P.U.(A) 359/98
DIGITAL SIGNATURE REGULATIONS 1998
PART VI - REGULATION OF CERTIFICATION PRACTICE
Regulation 38. Issue of certificate.
(1) On receipt of an application under regulation 37, the licensed certification authority shall consider the application.
(2) If the licensed certification authority is satisfied as to the identity of the subscriber, the licensed certification authority may issue a certificate to the subscriber, with or without conditions, or refuse the certificate.
(3) A certificate issued by a licensed certification authority under subregulation (2) shall contain or incorporate by reference the following particulars:
(a) a statement that the type of the certificate is in accordance with this regulation;
(b) the licence number, the date and time of the issue, and the date and time of the expiry, of its licence;
(c) the serial number of the certificate, that must be unique among the certificates issued by the licensed certification authority;
(d) a statement whether the certificate is a transactional certificate;
(e) the name by which the subscriber is generally known or the pseudonym to be used;
(f) the distinguished name of the subscriber;
(g) the public key corresponding to the subscriber's private key;
(h) an identifier of the algorithms with which the subscriber's public key is intended to be used;
(i) the date and time on which the certificate is issued and accepted;
(j) the date and time on which the certificate expires;
(k) the distinguished name of the licensed certification authority issuing the certificate;
(l) an identifier of the algorithm or algorithms used to sign the certificate, in the form generally accepted in the subscriber's industry;
(m) the recommended reliance limit of the certificate;
(n) either the distinguished name of the repository designated for publication of notice of revocation or suspension of the certificate, or a specification of the method by which notice of revocation or suspension of the certificate is to be given; and
(o) a statement indicating the location of the licensed certification authority's certification practice statement, the method or procedure by which it may be retrieved, its form and structure, its authorship and its date.
(4) A certificate issued by a licensed certification authority under subregulation (2) may, at the option of the subscriber and the licensed certification authority, contain or incorporate by reference all or any of the following particulars:
(a) one or more additional, secondary public keys;
(b) identifiers or usage indicators related to public keys;
(c) references incorporating any applicable certification practice statements;
(d) any other available documents material to the certificate, the issuing licensed certification authority or the accepting subscriber.
(5) The data in a certificate shall be in such form as the Controller may determine.
(6) A certificate shall be digitally signed by the issuing licensed certification authority.
(7) The licensed certification authority shall keep and maintain a Register of Certificates containing a list of the certificates issued by it in such form as the Controller may determine.
(8) If the licensed certification authority refuses a certificate under subregulation (2), the licensed certification authority shall immediately notify the applicant in writing and shall immediately refund the approved fee.
(9) The licensed certification authority may classify the certificates issued by it according to designated levels of trust and may issue certificates according to such classification.
