(b) The process of generating key pairs by the subscribers or the licensed
certification service provider;
(c) The administration of its computing facilities; and
(d) Such other information as may be determined by the Commission from time to
time.
(2) A certification service provider may keep its records in paper- based form,
electronic form or any other form approved by the Commission from time to time.
(3) A certification service provider shall index, store, and preserve the records kept
under paragraph (2) in a form that the records may be reproduced in an accurate,
complete, legible manner and a manner accessible to the Commission or to any
authorized officer.
(4) A certification service provider shall retain copies of all the certificates it has
issued and preserve them so that they shall be accessible for a period of not less
than seven years.
(5) A certification service provider shall retain all records required to be kept under
paragraph (1) and all the logs of the creation of the archive of certificates required
under paragraph (3) for a period of not less than seven years.
9. Issuance of certificates.
(1) A certification service provider certificate shall issue a certificate containing —
(a) Information identifying the certification service provider;
(b) Information identifying the signature owner;
(c) signature-verification data which corresponds to signature- creation data;
(d) The commencement and expiry date of the certificate;
(e) Information regarding the authorization of the subscriber, if a subscriber is
acting on behalf of another person;