Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002)Accreditation RegulationsChapter III : Requirements for certification service providers21. Suspension and revocation of certificates |
| (1) | Unless a certification service provider and a subscriber agree otherwise, the certification service provider must suspend a certificate with immediate effect upon receiving a request to do so from the subscriber listed in the certificate or a person duly authorised to act for that subscriber. |
| (2) | The certification service provider must revoke any certificate that it issued— |
| (a) | after receiving a request for revocation from a subscriber named in the certificate and confirming that the person requesting the revocation is the subscriber or an agent of the subscriber with authority to request the revocation; |
| (b) | after receiving a certified copy of the subscriber's death certificate; or |
| (c) | upon presentation of documentary proof that a subscriber that is a Iegal person has been wound up or deregistered or has ceased to exist. |
| (3) | A certification service provider must revoke a certificate, regardless of whether the subscriber listed in the certificate consents, if after verification— |
| (a) | a material fact represented in the certificate is found to be false; |
| (b) | a requirement for the issuing of the certificate wa--s not satisfied; |
| (c) | the certification service provider's private key or trustworthy system was compromised in a manner that materially affects the reliability of the certificate; or |
| (d) | a subscriber has breached a subscriber agreement with the certification service provider. |
| (4) | Upon effecting a revocation contemplated in sub-regulation (3), the certification service provider must immediately notify the subscriber listed in the revoked certificate and publish the revocation in its repository. |