Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)

Accreditation Regulations

Chapter III : Requirements for certification service providers

14. Requirements for issuing certificates

Purchase cart Previous page Return to chapter overview Next page

 

(1)Upon receipt of an application, a certification service provider must—
(a)establish the identity of the person or entity applying for a certificate, which must include face-to-face identification of the subscriber or authorised key holder;
(b)establish and maintain a demonstrable and auditable process to confirm that face-to-face identification was undertaken; and
(c)ensure that the persons performing the face-to-face identification have undergone appropriate training in comparing a subscriber with a photo in an identity document or passport and in identifying fraudulent identity documents and passports.

 

(2)A certification service provider may issue a certificate to any entity or person that has applied for a certificate only after the certification service provider has complied with all of the practices and procedures set forth in the certification service provider's certification practice statement and certificate policy, including procedures regarding face-to-face identification of the prospective subscriber.

 

(3)A certification service provider is deemed to have represented to any person who reasonably relies on the certificate or an advanced electronic signature verifiable by the public key listed in the certificate that the certification service provider has issued the certificate in accordance with the certification service provider's certification practice statement and certificate policy as incorporated by reference into the certificate.

 

(4)Where a certification practice statement and certificate policy have been incorporated by reference into a certificate, the following provisions are deemed to apply to the extent that the representations are not inconsistent with the certification practice statement and certificate policy:
(a)The certification service provider has complied with all applicable requirements of the Act and these regulations in issuing the certificate, and if the certification service provider has published the certificate or otherwise made it available to a person who relies on it the subscriber listed in the certificate has accepted it.
(b)The subscriber identified in the certificate holds the private key corresponding to the public key listed in the certificate.
(c)The subscriber's public key and private key constitute a functioning key pair.
(d)All information in the certificate is accurate unless the certification service provider states in the certificate that the accuracy of specified information has not been confirmed by the certification service provider.
(e)The certification service provider has no knowledge of any material fact that, if included in the certificate, would adversely affect the reliability of the representations in paragraphs (a), (b), (c) and (d).