subscriber
Agreement. Any renewal of your services with VeriSign is subject to
our then current terms and conditions, including, but not limited to,
successful completion of any applicable authentication procedure, and
payment of all applicable service fees at the time of renewal. VeriSign
will provide you notice prior to the renewal of your services at least
thirty (30) days in advance of the renewal date. You are solely responsible
for the credit card information you provide to VeriSign and must promptly
inform VeriSign of any changes thereto (e.g., change of expiration date
or account number). In addition, you are solely responsible for ensuring
the services are renewed. VeriSign shall have no liability to you or
any third party in connection with the renewal as described herein,
including, but not limited to, any failure or errors in renewing the
services. You agree to pay all value added, sales and other taxes (other
than taxes based on VeriSign's income) related to VeriSign services
or payments made by you hereunder. Set up fees, if any, will become
payable on the applicable effective date for the applicable VeriSign
services. You are responsible for notifying VeriSign of the need to
purchase additional Certificates with the Licensed Certificate Option
described herein. All sums due and payable that remain unpaid after
any applicable cure period herein will accrue interest as a late charge
of 1.5% per month or the maximum amount allowed by law, whichever is
less. This Section does not apply to you if you have purchased VeriSign
Managed PKI for SSL Certificate Service, or if you have purchased your
Certificate from a Web Host.
10. Ownership. Except as otherwise set forth herein, all right,
title and interest in and to all, (i) registered and unregistered trademarks,
service marks and logos; (ii) patents, patent applications, and patentable
ideas, inventions, and/or improvements; (iii) trade secrets, proprietary
information, and know-how; (iv) all divisions, continuations, reissues,
renewals, and extensions thereof now existing or hereafter filed, issued,
or acquired; (v) registered and unregistered copyrights including, without
limitation, any forms, images, audiovisual displays, text, software;
and (vi) all other intellectual property, proprietary rights or other
rights related to intangible property which are used, developed, comprising,
embodied in, or practiced in connection with any of the VeriSign services
identified herein ("VeriSign Intellectual Property Rights")
are owned by VeriSign or its licensors, and you agree to make no claim
of interest in or ownership of any such VeriSign Intellectual Property
Rights. You acknowledge that no title to the VeriSign Intellectual Property
Rights is transferred to you, and that you do not obtain any rights,
express or implied, in the VeriSign or its licensors' service, other
than the rights expressly granted in this Subscriber Agreement. To the
extent that you create any Derivative Work (any work that is based upon
one or more preexisting versions of a work provided to you, such as
an enhancement or modification, revision, translation, abridgement,
condensation, expansion, collection, compilation or any other form in
which such preexisting works may be recast, transformed or adapted)
such Derivative Work shall be owned by VeriSign and all right, title
and interest in and to each such Derivative Work shall automatically
vest in VeriSign. VeriSign shall have no obligation to grant you any
right in any such Derivative Work. You may not reverse engineer, disassemble
or decompile the VeriSign Intellectual Property or make any attempt
to obtain source code to the VeriSign Intellectual Property (save to
the extent that you can not be prohibited from so doing under applicable
law). You have the right to use the Certificate under the terms and
conditions of this Subscriber Agreement.
11. Modifications to Subscriber Agreement. Except as otherwise
provided in this Subscriber Agreement, you agree, during the term of
this Subscriber Agreement, that VeriSign may: (i) revise the terms and
conditions of this Subscriber Agreement; and/or (ii) change part of
the services provided under this Subscriber Agreement at any time. Any
such revision or change will be binding and effective thirty (30) days
after posting of the revised Subscriber Agreement or change to the service(s)
on VeriSign's Web sites, or upon notification to you by e-mail. You
agree to periodically review VeriSign's Web sites, including the current
version of this Subscriber Agreement available on VeriSign's Web sites,
to be aware of any such revisions. If you do not agree with any revision
to the Subscriber Agreement, you may terminate this Subscriber Agreement
at any time by providing VeriSign with notice. Notice of your termination
will be effective on receipt and processing by VeriSign. Any fees paid
by you if you terminate this Subscriber Agreement are nonrefundable.
