HKUST CA. Certification Practice Statement

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HKUST CA. Certification Practice Statement"

Transcription

1 HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of Science & Technology

2 Table of Contents 1. Introduction Overview Scope of HKUST CA Certification Services HKUST CA Identity Publication Further Information HKUST CA Certification Infrastructure Overview Certificate Classes Personal e-cert Personal (Smartcard) e-cert Secure Server e-cert Developer e-cert Role e-cert Certificate Class Properties Certification Authority (CA) Registration Authority (RA) Certificate Repository Certificate Application Overview Application for Personal e-cert Application for Personal (Smartcard) e-cert Application for Secure Server e-cert Application for Developer e-cert Application for Role e-cert Validation of Certificate Application Overview Validation Requirements for Certificate Application Approval of Certificate Application Rejection of Certificate Application Certificate Issuance Overview Issuance & Publication Refusal Certificate Validity and Operational Periods Certificate Format Certificate Revocation Overview General Reasons for Revocation Revocation of a HKUST CA Certificate Revocation at Certificate Owner s Request Certificate Expiration Overview Certificate Expiry...20 Hong Kong University of Science & Technology ii

3 7.3 Certificate Renewal Rights and obligations Rights and obligations of Certificate Owners Rights and obligations of HKUST CA Liability Liability of Certificate Owner Liability of HKUST CA Use of Certificates Appendices Sample Letter for Secure Server e-cert Application Sample Letter for Developer e-cert Application Sample Letter for Role e-cert Application...29 Hong Kong University of Science & Technology iii

4

5 1. Introduction 1.1 Overview This HKUST CA Certification Practice Statement (CPS) describes the practices and standards employed by HKUST CA to perform Certification Authority Services and to exhibit trust by providing evidence of the methods used to manage and complete tasks associated with certificate generation. 1.2 Scope of HKUST CA Certification Services HKUST CA Certification Services are designed to support secure electronic transactions and other general security services to satisfy HKUST users for digital signatures and other network security services. To accomplish this, HKUST CA serves as a trusted third party, issuing, managing, renewing and revoking certificates in accordance with published practices. The services offered by HKUST CA include the following: Certificate Application Certificate Issuance Certificate Publication Certificate Expiry Certificate Revocation Online Certificate Status Protocol (OCSP) support Certificate Revocation List (CRL) Management 1.3 HKUST CA Identity HKUST CA certifies certificates in the name of the organization detailed below. Company Name: Registered Offices: Hong Kong University of Science and Technology Hong Kong University of Science and Technology Information Technology Services Center Clear Water Bay Kowloon Hong Kong Hong Kong University of Science & Technology 1

6 Telephone: (852) Fax: (852) Electronic mail: 1.4 Publication This HKUST CA Certification Practice Statement is published in electronic form at 1.5 Further Information HKUST user acknowledges that HKUST CA has provided him/her with sufficient information to become familiar with digital certificates before applying for, using, and relying upon a certificate. For more information about this CPS or information related to HKUST CA services, please contact our HKUST Certification Authority at Hong Kong University of Science & Technology 2

7 2. HKUST CA Certification Infrastructure 2.1 Overview HKUST CA acts as a trusted third party to facilitate the confirmation of identity within HKUST community. Such confirmation is expressly represented by a certificate, i.e. a message which is digitally signed and issued by HKUST CA. The high-level management of this certification process includes registration, naming, appropriate applicant authentication, issuance, revocation and audit-trail generation. HKUST CA currently offers distinct levels of certification services. Each level, or class of certificate provides specific functionality and security features. Certificate applicants choose from this set of service qualities according to their needs. Depending on the class of certificate desired, certificate applicants may apply electronically to HKUST CA, and they may be required to apply in person by visiting the HKUST Certification Authority. 2.2 Certificate Classes HKUST CA currently supports distinct certificate classes within the CPS. Each class provides for a designated level of trust. The following sections describe each certificate class in detail. Please note that the descriptions for each certificate class do not represent an endorsement or recommendation by HKUST CA for any particular application or purpose, and they must not be relied upon as such. Users must independently assess and determine the appropriateness of each class of certificate for any particular purpose Personal e-cert Personal e-cert certificates are currently issued to individuals only. Personal e-cert certificates provide important assurances of the identity of individual certificate owners by requiring their personal (physical) appearance before a Registration Authority Officer with a valid proof of identity like HKUST Staff/Student ID card. They are typically used for services, online purchases, on-line subscription services or other web-based services. Hong Kong University of Science & Technology 3

8 2.2.2 Personal (Smartcard) e-cert Personal (Smartcard) e-cert certificates are currently issued to individuals with a valid HKUST Card. Personal (Smartcard) e-cert certificates provide important assurances of the identity of individual certificate owners who holds the HKUST Card specific to himself/herself. They are typically used for services, online purchases, on-line subscription services or other web-based services Secure Server e-cert Secure Server e-cert certificates are currently issued to departmental servers in HKUST only. Department Head or Inter-departmental Liaison Person (IDLP) can submit a signed Secure Server e-cert certificates Request for servers in their department. Secure Server e-cert certificates can provide assurance of the existence and name of servers within HKUST. Secure Server e-cert certificates are used primarily for secure web servers communication on a secure channel Developer e-cert Developer e-cert certificates are currently issued to departments in HKUST only. Department Head or Inter-departmental Liaison Person (IDLP) can submit a signed Developer e-cert certificates Request for developers of their department. Developer e-cert certificates can provide assurance of the identity of the developer within HKUST. Developer e-cert certificates are used by developers primarily for the signature of objects like software Role e-cert Role e-cert certificates are currently issued to departments requiring a digital certificate to carry out their administrative work. The Role e-cert will, in general, bind to a Departmental Network Account. Hong Kong University of Science & Technology 4

9 2.2.6 Certificate Class Properties Summary of Confirmation of Identity Certificate Applicant Private Key Protection Possible Applications Personal e-cert Automated unambiguous ITSC Network Account authentication plus personal presence plus HKUST Staff / Student ID Cards Verification Encryption software (PIN protected) required , online purchases, on-line subscription services, password replacement, software validation Personal (Smartcard) e-cert Automated unambiguous ITSC Network Account authentication plus HKUST Card and/or personal presence Encryption software (PIN protected) required, Smart Card as security tokens supported , online purchases, on-line subscription services, password replacement, software validation Summary of Confirmation of Identity Certificate Applicant Private Key Protection Possible Applications Secure Server e-cert Developer e-cert Role e-cert Records provided by the Records provided by the applicant and independent applicant and independent call-backs call-backs call-backs Encryption software (PIN protected) required Secure web-server communication Encryption software (PIN protected) required Object signing Records provided by the applicant and independent Encryption software (PIN protected) required, Smart Card as security tokens supported , online purchases, on-line subscription services, password replacement, software validation Hong Kong University of Science & Technology 5

