DUTIES OF SUBSCRIBERS
—(1) If the subscriber generates the key pair whose public key is to be listed in a certificate issued by a certification authority and accepted by the subscriber, the subscriber shall generate that key pair using a trustworthy system.
(2) This section shall not apply to a subscriber who generates the key pair using a system approved by the certification authority.
37. All material representations made by the subscriber to a certification authority for purposes of obtaining a certificate, including all information known to the subscriber and represented in the certificate, shall be accurate and complete to the best of the subscriber’s knowledge and belief, regardless of whether such representations are confirmed by the certification authority.
—(1) A subscriber shall be deemed to have accepted a certificate if he —
publishes or authorises the publication of a certificate —
to one or more persons; or
in a repository; or
otherwise demonstrates approval of a certificate while knowing or having notice of its contents.
(2) By accepting a certificate issued by himself or a certification authority, the subscriber listed in the certificate certifies to all who reasonably rely on the information contained in the certificate that —
the subscriber rightfully holds the private key corresponding to the public key listed in the certificate;
all representations made by the subscriber to the certification authority and material to the information listed in the certificate are true; and
all information in the certificate that is within the knowledge of the subscriber is true.
—(1) By accepting a certificate issued by a certification authority, the subscriber identified in the certificate assumes a duty to exercise reasonable care to retain control of the private key corresponding to the public key listed in such certificate and prevent its disclosure to a person not authorised to create the subscriber’s digital signature.
(2) Such duty shall continue during the operational period of the certificate and during any period of suspension of the certificate.
40. A subscriber who has accepted a certificate shall as soon as possible request the issuing certification authority to suspend or revoke the certificate if the private key corresponding to the public key listed in the certificate has been compromised.