By continuing to use VeriSign services after any revision to this Subscriber
Agreement or change in service(s), you agree to abide by and be bound
by any such revisions or changes. VeriSign is not bound by nor should
you rely on any representation by (i) any agent, representative or employee
of any third party that you may use to apply for VeriSign's services;
or in (ii) information posted on our Web site of a general informational
nature. No employee, contractor, agent or representative of VeriSign
is authorized to alter or amend the terms and conditions of this Subscriber
Agreement.
12. Privacy. VeriSign may place in your Certificate certain
information that you provide for inclusion in your Certificate. VeriSign
may also (a) publish your Certificate and information about its status
in VeriSign's repository of Certificate information and make this information
available to other repositories and (b) use such information for the
purposes set out in this Subscriber Agreement and in the VeriSign Privacy
Statement, which can be found in the Repository. If you are a Web Host
acting on behalf of a customer, you warrant that you have all necessary
rights (including consents) to provide customer information to VeriSign
under this Agreement and in accordance with the VeriSign Privacy Statement.
If you are a customer of a VeriSign entity that is not VeriSign, Inc.,
you are aware that VeriSign may transfer the information you provide
in your Certificate Application to VeriSign, Inc. in the United States
for processing of your Certificate, which by some jurisdictions may
be deemed to have inadequate data protection regulations. You hereby
agree that VeriSign may take each of the actions specified in this Section.
For further information on processing of personal data, please see our
Privacy Statement.
13. Refund Policy. If you paid for the Certificate and you
are not completely satisfied with the Certificate issued to you for
any reason, you may request that VeriSign revoke the Certificate within
thirty (30) days of issuance and provide you with a refund. Following
the initial 30 day period, you may request that VeriSign revoke the
Certificate and provide a refund only if VeriSign has breached a warranty
or other material obligation under either this Subscriber Agreement
or the NetSure Protection Plan (if applicable) relating to you or your
Certificate. After VeriSign revokes your Certificate, VeriSign will
promptly credit your credit card account (if the certificate was paid
for via credit card) or otherwise reimburse you via check, for the full
amount of the applicable fees paid for the Certificate. For more information
on our refund policy, refer to the Repository. This Section does not
apply to you if you have purchased a Managed PKI for SSL Certificate
Service, or if you have purchased your Certificate from a Web Host.
14. Disclaimers of Warranties. YOU AGREE THAT YOUR USE OF VERISIGN'S
SERVICE(S) IS SOLELY AT YOUR OWN RISK. YOU AGREE THAT ALL SUCH SERVICES
ARE PROVIDED ON AN "AS IS" AND AS AVAILABLE BASIS, EXCEPT
AS OTHERWISE NOTED IN THIS SUBSCRIBER AGREEMENT. VERISIGN EXPRESSLY
DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, GUARANTEES, TERMS OR CONDITIONS
OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED THOSE
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY
AND NON-INFRINGEMENT. OTHER THAN THE REPRESENTATIONS AND WARRANTIES
AS SET FORTH IN SECTION 8, VERISIGN DOES NOT MAKE ANY REPRESENTATION,
WARRANTY, GUARANTEE, TERM, OR CONDITION THAT ANY SERVICE WILL MEET YOUR
REQUIREMENTS, OR THAT ANY SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE
OR ERROR FREE; NOR DOES VERISIGN MAKE ANY REPRESENTATION, WARRANTY,
GUARANTEE, TERM OR CONDITION AS TO THE RESULTS THAT MAY BE OBTAINED
FROM THE USE OF THE SERVICE OR TO THE ACCURACY OR RELIABILITY OF ANY
INFORMATION OBTAINED THROUGH VERISIGN'S SERVICE. YOU UNDERSTAND AND
AGREE THAT ANY MATERIAL AND/OR DATA DOWNLOADED OR OTHERWISE OBTAINED
THROUGH THE USE OF VERISIGN'S SERVICES IS DONE AT YOUR OWN DISCRETION
AND RISK. TO THE EXTENT JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF
CERTAIN REPRESENTATIONS, WARRANTIES OR GUARANTEES, SOME OF THE ABOVE
EXCLUSIONS MAY NOT APPLY TO YOU. VERISIGN IS NOT RESPONSIBLE FOR AND
SHALL HAVE NO LIABILITY WITH RESPECT TO ANY PRODUCTS AND/OR SERVICES
PURCHASED BY YOU FROM A THIRD PARTY.