10 2.3 Certification Authority (CA) HKUST Certification Authority operates in accordance with this CPS and issues, manages, and revokes Personal e-cert, Personal (Smartcard) e-cert, Secure Server e-cert, Developer e- Cert and Role e-cert certificates. Functions include the following: Certificate Application Certificate Issuance Certificate Publication Certificate Expiry Certificate Revocation Online Certificate Status Protocol (OCSP) support Certificate Revocation List (CRL) Management To ensure modest security level, Certification Authority will accept Certificate Request from HKUST card owners or approved from Registration Authority Officer on the Registration Authority Console only. A Personal e-cert is required to validate the identity of the Registration Authority Officer and a Secure Server e-cert is issued to Registration Authority Console to ensure secure server communication. HKUST CA NEITHER GENERATES NOR HOLDS the private keys of Certificate Applicants. HKUST CA s private key is secured against compromise via trustworthy hardware products. 2.4 Registration Authority (RA) HKUST Registration Authority evaluates and approves or rejects certificate applications, exclusively on behalf of the HKUST CA that actually issues the certificates. Registration Authority Officer is an assigned person to coordinate certificate applications and validate certificate applicants identity and confirm the information they provide during the application process. The type, scope and extent of confirmation depend upon the class of certificate and various other factors. Registration Authority Manager is an assigned person, who must be a different person other than the Registration Authority Officer, to approve certificate applications, depend upon the class of certificate, after the validation procedure performed by the Registration Authority Officer and ensure that the whole certification application procedure is performed according to the practice in this CPS. Hong Kong University of Science & Technology 6

11 Registration Authority Console is a console machine being setup for the Registration Authority Officer to submit certificate request to the Certification Authority after getting the approval from the Registration Authority Manager. The machine can communicate with Certification Authority (CA) server to handle digital certificate request in a Certification Process. It is installed on different machine from the Certification Authority Server that it serves. 2.5 Certificate Repository Certificate Internal Database is a database to keep track of the pending certificate request, issued or revoked certificate, private Certificate Revocation List (CRL), etc. Only RA and CA have the rights to update this database. A web user interface will be provided for users to query the status of their certificate requests and any issued or revoked certificate. Various fields in certificate, such as serial no, expiry date, subject name, etc will be indexed. This will allow faster queries based on these standard attributes. A high performance directory server, based on the IETF LDAP standard, is used as a public repository of Certificate Revocation List (CRL), user and CA certificates. Its design is based on the RFC 2587 schema. A standard LDAP interface will be provided to native client for retrieving certificate for applications like S/MIME or SSL client authentication. Hong Kong University of Science & Technology 7

12 3. Certificate Application 3.1 Overview This section describes the Certificate Application Process. It includes the requirements for key pair generation and protection and lists the information required for each class of certificate. Currently, there are 5 types of certificate application for HKUST CA services. Application for Personal e-cert Application for Personal (Smartcard) e-cert Application for Secure Server e-cert Application for Developer e-cert Application for Role e-cert 3.2 Application for Personal e-cert All person desiring a Personal e-cert shall contemporaneously complete the following general procedures. Authenticate with a valid ITSC Network Account and Password. Submit a certificate application to HKUST CA and accept the Certificate Practice Statement of HKUST CA via a web interface provided by HKUST CA on a secure channel. Generate a key pair and demonstrate to HKUST CA that it is a functioning key pair. Protect the private key of this key pair from compromise. Prove their identity to Registration Authority Officer in person with HKUST Staff / Student ID Card. Fill in a registration form and accept the Certificate Practice Statement acknowledge by the Registration Authority Officer. HKUST CA communicates an on-line enrolment process to the certificate applicant. By completing this on-line enrolment process via a secure channel, the certificate applicant then affirms that : Certificate applicant information is accurate. Certificate applicant has read, understands and accepts the Certificate Practice Statement. Hong Kong University of Science & Technology 8

13 Certificate applicant accepts the certificates issued by HKUST CA. The certificate applicant proves his / her identity by submitting a signed copy of the registration form when going personally to the Registration Authority Officer. Upon completion of specified validation procedures, HKUST CA sends an to the address that was previously provided by the certificate applicant in the certification application. This contains an URL that authorises the certificate applicant to obtain the certificate from HKUST CA. 3.3 Application for Personal (Smartcard) e-cert All person desiring a Personal (Smartcard) e-cert shall contemporaneously complete the following general procedures. Authenticate with a valid ITSC Network Account and Password. Submit a certificate application to HKUST CA and accept the Certificate Practice Statement of HKUST CA via a web interface provided by HKUST CA on a secure channel. Generate a key pair and demonstrate to HKUST CA that it is a functioning key pair. Protect the private key of this key pair from compromise on HKUST Card. HKUST CA communicates an on-line enrolment process to the certificate applicant. By completing this on-line enrolment process via a secure channel, the certificate applicant then affirms that : Certificate applicant information is accurate. Certificate applicant has read, understands and accepts the Certificate Practice Statement. Certificate applicant accepts the certificates issued by HKUST CA. For staff/students who have signed the acknowledgment slip receiving their HKUST Card through Personnel Office or Admissions, Registration & Records Office, identity verification process will be done automatically. The certificate will be downloaded to the HKUST Card if the applicants choose an address in their certification application same as their ITSC network account suffixed by domain. For applicants have choose their departmental address in the certification application, HKUST CA sends an to their departmental address and this contains a token that authorises the certificate applicant to obtain the certificate from HKUST CA. Hong Kong University of Science & Technology 9

14 For staff/students who did not sign any acknowledgment slip receiving their HKUST Card, they will need to prove his / her identity by submitting a signed copy of the registration form when going personally to the Registration Authority Officer. Upon completion of specified validation procedures, HKUST CA sends an to the address that was previously provided by the certificate applicant in the certification application. This contains an URL that authorises the certificate applicant to obtain the certificate from HKUST CA. 3.4 Application for Secure Server e-cert Department desiring a Secure Server e-cert shall contemporaneously complete the following general procedures. Authenticate with ITSC Network Account and Password from a technical person in their department. Generate a key pair and demonstrate to HKUST CA that it is a functioning key pair. Protect the private key of this key pair from compromise. Submit a signed certificate application letter with hand-written signature of an authorized person in the department like Department Head or Inter-departmental Liaison Person and hand-written signature of the technical person to HKUST CA. A sample letter can be found in Appendices for reference. HKUST CA communicates an on-line enrolment process to the certificate applicant. By completing this on-line enrolment process via a secure channel, the certificate applicant then affirms that : Certificate applicant information is accurate. Certificate applicant has read, understands and accepts the Certificate Practice Statement. Certificate applicant accepts the certificates issued by HKUST CA. Upon completion of specified validation procedures, HKUST CA sends an to the address that was previously provided by the certificate applicant in the certification application. This contains an URL that authorises the certificate applicant to obtain the certificate from HKUST CA. 3.5 Application for Developer e-cert Department desiring a Developer e-cert shall contemporaneously complete the following general procedures. Hong Kong University of Science & Technology 10

