Suspension of
Certificates
11.
1) This regulation shall apply to Certification Service
Providers that allow subscribers to request for suspension
of certificates.
2) Certification Service Providers shall maintain facilities to
receive and act upon requests for suspension at all times
of the day and on all days of every year.
3) The subscriber identity verification method employed for
suspension of certificates shall be specified in the
certification practice statement.
4) The Certification Service Provider shall, upon receiving
a valid request for suspension of a certificate, ensure that
the certificate is suspended and notice of the suspension
is published in the repository.
Provided that where a request for suspension is received
but a Certification Service Provider considers that
revocation is justified in the light of all the evidence
available to it, the Certificate Service Provider may
revoke the certificate instead.
5) A Certification Service Provider may, regardless of the
subscriber’s consent, suspend a certificate that it has
issued if it has reasonable grounds to believe that the
certificate is unreliable.
Provided that the Certification Service Provider shall
conduct and complete its investigation into the reliability
of the certificate and decide within a reasonable time
whether to reinstate or to revoke the certificate.
6) It shall be the responsibility of relying parties to check
the status of certificates they wish to rely upon.
7) A Certification Service Provider shall confirm with the
subscriber or his authorised agent whether to reinstate or
revoke the certificate after suspension.
8) A Certification Service Provider shall, within a
reasonable time, terminate a suspension initiated by
request, upon discovery and confirmation that the request
for suspension was made without due authorisation of the
subscriber.
9) Where the suspension of a certificate leads to revocation
of the certificate, the requirements for revocation in
9