to the certification service provider that may significantly affect the validity or
reliability of the certificate.
(9) A certification service provider shall log and keep in a secure manner the date
and time of all transactions relating to the issuance of a certificate.
(10) Where a certification service provider issues an additional certificate to a
person on the basis of a valid certificate held by the same person and subsequently
the original certificate is suspended or revoked, the certification service provider
shall investigate and determine whether the new certificate should also be
suspended or revoked.
10. Obligations of a subscriber.
(1) Where a subscriber has accepted a certificate, the subscriber shall generate a
key pair by applying the relevant security procedure.
(2) A subscriber shall be deemed to have accepted a certificate if he publishes or
authorizes the publication of the certificate to any person, in a repository; or
otherwise demonstrates his acceptance.
(3) A subscriber certifies, by accepting a certificate, to all who wish to reasonably
rely on the information contained in the certificate that—
(a) The subscriber holds and is entitled to hold the private key corresponding to the
public key listed in the certificate;
(b) All representations made by the subscriber to the certification service provider
and all the information contained in the certificate are true; and
(c) All information in the certificate is within the knowledge of the subscriber is
true.
(4) Every subscriber shall exercise reasonable care to retain control of the private
key corresponding to the public key listed in his certificate and take the necessary
steps to prevent its disclosure to any person who is not authorized to affix the
advanced electronic signature of the subscriber.
(5) In the event that the subscriber becomes aware that the private key has been
compromised, the subscriber shall, notify the certification service provider of such
compromise within twenty four hours.