15 Authenticate with ITSC Network Account and Password from a technical person in their department. Generate a key pair and demonstrate to HKUST CA that it is a functioning key pair. Protect the private key of this key pair from compromise. Submit a signed certificate application letter with hand-written signature of an authorized person in the department like Department Head or Inter-departmental Liaison Person and hand-written signature of the technical person to HKUST CA. A sample letter can be found in Appendices for reference. HKUST CA communicates an on-line enrolment process to the certificate applicant. By completing this on-line enrolment process via a secure channel, the certificate applicant then affirms that : Certificate applicant information is accurate. Certificate applicant has read, understands and accepts the Certificate Practice Statement. Certificate applicant accepts the certificates issued by HKUST CA. Upon completion of specified validation procedures, HKUST CA sends an to the address that was previously provided by the certificate applicant in the certification application. This contains an URL that authorises the certificate applicant to obtain the certificate from HKUST CA. 3.6 Application for Role e-cert Department desiring a Role e-cert shall contemporaneously complete the following general procedures. Submit a signed application of an authorized person in the department like Department Head or Inter-departmental Liaison Person to HKUST CA. A sample letter can be found in Appendices for reference. Successful applicant shall receive notification from HKUST CA about collection of the Departmental Admin Card and related e-cert password. By acknowledge receipt of the Role e-cert (s), certificate applicant then affirms that : Certificate applicant information is accurate. Certificate applicant has read, understands and accepts the Certificate Practice Statement. Certificate applicant accepts the certificates issued by HKUST CA. Hong Kong University of Science & Technology 11

16 Hong Kong University of Science & Technology 12

17 4. Validation of Certificate Application 4.1 Overview This section presents the requirements for validation of certificate applications to be performed by HKUST CA. It also explains the procedures for applications that fail validation. 4.2 Validation Requirements for Certificate Application Upon receipt of a certificate application, HKUST CA shall perform all required validations as a prerequisite to certificate issuance. Particularly for Personal e-cert Applications, the applicants must appear personally before an Registration Authority Officer to facilitate the confirmation of their identity. Once a certificate is issued, HKUST CA shall have no continuing duty to monitor and investigate the accuracy of the information in a certificate, unless HKUST CA is notified in accordance with this CPS of that certificate s compromise. The following tables highlight certain differences between the validation requirements for each certificate class. HKUST CA reserves the right to update these validation procedures to improve the validation process. Hong Kong University of Science & Technology 13

18 Personal e-cert Personal (Smartcard) e-cert Method 1 * Method 2 ** HKUST Card No Yes Yes Personal Yes No Yes Presence ITSC Network Yes Yes Yes Account Authentication Submission of Yes No Yes Hard Copy Application Form HKUST Staff / Yes Yes Yes Student ID Card Validation (Automated) Submission by Department Head or IDLP Only No No No * Method 1: Signed the acknowledgment slip receiving their HKUST Card through Personnel Office or Admissions, Registration & Records Office ** Method 2: Did not sign any acknowledgment slip receiving their HKUST Card via Personnel Office or Admissions, Registration & Records Office Hong Kong University of Science & Technology 14

19 Personal Presence ITSC Network Account Authentication Submission of Hard Copy Application Form HKUST Staff / Student ID Card Validation Submission by Department Head or IDLP Only Secure Server e-cert Developer e-cert Role e-cert No No No Yes Yes No Yes Yes No (via signed ) No No Yes (During collection of the Departmental Admin Card) Yes Yes Yes (Signed using the HKUST e-cert) 4.3 Approval of Certificate Application Upon successful performance of all required validations of certificate application, HKUST CA shall approve the application. Approval is demonstrated by issuing a certificate according to this CPS. 4.4 Rejection of Certificate Application If a validation fails, HKUST CA shall reject the certificate application by promptly notifying the certificate applicant of the validation failure and providing a reason for such failure. Such notice shall be communicated to the certificate applicant using the same method as was used to communicate the certificate application to HKUST CA. A person whose certificate application has been rejected may thereafter reapply. Hong Kong University of Science & Technology 15

20 5. Certificate Issuance 5.1 Overview This section presents more information about the issuance of certificates. 5.2 Issuance & Publication Upon approving a certificate application, HKUST CA issues a certificate. The issuance of a certificate indicates a complete and final approval of the certificate application by HKUST CA. The issued certificate and the corresponding public key will be published to the HKUST Certificate Repository and the HKUST LDAP Directory server for public access. HKUST CA NEITHER GENERATES NOR HOLDS the private keys of Certificate Applicants or Certificate owners. 5.3 Refusal HKUST CA may refuse to issue a certificate to any person, at its sole discretion, without incurring any liability or responsibility for any loss or expenses arising out of such refusal. 5.4 Certificate Validity and Operational Periods All certificates shall be considered valid upon: Issued by HKUST CA, and Published on HKUST LDAP Directory Server, and Is not on the HKUST CA Certificate Revocation List, and Has not expired, and Can be verified by a valid HKUST Certification Authority certificate. The standard operational periods for the various classes of certificates are as follows, subject to earlier termination of the operational period due to revocation. Hong Kong University of Science & Technology 16

21 Validity Period starting from the date of certificate issuance by HKUST CA Personal e-cert Personal (Smartcard) e-cert Secure Server e-cert Developer e-cert Role e-cert 3 year 3 year 3 year 3 year 3 year 5.5 Certificate Format The format of all certificates issued by HKUST CA is in accordance with ISO/IEC 9594 X.509 Version 3 plus any HKUST specific extensions. Hong Kong University of Science & Technology 17

