(1) A licensed or recognized certification service provider shall specify in the
certification practice statements, the subscriber identity verification method
employed for issuing certificates.
(2) In addition to the requirements specified in the Act and these Regulations, a
certification service provider shall comply with the provisions set out in its
certification practice statement for issuing certificates.
(3) The certification practice statement of a certification service provider may
contain conditions with standards higher than the conditions specified in the Act
or these Regulations.
(4) The certification service provider shall provide a reasonable opportunity for
the subscriber to verify the contents of the certificate before it is accepted.
(5) Subject to any agreement to the contrary by the certification service provider
and the subscriber, where a subscriber accepts a certificate, the certification
service provider shall publish a signed copy of the certificate.
(6) Every certificate shall state the date on which it expires.
(7) A certificate issued to a subscriber under this regulation may be renewed at
the request of the subscriber.
20. Suspension or revocation of certificate
(1) A certification service provider shall suspend or revoke a certificate –
(a)
(b)
on the request of the subscriber;
where the certification service provider is satisfied that the certificate is
unreliable;
(c)
where the certificate was issued without complying with the Act or these
Regulations.
(2) Upon receiving a request for suspension or revocation of a certificate by a
subscriber, the certification service provider shall suspend the certificate and
publish a notice of the suspension or revocation.
(3) Upon receiving a request for suspension or revocation of a certificate by a