15. Indemnity. You agree to release, indemnify, defend and
hold harmless VeriSign and any of its contractors, agents, employees,
officers, directors, shareholders, affiliates and assigns from all liabilities,
claims, damages, costs and expenses, including reasonable attorney's
fees and expenses, of third parties relating to or arising out of (i)
this Subscriber Agreement or the breach of your warranties, representations
and obligations under this Subscriber Agreement, (ii) falsehoods or
misrepresentations of fact by you on the Certificate Application, (iii)
any infringement of an intellectual property or other proprietary right
of any person or entity arising from any information or content provided
by you, (iv) failure to disclose a material fact on the Certificate
Application if the misrepresentation or omission was made negligently
or with intent to deceive any party, or (v) failure to protect the private
key, or use a trustworthy system, or to take the precautions necessary
to prevent the compromise, loss, disclosure, modification or unauthorized
use of the private key under the terms of this Subscriber Agreement.
When VeriSign is threatened with suit or sued by a third party, VeriSign
may seek written assurances from you concerning your promise to indemnify
VeriSign, your failure to provide those assurances may be considered
by VeriSign to be a material breach of this Subscriber Agreement. VeriSign
shall have the right to participate in any defense by you of a third-party
claim related to your use of any VeriSign services, with counsel of
VeriSign's choice at your own expense. You shall have sole responsibility
to defend VeriSign against any claim, but you must receive the prior
written consent of VeriSign regarding any related settlement. The terms
of this Section 15 will survive any termination or cancellation of this
Subscriber Agreement. As a Relying Party, you further agree to release,
indemnify, defend and hold harmless VeriSign and any of its contractors,
agents, employees, officers, directors, shareholders, affiliates and
assigns from all liabilities, claims, damages, costs and expenses, including
reasonable attorney's fees and expenses, of third parties relating to
or arising out of (i) your failure to perform the obligations of a Relying
Party as set forth in the applicable Relying Party Agreement; (ii) your
reliance on a certificate that is not reasonable under the circumstances;
or (iii) your failure to check the status of such certificate to determine
whether the certificate is expired or revoked.
16. Limitations of Liability.
16.1 LIMITATIONS UNDER THE NETSURE PROTECTION PLAN. THE MOST
THAT VERISIGN MUST PAY THE SUBSCRIBER UNDER THE NETSURE PROTECTION PLAN
IS THE AMOUNT DETERMINED UNDER THE NETSURE PROTECTION PLAN. THE LIMITATIONS
ON DAMAGES AND PAYMENTS IN THIS SECTION 16.1 DO NOT APPLY TO REFUND
PAYMENTS.
16.2 OTHER LIMITATIONS. THIS SECTION 16.2 APPLIES TO LIABILITY
UNDER CONTRACT (INCLUDING BREACH OF WARRANTY), TORT (INCLUDING NEGLIGENCE
AND/OR STRICT LIABILITY), AND ANY OTHER LEGAL OR EQUITABLE FORM OF CLAIM.
IF YOU INITIATE ANY CLAIM, ACTION, SUIT, ARBITRATION, OR OTHER PROCEEDING
SEPARATE FROM A REQUEST FOR PAYMENT UNDER THE NETSURE PROTECTION PLAN
RELATING TO SERVICES PROVIDED UNDER THIS SUBSCRIBER AGREEMENT, TO THE
EXTENT PERMITTED BY APPLICABLE LAW, VERISIGN SHALL NOT BE LIABLE FOR
(A) ANY LOSS OF PROFIT, BUSINESS, CONTRACTS, REVENUE OR ANTICIPATED
SAVINGS, OR (B) ANY INDIRECT OR CONSEQUENTIAL LOSS. VERISIGN'S TOTAL
LIABILITY FOR DAMAGES SUSTAINED BY YOU AND ANY THIRD PARTY FOR ANY USE
OR RELIANCE ON A CERTIFICATE SHALL BE LIMITED, IN THE AGGREGATE, TO
ONE HUNDRED THOUSAND U.S. DOLLARS (US$100,000) OR THE EQUIVALENT IN
LOCAL CURRENCY. THE LIABILITY LIMITATIONS PROVIDED IN THIS SECTION 16.2
SHALL BE THE SAME REGARDLESS OF THE NUMBER OF DIGITAL SIGNATURES, TRANSACTIONS,
OR CLAIMS RELATED TO SUCH CERTIFICATE. THIS SECTION 16.2 DOES NOT LIMIT
REFUND PAYMENTS OR PAYMENTS UNDER THE NETSURE PROTECTION PLAN. TO THE
EXTENT JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN LIABILITY
LIMITATIONS, SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.