22 6. Certificate Revocation 6.1 Overview This section explains the circumstances under which a certificate may or must be revoked. It also details the procedures for revoking certificates. 6.2 General Reasons for Revocation A certificate shall be revoked if There has been a loss, theft, modification, unauthorised disclosure, or other compromise of the private key of the certificate s subject. The certificate s subject has breached a material obligation under this CPS. The performance of a person s obligations under this CPS is delayed or prevented by a natural disaster, computer or communications failure, or other cause beyond the person s reasonable control, and as a result another person s information is materially threatened or compromised. There has been a modification of the information contained in the certificate of the certificate s subject. 6.3 Revocation of a HKUST CA Certificate HKUST CA must make a reasonable effort to revoke a certificate if it determines any of the following: A material fact represented in the certificate is known or reasonably believed by HKUST CA to be false. A material prerequisite to certificate issuance was not satisfied. The private key or trustworthy system was compromised in a manner materially affecting the certificate s reliability. Hong Kong University of Science & Technology 18

23 The certificate s subject has breached a material obligation under this CPS. 6.4 Revocation at Certificate Owner s Request The certificate Owner must make a formal request to HKUST CA to revoke their certificate. The request must be made either the following ways. Sending a paper Certificate Revocation Request form to HKUST CA. The form must be signed with the same signature as on the original application for the certificate and/or with a valid proof of identity. On-Line Submission of a digitally signed Certificate Revocation Request Form. The online submission of the Certificate Revocation Request Form must be digitally signed by a valid HKUST CA certificate. Hong Kong University of Science & Technology 19

24 7. Certificate Expiration 7.1 Overview This section provides information about Certificate Expiry and Renewal procedures. 7.2 Certificate Expiry HKUST CA will undertake a reasonable effort to notify certificate Owners thirty (30) days before the expiration date, via , of the impending expiration of their certificates. Such notice is intended solely for the convenience of the certificate Owner in the renewal process. 7.3 Certificate Renewal Personal e-cert or Personal (Smartcard) e-cert certificate can be renewed via the HKUST Certificate Management System before the expiration of the certificate. For Secure Server e-cert, Developer e-cert and Role e-cert certificate renewal, certificate Owner should submit a signed written request to HKUST CA before the expiration. Request received after the expiration of the certificate will not be accepted. Requirements for renewal are subject to change at HKUST CA s discretion. Hong Kong University of Science & Technology 20

25 8. Rights and obligations 8.1 Rights and obligations of Certificate Owners HKUST user acknowledges that HKUST CA has provided him/her with sufficient information to become familiar with digital certificates before applying for, using, and relying upon a certificate. By applying a certificate issued by HKUST CA, the applicant certifies to and agrees with HKUST CA and to all who reasonably rely on the information contained in the certificate that, at the time of acceptance and throughout the operational period of the certificate, until notified otherwise by the certificate owner, of the following points: All representations made by the certificate owner to HKUST CA regarding the information contained in the certificate are true. All information contained in the certificate is true to the extent that the certificate owner had knowledge or notice of such information. Each digital certificate created using the private key corresponding to the public key listed in the certificate is the digital certificate of the certificate owner and the certificate has been accepted and is operational (not expired or revoked) at the time the digital certificate is created. No unauthorised person has ever had access to the certificate owner's private key. The certificate owner is an end-user certificate owner and not an Issuing Authority, and will not use the private key corresponding to any public key listed in the certificate for purposes of signing any certificate (or any other format of certified public key) or CRL, as an Issuing Authority or otherwise, unless expressly agreed in writing between certificate owner and HKUST CA. By accepting a certificate, the certificate owner assumes a duty to retain control of the certificate owner's private key, to use a trustworthy system, and to take reasonable precautions to prevent its loss, disclosure, modification, or unauthorized use. The user must revoke his / her certificate when there has been a loss, theft, modification, unauthorized disclosure, or other compromise of the private key of the certificate with HKUST CA. By accepting a certificate, the certificate owner agrees to indemnify and hold HKUST CA harmless from any acts or omissions resulting in liability, any loss or damage, and any suits and expenses of any kind that HKUST CA may incur, that are caused by the use or publication of a certificate and that arises from: Falsehood or misrepresentation of fact by the certificate owner. Hong Kong University of Science & Technology 21

26 Failure by the certificate owner to disclose a material fact, if the misrepresentation or omission was made negligently or with intent to deceive HKUST CA or any person receiving or relying on the certificate. Failure to protect the certificate owner's private key, to use a trustworthy system, or to otherwise take the precautions necessary to prevent the compromise, loss, disclosure, modification or unauthorized use of the certificate owner's private key. 8.2 Rights and obligations of HKUST CA HKUST CA neither generates nor holds the private keys of certificate owners. Also HKUST CA cannot ascertain or enforce any particular private key protection requirements of any applicant or certificate owner. Upon receipt of a certificate application, HKUST CA shall perform all required validations as a prerequisite to certificate issuance, as follows: The certificate applicant is the person identified in the request (in accordance with and only to the extent provided in the certificate class descriptions). The information to be listed in the certificate is accurate, except for non-verified certificate owner information. Once a certificate is issued, HKUST CA shall have no continuing duty to monitor and investigate the accuracy of the information in a certificate. Unless otherwise provided in the CPS or mutually agreed upon by both HKUST CA and the certificate owner in an authenticated record, HKUST CA promises to the certificate owner named in the certificate that There are no mis-representations of fact in the certificate known to HKUST CA or originating from HKUST CA, There are no data transcription errors as received by HKUST CA from the certificate applicant resulting from a failure of HKUST CA to exercise reasonable care in creating the certificate. The certificate meets all material requirements of the CPS. Unless otherwise provided in this CPS or mutually agreed upon by both HKUST CA and the certificate owner in an authenticated record, HKUST CA promises to the certificate owner to make reasonable efforts: To promptly revoke certificates upon request of the certificate owner. To notify certificate owners of any facts known to it that materially affect the validity and reliability of the certificate it issued to such certificate owner. Upon certificate owner's acceptance of the certificate, and checking by HKUST CA, HKUST CA shall publish a copy of the certificate in the HKUST CA repository and in one or more Hong Kong University of Science & Technology 22

27 other repositories, as determined by HKUST CA. Certificate owners may publish their HKUST CA certificates in other repositories. HKUST CA provides the controls and foundation for PKI. Hong Kong University of Science & Technology 23

28 9. Liability 9.1 Liability of Certificate Owner Without limiting other certificate owner obligations stated in the CPS, certificate owners are liable for any mis-representation they make in certificates to third parties that, reasonably rely on the representations contained therein. 9.2 Liability of HKUST CA HKUST CA Does not warrant the accuracy, authenticity, completeness or fitness of any unverified information contained in certificates or otherwise compiled, published, or disseminated by or on behalf of HKUST CA. Shall not incur liability for representations of information contained in a certificate, provided the certificate content substantially complies with the CPS. Does not warrant "non-repudiation" of any certificate or message (because nonrepudiation is determined exclusively by law and the applicable dispute resolution mechanism). Hong Kong University of Science & Technology 24

