(2)
26.
(c)
notice of the revocation or suspension of its certification authority certificate;
and
(d)
any other fact that materially and adversely affects either the reliability of a
certificate that the authority has issued, or the authority's ability to carry out
its obligations.
In the event of an occurrence that materially and adversely affects a certification
authority’s trustworthy system or its certification authority certificate, the certification
authority shall(a)
notify any person who is known to be or foreseeably will be affected by that
occurrence; or
(b)
act in accordance with procedures governing such an occurrence specified
in its certification practice statement.
Issuing of certificate
(1)
(2)
A certification authority may only issue a certificate to a prospective subscriber
where it has (a)
received a request to that effect from the prospective subscriber; and
(b)
complied with (i)
where it has a certification practice statement, all the practices and
procedures set forth in the certification practice statement including
procedures regarding identification of the prospective subscriber; or
(ii)
in the absence of a certification practice statement, the conditions in
subsection (2).
In the absence of a certification practice statement, the certification authority may
only issue a certificate to a prospective subscriber where it has ascertained that (a)
the prospective subscriber is the person to be referred to in the certificate to
be issued;
(b)
in case the prospective subscriber is acting through an agent, the subscriber
authorised the agent to have custody of the subscriber's private key and to
request the issue of a certificate setting out the corresponding public key;
(c)
the information in the certificate to be issued is accurate;
(d)
the prospective subscriber rightfully holds the private key corresponding to
the public key to be referred to in the certificate;
(e)
the prospective subscriber holds a private key capable of creating a digital
signature; and