17. Force Majeure. Except for payment and indemnity obligations
hereunder, neither party shall be deemed in default hereunder, nor shall
it hold the other party responsible for, any cessation, interruption
or delay in the performance of its obligations hereunder due to earthquake,
flood, fire, storm, natural disaster, act of God, war, armed conflict,
terrorist action, labor strike, lockout, boycott or other matter outside
its reasonable control, provided that the party relying upon this Section
17 shall (i) have given the other party prompt written notice thereof
and (ii) take all steps reasonably necessary to mitigate the effects
of the force majeure event; provided further, that in the event a force
majeure event described in this Section 17 extends for a period in excess
of thirty (30) days in aggregate, the other party may immediately terminate
this Subscriber Agreement.
18. Export. You acknowledge and agree that you shall not import,
export, or re-export directly or indirectly, any commodity, including
your Certificate, to any country in violation of the laws and regulations
of any applicable jurisdiction. This restriction expressly includes,
but is not limited to, the export regulations of the United States of
America (the "United States"). Specifically, you shall not
download or otherwise export or re-export any Certificate into or to
(i) a national or resident of) Cuba, Iran, Iraq, Libya, Sudan, North
Korea, or Syria or any other country where such use is prohibited under
United States export regulations, or (ii) to anyone on the United States
Treasury Department's list of Specially Designated Nationals or the
United States Commerce Department's Table of Denial Orders. You agree
to the foregoing and represent and warrant that you are not located
in, under the control of, or a national or resident of any such country
or on any such list.
19. Severability. You agree that the terms of this Subscriber
Agreement are severable. If any term or provision is declared invalid
or unenforceable, in whole or in part, that term or provision will not
affect the remainder of this Subscriber Agreement; this Subscriber Agreement
will be deemed amended to the extent necessary to make this Subscriber
Agreement enforceable, valid and, to the maximum extent possible consistent
with applicable law, consistent with the original intentions of the
parties; and the remaining terms and provisions will remain in full
force and effect.
20. Governing Law. The parties agree that any disputes related
to the services provided under this Subscriber Agreement shall be governed
in all respects by and construed in accordance with the laws of the
State of California, United States of America, excluding its conflict
of laws rules. The parties agree that the United Nations Convention
on Contracts for the International Sale of Goods shall not apply to
this Subscriber Agreement.
21. Dispute Resolution. To the extent permitted by law, before
you may invoke any dispute resolution mechanism with respect to a dispute
involving any aspect of this Subscriber Agreement, you shall notify
VeriSign, and any other party to the dispute for the purpose of seeking
dispute resolution. If the dispute is not resolved within sixty (60)
days after the initial notice, then a party may proceed in accordance
with the following:
(i) When each party to the dispute
is a Canadian or U.S. resident or organization situated or doing business
in Canada or the United States. All suits to enforce any provision of
this Subscriber Agreement or arising in connection with this Agreement
shall be brought in the United States District Court for the Northern
District of California or the Superior or Municipal Court in and for
the County of Santa Clara, California, U.S.A. The parties agree that
such courts shall have exclusive in personam jurisdiction and venue
and the parties submit to the exclusive in personam jurisdiction and
venue of such courts. The parties further waive any right to a jury
trial regarding any action brought in connection with this Subscriber
Agreement.
(ii) Where one or more parties to
the dispute is not a Canadian or U.S. resident or organization situated
or doing business in Canada or the United States. All disputes arising
in connection with this Subscriber Agreement shall be finally settled
under the Rules of Conciliation and Arbitration of the International
Chamber of Commerce (ICC) as modified as necessary to reflect the provisions
herein by one or more arbitrators. The place of arbitration shall be
in Geneva in Switzerland, and the proceedings shall be conducted in
English. In cases involving a single arbiter, that single arbiter shall
be appointed by mutual agreement of the parties. If the parties fail
to agree to an arbiter within fifteen (15) days, the ICC shall choose
an arbiter knowledgeable in computer software law, information security
and cryptography or otherwise having special qualifications in the field,
such as a lawyer, academician, or judge in common law jurisdiction.