29 10. Use of Certificates HKUST CA and "users" of the certificate, (i.e., the certificate owner and the relying parties), are notified of the following rules governing the respective rights and obligations of the parties among themselves: Verification of Digital Certificates Verification of a digital certificate shall be undertaken as follows: Checking with the HKUST CA (or other) repository for revocation of certificates. To verify a digital certificate, it is necessary to know precisely what data has been signed. In the case of public key cryptography standards (PKCS), a standard signed message format is specified to accurately denote the signed data. To support non-repudiation, the data to which the corresponding digital certificate is attached must include, or reference, a time stamp. The time stamp shall reflect the time at which date and time the digital certificate is affixed. Failure of Digital Certificate Verification A person relying on an unverifiable digital certificate assumes all risks with regard to it and is not entitled to any presumption that the digital certificate is effective as the certificate of the certificate owner. Security Measures Any person using or relying upon a HKUST CA certificate in conjunction with a message shall apply reasonable security measures to the message to provide message authentication and, as required, to support data confidentiality. Revocation A certificate shall be revoked under circumstances like: There has been a loss, theft, modification, unauthorised disclosure, or other compromise of the private key of the certificate's subject. The certificate's subject (whether HKUST CA or a certificate owner) has breached a material obligation under the CPS. The performance of a person's obligations under the CPS is delayed or prevented by an act of God, natural disaster, computer or communications failure, or other cause beyond the person's reasonable control, and as a result another person's information is materially threatened or compromised. Hong Kong University of Science & Technology 25

30 HKUST CA must make a reasonable effort to revoke a certificate, if it determines any of the following: A material fact represented in the certificate is known or reasonably believed by HKUST CA to be false. A material prerequisite to certificate issuance was neither satisfied nor waived. The private key or trustworthy system was compromised in a manner materially affecting the certificate's reliability. The certificate's subject has breached a material obligation under the CPS. Hong Kong University of Science & Technology 26

31 11. Appendices 11.1 Sample Letter for Secure Server e-cert Application <Department Letter Head> Attention: HKUST Certification Authority Information Technology Services Center Hong Kong University of Science and Technology Clear Water Bay Kowloon Hong Kong <Date> Application for Secure Server e-cert I, <Name of Applicant>, hereby approve the use of a HKUST CA Secure Server e-cert for secure and authenticated electronic transactions. I hereby represent that I am fully authorized to make such approval, and that I understand that a digital certificate acts as a department stamp or director s signature for the purposes of electronic commerce, and that the management of the private keys associated with such certificates is the responsibility of our technical staff or contractors. The contents of that certificate are as follows: Server Domain Name : <Server Name> e.g. ccms01.ust.hk Department : <Department Name> e.g. Information Technology Services Center The person responsible for key management and security is fully authorized to install and utilise the certificate to represent this organization s electronic presence. Authorizing Signatory <Full Name> <Post> <Telephone Number> < address> <Signature> Technical Signatory <Full Name> <Post> <Telephone Number> < address> <Signature> Our department stamp appears below. <Department Stamp> Hong Kong University of Science & Technology 27

32 11.2 Sample Letter for Developer e-cert Application <Department Letter Head> Attention: HKUST Certification Authority Information Technology Services Center Hong Kong University of Science and Technology Clear Water Bay Kowloon Hong Kong <Date> Application for Developer e-cert I, <Name of Applicant>, hereby approve the use of a HKUST CA Developer e-cert for secure and authenticated electronic software distribution. I hereby represent that I am fully authorized to make such approval, and that I understand that a digital certificate acts as a department stamp or director s signature for the purposes of electronic commerce, and that the management of the private keys associated with such certificates is the responsibility of our technical staff or contractors. The contents of that certificate are as follows: Developer Description : <Name of Developer and Project Team> Department : <Department Name> e.g. Information Technology Services Center The person responsible for key management and security is fully authorized to install and utilise the certificate to represent this organization s electronic presence. Authorizing Signatory <Full Name> <Post> <Telephone Number> < address> <Signature> Technical Signatory <Full Name> <Post> <Telephone Number> < address> <Signature> Our department stamp appears below. <Department Stamp> Hong Kong University of Science & Technology 28

33 11.3 Sample Letter for Role e-cert Application [Signed addressed to signed by applicant s HKUST Personal (Smartcard) e-cert or HKUST Personal e-cert] Subject: Application for Role e-cert Body: Attention: HKUST Certification Authority Information Technology Services Center, HKUST On behalf of <Department>, I would like to apply for HKUST CA Role e-cert for the following departmental account(s): Departmental Admin Card ID Departmental Account(s) N/A <Account A>, <Account B> 2. N/A <Account A> 3. D <Account B> By digitally signed this , I understand that a digital certificate acts as a department stamp for the purposes of electronic commerce, and that the management of the Departmental Admin Card(s) and the private key associated with the certificate(s) are the responsibility of the applicant. Digitally Signed by Applicant: <Full Name> <Post> e.g. IDLP of <Department> <Telephone Number> < address> Hong Kong University of Science & Technology 29

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

[COMPANY CA] Certification Practice Statement

[COMPANY CA] Certification Practice Statement Certification Practice Statement Date: [PUBLICATION DATE] Version: v. X.X Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...3 1.2

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

RapidSSL(tm) Subscriber Agreement

RapidSSL(tm) Subscriber Agreement RapidSSL(tm) Subscriber Agreement Please read the following agreement carefully. By submitting an enrollment form to obtain a RapidSSL Digital Certificate (the Certificate ) and accepting and using such

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION

SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized

More information

GEOSURE PROTECTION PLAN

GEOSURE PROTECTION PLAN GEOSURE PROTECTION PLAN I. SCOPE/INTRODUCTION The GeoSure Protection Plan is designed to provide protection against economic loss resulting from specific types of risks associated with certain SSL Certificates

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

Equens Certificate Policy

Equens Certificate Policy Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)

More information

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU

More information

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

Certification Authority means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates. QUICKSSL PREMIUM(tm) SUBSCRIBER AGREEMENT Please read the following agreement carefully. By submitting an application to obtain a QuickSSL Premium(tm) Certificate and accepting and using such certificate,

More information

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT Document Classification: Public Version Number: 1.5 Issue Date: June 11, 2015 Copyright 2015 National Center for Digital Certification, Kingdom of Saudi Arabia.

