ELECTRONIC TRANSACTIONS ACT, 2001

(Act 8 of 2001)

Part VII
Digital Signature Certificates

34(I) Any person may make an application to any Certifying Authority for the issue of a Digital Signature Certificate.

(2) Every such application shall be accompanied by such fee as may be prescribed.

(3) Every such application shall be accompanied by a certification practice statement or, where there is no such statement a statement containing such particulars as may be prescribed.

(4) On receipt of an application under subsection (I), the Certifying Authority may, after consideration of the certification practice statement or the other statement under subsection (3) and alter making such enquiries as it may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in writing, reject the application:

Provided that, no application shall be rejected unless the applicant has been given a reasonable opportunity of showing cause against the proposed rejection.

(5) No digital Signature Certificate shall be granted unless the Certifying Authority is satisfied that—

(a) the applicant holds the private key corresponding to the public key to be listed in the Digital Signature Certificate;

(b) the applicant holds a private key which is capable of creating a digital signature;

(c) the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the applicant

35. A Certifying Authority while issuing a Digital Signature Certificate shall certify that -

(a) it has complied with the provisions of this Act and regulations made thereunder;

(b) it has published the Digital Signature Certificate or otherwise made it available to persons relying on it and the subscriber has accepted it;

(c) the subscriber holds the private key corresponding to the public key listed in the Digital Signature Certificate;

(d) the subscriber's public key and private key constitute a functioning key pair;

(e) the information contained in the Digital Signature Certificate is accurate; and

(f) it has no knowledge of any material fact which, fit had been included in the Digital Signature Certificate, would adversely affect the reliability of the representations made under paragraphs (a) to (d).

36. (I) Subject to the provisions of subsection (2). the Certifying Authority which has issued a Digital Signature Certificate may suspend such Digital Signature Certificate —

(a) on receipt of a request to that effect from—

(i) the subscriber listed in the Digital Signature Certificate; or

(ii) any person duly authorised to act on behalf of that subscriber:

(b) if it is of opinion that the Digital Signature Certificate should be suspended in the public interest.

(2) A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days unless the subscriber has been given an opportunity of being heard in the matter.

(3) The Certifying Authority shall communicate any suspension of a Digital Signature Certificate under this section to the subscriber.

37. (I) A Certifying Authority shall revoke a Digital Signature certificate issued by it—

(a) where the subscriber or any other person authorised by the subscriber so requests; or

(b) upon the death of the subscriber; or

(c) where the subscriber is a firm or a company upon, the dissolution of the firm, or winding up of the company as the case may be.

(2) Subject to the provisions of subsection (3) a Certifying Authority may revoke a Digital Signature Certificate issued by tat any time fit is of opinion that—

(a) a material fact represented in the Digital Signature Certificate is false or has been concealed;

(b) a requirement for issuance of the Digital Signature Certificate was not satisfied;

(c) the Certifying Authority's private key or security system was compromised in a manner materially affecting the reliability of the Digital Signature Certificate;

(d) the subscriber has been declared insolvent or dead or where a subscriber is a firm or a company, it has been dissolved, woundup or otherwise has ceased to exit

(3) A Digital Signature Certificate shall not be revoked unless the subscriber has been given an opportunity of being heard in the matter

(4) The Certifying Authority shall communicate any revocation of a digital Signature Certificate under this section to the subscriber.

38. Where a Digital Signature Certificate is suspended or revoked under section 36 or section 37, the Certifying Authority shall publish a notice of such suspension or revocation, as the case may be, in the repository or repositories specified in the Digital Signature Certificate for publication of such notice.