Nothing in this Subscriber Agreement will be deemed as preventing either
party from seeking injunctive relief (or any other provisional remedy)
from any court having jurisdiction over the parties and the subject
matter of this dispute as is necessary to protect either party's name,
proprietary information, trade secret, know-how, or, or any other intellectual
property rights.
22. NetSure Protection Plan and Limitations Period. You are
covered by the most current version of the NetSure Protection Plan,
the details of which are available in the Repository. Under the NetSure
Protection Plan, VeriSign will pay you for certain incidental or consequential
damages of one or more of the limited warranties in the NetSure Protection
Plan, up to the limits set forth in the NetSure Protection Plan. VeriSign
is not obligated to make a payment under the NetSure Protection Plan
for a breach of a warranty found in the NetSure Protection Plan unless
you submit a payment request as required by the NetSure Protection Plan
within one (1) year after the termination of this Subscriber Agreement
(this provision shall survive termination or expiration of this Subscriber
Agreement). ACS Content and Publisher IDs are not covered under
the NetSure Protection Plan.
23. Non-Assignment. Except as otherwise set forth herein, your
rights under this Agreement are not assignable or transferable. Any
attempt by your creditors to obtain an interest in your rights under
this Agreement, whether by attachment, levy, garnishment or otherwise,
renders this Agreement voidable at VeriSign's option.
24. Notices and Communications. You will make all notices,
demands or requests to VeriSign with respect to this Subscriber Agreement
in writing to the "Contact" address listed on the website
from where you purchased your Certificate, with a copy to: General Counsel,
VeriSign, Inc., 487 E. Middlefield Road, Mountain View, California,
USA 94043. References to telephone numbers above shall mean 1-650-426-3400.
25. Entire Agreement. This Subscriber Agreement, the Seal License
Agreement (if you choose to display a Secured Seal), and if you are
a Web Host, your Web Host agreement with VeriSign, constitute the entire
understanding and agreement between VeriSign and you with respect to
the transactions contemplated, and supersedes any and all prior or contemporaneous
oral or written representation, understanding, agreement or communication
between VeriSign and you concerning the subject matter hereof. Neither
party is relying upon any warranties, representations, assurances or
inducements not expressly set forth herein. Section headings are inserted
for convenience of reference only and are not intended to be part of
or to affect the meaning this Subscriber Agreement. Terms and conditions
in any purchase orders that are not included in this Subscriber Agreement
or that conflict with this Subscriber Agreement are null and void.
26. For all Customers Who Are Not Customers of VeriSign, Inc.
In accepting this Subscriber Agreement you agree to the use of your
data and information in accordance with Sections 12 and 18.
27. For Customers of VeriSign UK Limited. If you are a customer
of VeriSign UK Limited, the following provisions apply to you:
(i) To the extent that any Derivative
Work does not automatically vest in VeriSign by operation of law in
accordance with Section 10, such Derivative Work shall be expressly
assigned to VeriSign by the Subscriber with full title guarantee.
(ii) A breach of Section 10 (asserting
right in VeriSign Intellectual Property Rights) shall give VeriSign
the right to terminate only.
(iii) Nothing in this Subscriber
Agreement shall limit VeriSign's liability in respect of fraud or personal
injury or death caused by its negligence. In particular, Sections 16
and 25 shall not apply to such liability.
28. For Customers of VeriSign Spain, S.L. If you are a customer
of VeriSign Spain, S.L., nothing in this Subscriber Agreement shall
limit VeriSign's liability in respect of civil liability stated in the
Spanish law 28/1994 of 6 July 1994 regarding civil liability for defective
products.
29. For Customers of VeriSign France SA. If you are a customer
of VeriSign France SA, nothing in this Subscriber Agreement shall limit
VeriSign's liability in respect of personal injury or death caused by
an act or omission of VeriSign. In particular Sections 16 and 25 shall
not apply to such liability.
VeriSign Code Signing Certificate Subscriber Agreement
Version 3.0
|
|
Worldwide Sites