More information

3.Practices and procedures. v 1.1 05.12.2014

3.Practices and procedures. v 1.1 05.12.2014 v 1.1 05.12.2014 3.Practices and procedures DOMENY.PL Ltd / DOMENY.PL sp. z o.o. Marcika 27 30-443 Krakow, Poland tel.: (+48) 12 296 36 63 fax: (+48) 12 395 33 65 hotline / infolinia: (+48) 501 DOMENY

More information

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is. Trustwave Subscriber Agreement for Digital Certificates Ver. 11JUL14 PLEASE READ THIS AGREEMENT AND THE TRUSTWAVE CERTIFICATION PRACTICES STATEMENTS ( CPS ) CAREFULLY BEFORE USING THE CERTIFICATE ISSUED

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

ODETTE CA Subscriber Agreement for Certificates

ODETTE CA Subscriber Agreement for Certificates ODETTE CA Subscriber Agreement for Certificates ODETTE Subscriber Agreement for Certificates 3 Table of Contents 1 ODETTE CA Subscriber Agreement for Certificates... 5 2 Definitions... 5 2.1 Digital Certificate...

More information

Subscriber Agreement for (a) the e-id Account and (b) the Certificates within the National Electronic Identity Card

Subscriber Agreement for (a) the e-id Account and (b) the Certificates within the National Electronic Identity Card Subscriber Agreement for (a) the e-id Account and (b) the Certificates within the National Electronic Identity Card Subscribers must carefully read the terms and conditions in this Subscriber Agreement

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Post.Trust Certificate Authority

Post.Trust Certificate Authority Post.Trust Certificate Authority Certification Practice Statement CA Policy and Procedures Document Issue date: 03 April 2014 Version: 2.7.2.1 Release Contents DEFINITIONS... 6 LIST OF ABBREVIATIONS...

More information

APPLICATION FOR DIGITAL CERTIFICATE

APPLICATION FOR DIGITAL CERTIFICATE Application ID Number (For Official Use only) APPLICATION FOR DIGITAL CERTIFICATE Instructions: 1. Please fill the form in BLOCK LETTERS ONLY. 2. All fields are mandatory. 3. Present one (1) copy and the

More information

Land Registry. Version 4.0 10/09/2009. Certificate Policy

Land Registry. Version 4.0 10/09/2009. Certificate Policy Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2

More information

ARTL PKI. Certificate Policy PKI Disclosure Statement

ARTL PKI. Certificate Policy PKI Disclosure Statement ARTL PKI Certificate Policy PKI Disclosure Statement Important Notice: This document (PKI Disclosure Statement, PDS) does not by itself constitute the Certificate Policy under which Certificates governed

More information

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 1.5

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 1.5 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 1.5 Effective Date: 13 August 2012 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT TABLE of CONTENTS 1. INTRODUCTION VERSION 1.5 EFFECTIVE DATE:

More information

The Contract Signer (as hereinafter defined) is duly authorized by the Applicant to bind the Applicant to this Agreement is (as stated above).

The Contract Signer (as hereinafter defined) is duly authorized by the Applicant to bind the Applicant to this Agreement is (as stated above). Subscriber Agreement for Certificates PLEASE READ THIS AGREEMENT AND MICROS CERTIFICATION PRACTICES STATEMENTS ("CPS") CAREFULLY BEFORE USING THE CERTIFICATE ISSUED TO YOUR ORGANIZATION. BY USING THE CERTIFICATE,

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

Vodafone Group Certification Authority Test House Subscriber Agreement

Vodafone Group Certification Authority Test House Subscriber Agreement Vodafone Group Certification Authority Test House Subscriber Agreement Publication Date: 12/05/09 Copyright 2009 Vodafone Group Table of Contents Vodafone Group Certification Authority Test House Subscriber

More information

Amazon Trust Services Certificate Subscriber Agreement

Amazon Trust Services Certificate Subscriber Agreement Amazon Trust Services Certificate Subscriber Agreement This Certificate Subscriber Agreement (this Agreement ) is an agreement between Amazon Trust Services, LLC ( ATS, we, us, or our ) and the entity

More information

SYMANTEC TRUST NETWORK RELYING PARTY AGREEMENT FOR SSL CERTIFICATES

SYMANTEC TRUST NETWORK RELYING PARTY AGREEMENT FOR SSL CERTIFICATES SYMANTEC TRUST NETWORK RELYING PARTY AGREEMENT FOR SSL CERTIFICATES SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES, INCLUDING GEOTRUST AND THAWTE ( COMPANY ) IS WILLING TO PROVIDE THE SERVICES TO YOU AS

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

(This agreement is in rich text format and appears in a scrolling text box once you ve reached https://orgcert-renewal.equifax.com/orgcerts/...

(This agreement is in rich text format and appears in a scrolling text box once you ve reached https://orgcert-renewal.equifax.com/orgcerts/... (This agreement is in rich text format and appears in a scrolling text box once you ve reached https://orgcert-renewal.equifax.com/orgcerts/...) Equifax Subscriber Agreement This Agreement is between the

More information

Mid Carolina CU Internet Online Banking Services Terms and Conditions

Mid Carolina CU Internet Online Banking Services Terms and Conditions Mid Carolina CU Internet Online Banking Services Terms and Conditions This Agreement is the contract which covers your and our rights and responsibilities concerning the Home Banking services offered to

More information

GlobalSign Subscriber Agreement for DomainSSL Certificates

GlobalSign Subscriber Agreement for DomainSSL Certificates GlobalSign Subscriber Agreement for DomainSSL Certificates Version 1.3 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU OR YOUR ORGANISATION. BY USING THE DIGITAL

More information

In the Agreement, "we", us" and "our" refer to Computerisms. "you" or "your" refers to the Client.

In the Agreement, we, us and our refer to Computerisms. you or your refers to the Client. Web Hosting Agreement! This Agreement covers the terms and conditions under which Computerisms provides web-hosting services to the agreeing party. As an organization or individual applying for web-hosting

More information

NetSure Certificate means any of the types of Certificates that are subject to this Plan, as listed in Appendix A, List of Covered Services.

NetSure Certificate means any of the types of Certificates that are subject to this Plan, as listed in Appendix A, List of Covered Services. THIS EXTENDED WARRANTY PROTECTION PLAN ( Plan ) is provided by Symantec Corporation ( Symantec ) to NetSure Subscribers identified below. NetSure Subscribers holding Symantec Trust Network, Thawte, GeoTrust,

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER

More information

ING Public Key Infrastructure Technical Certificate Policy

ING Public Key Infrastructure Technical Certificate Policy ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING

More information

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document:

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document: Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement In this document: Company refers to the hospital, hospital group, or other entity that has been pre- registered by

More information

Comodo Certification Practice Statement

Comodo Certification Practice Statement Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the

More information

EBIZID CPS Certification Practice Statement

EBIZID CPS Certification Practice Statement EBIZID EBIZID CPS Certification Practice Statement Version 1.02 Contents 1 General 7 1.1 EBIZID 7 1.2 Digital Certificates 7 1.3 User Interaction for Selecting a Certification Service 7 1.4 EBIZID Registration

More information

Government CA Government AA. Certification Practice Statement

Government CA Government AA. Certification Practice Statement PKI Belgium Government CA Government AA Certification Practice Statement 2.16.56.1.1.1.3 2.16.56.1.1.1.3.2 2.16.56.1.1.1.3.3 2.16.56.1.1.1.3.4 2.16.56.1.1.1.6 2.16.56.1.1.1.6.2 2.16.56.9.1.1.3 2.16.56.9.1.1.3.2

More information

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US)

GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US) GlobalSign Subscriber Agreement for PersonalSign and DocumentSign for Adobe CDS Certificates Combined Agreement for epki (US) Version 1.1 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

RapidSSL SSL Certificate Subscriber Agreement

RapidSSL SSL Certificate Subscriber Agreement RapidSSL SSL Certificate Subscriber Agreement YOU MUST READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A RAPIDSSL, RAPIDSSL ENTERPRISE OR FREESSL CERTIFICATE

More information

Authorized Subscribers

Authorized Subscribers Authorized Subscribers Obtaining a Digital Certificate following receipt of your Authorized Subscriber Membership number Instructions: April, 2013 Following the acceptance of your application to become

More information

FREESSL SUBSCRIBER AGREEMENT

FREESSL SUBSCRIBER AGREEMENT FREESSL SUBSCRIBER AGREEMENT PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY. BY SUBMITTING AN ENROLLMENT FORM TO OBTAIN A FREESSL DIGITAL CERTIFICATE (THE CERTIFICATE ) AND ACCEPTING AND USING SUCH CERTIFICATE,

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf

More information

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as

More information

Vodafone Group CA Automated Code- Signing Certificate Policy

Vodafone Group CA Automated Code- Signing Certificate Policy Vodafone Group CA Automated Code- Signing Certificate Policy Publication Date: 05/05/09 Copyright 2009 Vodafone Group Table of Contents Acknowledgments...1 1. INTRODUCTION...2 1.1 Overview...3 1.2 Document

More information

Vodafone Group CA Web Server Certificate Policy

Vodafone Group CA Web Server Certificate Policy Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name

More information

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...

More information

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation

NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation NASH PKI Certificate for Healthcare Provider Organisations renewal confirmation Please send your completed renewal confirmation to: Department of Human Services Fax number: 1800 890 698 Number of pages

More information

RapidSSL SSL Certificate Subscriber Agreement

RapidSSL SSL Certificate Subscriber Agreement RapidSSL SSL Certificate Subscriber Agreement YOU MUST READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A RAPIDSSL OR FREESSL CERTIFICATE (COLLECTIVELY A

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Version 2.0 Effective Date: October 1, 2006 Continovation Services Inc. (CSI) Certification Practice Statement 2006 Continovation Services Inc. All rights reserved. Trademark

More information

ComSign Ltd. TM. Security Certificate Approval Regulations For SSL Websites (CPS)

ComSign Ltd. TM. Security Certificate Approval Regulations For SSL Websites (CPS) ComSign Ltd. TM Security Certificate Approval Regulations For SSL Websites (CPS) Version 1.2 Publication date: [14/12/2008 ] Recommended effective date: [14/12/2008] ComSign Building 4, Kiryat Atidim,

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

SSL.com Certification Practice Statement

SSL.com Certification Practice Statement SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com

More information

EuropeanSSL Secure Certification Practice Statement

EuropeanSSL Secure Certification Practice Statement EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE

More information

SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement

SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement SYMANTEC ECA SUBSCRIBER AGREEMENT External Certification Authority Subscriber Agreement YOU MUST READ THIS EXTERNAL CERTIFICATION AUTHORITY SUBSCRIBER AGREEMENT ( SUBSCRIBER AGREEMENT ) BEFORE APPLYING

More information

Capitalized terms not defined below shall have the meaning given to them in the applicable CP/CPS, unless the context requires otherwise.

Capitalized terms not defined below shall have the meaning given to them in the applicable CP/CPS, unless the context requires otherwise. HydrantID SSL Certificate Services Agreement HYDRANTID SSL CERTIFICATE SERVICES AGREEMENT THIS HYDRANTID CERTIFICATE SERVICES AGREEMENT ( AGREEMENT ) IS ENTERED INTO BETWEEN HYDRANTID AND THE ENTITY YOU

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information

Citizen CA Certification Practice statement

Citizen CA Certification Practice statement Citizen CA Certification Practice statement OID: 2.16.56.1.1.1.2.2 OID: 2.16.56.1.1.1.2.1 VERSION: 1.1 1/56 Table of Contents 1 INTRODUCTION 5 1.1 PRELIMINARY WARNING 5 1.1.1 Trusted Entities ruled by

More information

Compromise shall mean a loss, theft, disclosure, modification, unauthorized use, or other compromise of the security of a private key.

Compromise shall mean a loss, theft, disclosure, modification, unauthorized use, or other compromise of the security of a private key. VeriSign Class 3 Organizational Certificate Subscriber Agreement [Secure Server ID, Global Server ID and Shared Hosting Encryption ID (Shared Certification)] YOU MUST READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER

More information

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT Page 1 of 6 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf

More information

ENOM, INC. REGISTRATION AGREEMENT

ENOM, INC. REGISTRATION AGREEMENT ENOM, INC. REGISTRATION AGREEMENT This Registration Agreement ("Agreement") sets forth the terms and conditions of your use of enom, Inc.'s ("enom") domain name registration services to register an Internet

More information

ONLINE BANKING ENROLLMENT FORM. Customer Information. Security and Identification Information. Bank Use

ONLINE BANKING ENROLLMENT FORM. Customer Information. Security and Identification Information. Bank Use ONLINE BANKING ENROLLMENT FORM Complete a separate form for each user Please print this Application and Terms & Conditions and fill out completely. If you have any questions about these forms, call one

More information

First Northern Bank and Trust Co. Business Online Banking Application

First Northern Bank and Trust Co. Business Online Banking Application First Northern Bank and Trust Co. Business Online Banking Application Company Name Tax ID: Address City State ZipCode Contact Name Title Phone # Email Address Fax # Please select the following services

More information

Forms Packet Copyright 2013

Forms Packet Copyright 2013 Forms Packet Copyright 2013 ACES Print only what is needed The instructions and terms/conditions must be read but do not need to be printed. Please print only the pages you need to send to IdenTrust. For

More information

DigiCert Certification Practice Statement

DigiCert Certification Practice Statement DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,

More information

General Terms and Conditions of Use of Fina s e-invoice Internet Service

General Terms and Conditions of Use of Fina s e-invoice Internet Service General Terms and Conditions of Use of Fina s e-invoice Internet Service 1.0. Introduction and Definition of Terms 1.1. These General Terms and Conditions of Use of Fina s e-invoice Internet Service (hereinafter:

More information

TC TrustCenter GmbH Certification Practice Statement and Certificate Policy for Qualified Certificates

TC TrustCenter GmbH Certification Practice Statement and Certificate Policy for Qualified Certificates GmbH Certification Practice Statement and Certificate Policy Version 1.0 of June 11 th, 2007 NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This Certification

More information

TERMS OF USE 1 DEFINITIONS

TERMS OF USE 1 DEFINITIONS 1 DEFINITIONS In these Terms of Use a) CDA shall mean Common Data Access Limited, a company registered in England and Wales whose registered office is at 6th Floor East, Portland House, Bressenden Place,

More information

These TERMS AND CONDICTIONS (this Agreement ) are agreed to between InfluencersAtWork,

These TERMS AND CONDICTIONS (this Agreement ) are agreed to between InfluencersAtWork, TERMS AND CONDITIONS INFLUENCERS AT WORK These TERMS AND CONDICTIONS (this Agreement ) are agreed to between InfluencersAtWork, Ltd. ( InfluencerAtWork ) and you, or if you represent a company or other

More information

1. Definitions: The capitalized terms used in this Agreement shall have the following meanings unless otherwise specified:

1. Definitions: The capitalized terms used in this Agreement shall have the following meanings unless otherwise specified: Subscriber Agreement for ISP Certificate Request YOU, THE INTERNET SERVICE PROVIDER, MUST READ THIS SUBSCRIBER AGREEMENT ("AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A thawte SSL SERVER CERTIFICATE

More information

Eskom Registration Authority Charter

Eskom Registration Authority Charter REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11

More information

Transnet Registration Authority Charter

Transnet Registration Authority Charter Registration Authority Charter Version 3.0 is applicable from Effective Date Inyanda House 21 Wellington Road Parktown, 2193 Phone +27 (0)11 544 9368 Fax +27 (0)11 544 9599 Website: http://www.transnet.co.za/

More information

Domain Registration Agreement

Domain Registration Agreement Domain Registration Agreement IF YOU ACCEPT THIS AGREEMENT WITHOUT READING IT IN ITS ENTIRETY YOU ARE STILL BOUND BY THIS AGREEMENT IN ITS ENTIRETY 1. AGREEMENT. In this Registration Agreement ("Agreement")

More information

.US Locality Domain Name Registration Terms and Conditions

.US Locality Domain Name Registration Terms and Conditions .US Locality Domain Name Registration Terms and Conditions 1. Introduction. This.US Locality Domain Name Registration Terms and Conditions document (the Terms & Conditions ), by and between you ( You or

More information

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

PLANTTOGETHER REFERRAL PARTNER AGREEMENT. Updated: January 1, 2015

PLANTTOGETHER REFERRAL PARTNER AGREEMENT. Updated: January 1, 2015 PLANTTOGETHER REFERRAL PARTNER AGREEMENT Updated: January 1, 2015 Welcome to PlanetTogether s online referral program (the Referral Program ) provided by PlanetTogether, Inc. a California corporation with

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

TERMS AND CONDITIONS FOR THE USE OF SINGAPORE POWER SUPPLIER RELATIONSHIP MANAGEMENT SYSTEM (SPSRM)

TERMS AND CONDITIONS FOR THE USE OF SINGAPORE POWER SUPPLIER RELATIONSHIP MANAGEMENT SYSTEM (SPSRM) SINGAPORE POWER SUPPLIER RELATIONSHIP MANAGEMENT SYSTEM (SPSRM) Contents 1 Definitions... 3 2 Singapore Power Supplier Relationship Management System (SPSRM)... 5 3 Security, Access and Use of SPSRM...

More information

GeoTrust SSL Certificate Subscriber Agreement

GeoTrust SSL Certificate Subscriber Agreement PLEASE READ FIRST: If you are accessing this document to view the archived version, please continue. If you were directed to this document for a new/renewal certificate issuance, please go to the current

More information

Certificate Policy and Certification Practice Statement

Certificate Policy and Certification Practice Statement DigiCert Certificate Policy and Certification Practice Statement DigiCert, Inc. Version 3.03 March 15, 2007 333 South 520 West Lindon, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com

More information

.uk Registration Agreement

.uk Registration Agreement 1/6.uk Registration Agreement In order that a party may hold a valid.co.uk or.org.uk domain name registration, Tucows Inc. requires that all registrants adhere to certain terms and conditions. As an organization

More information

Conditions of Supply of Internet Services

Conditions of Supply of Internet Services Conditions of Supply of Internet Services Terms and Conditions for domain name registrations Print this page. The Kirby Group Registration Agreement In this registration agreement ('Agreement'), the terms

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

ISSUANCE AND MANAGEMENT POLICY FOR. Spektar Org Universal Certificate

ISSUANCE AND MANAGEMENT POLICY FOR. Spektar Org Universal Certificate ISSUANCE AND MANAGEMENT POLICY FOR Revision 2.1 Spektar AD 11A Carnegie street 1000 Sofia, Bulgaria phone: + 359 2 9699 200 fax: + 359 2 9699 255 http://www.spektar.org 1/15 CONTENT 1. Description of the

More information

TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING

TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING In this document, the following words and phrases shall have the meanings set out below unless indicated otherwise. You should read every

More information

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series User Guide Supplement S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series SWD-292878-0324093908-001 Contents Certificates...3 Certificate basics...3 Certificate status...5 Certificate

More information

BUSINESS ONLINE BANKING AGREEMENT

BUSINESS ONLINE BANKING AGREEMENT BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank

More information

TRADE AND INDUSTRY DEPARTMENT

TRADE AND INDUSTRY DEPARTMENT Print Director-General of Trade and Industry Strategic Trade Controls Branch Trade and Industry Department Trade and Industry Tower 3 Concorde Road, Kowloon City Hong Kong TRADE AND INDUSTRY DEPARTMENT

More information