Common use of Subscriber’s Obligations Clause in Contracts

Subscriber’s Obligations. The Subscriber’s obligations are: • The application details provided by the Subscriber shall be truthful, accurate, and not misleading. Failure by a subscriber to comply, or to promptly correct inaccurate in- formation will result in revocation of the certificate. • Review and verify the Certificate contents for accuracy • The key pair is only used in accordance with the above limitations. • Reasonable care is exercised to avoid unauthorized use of the Subscribers Private Key. • The Subscriber handles a User-ID, Password or PIN, which can be used to access the ATC’s Webservice and which give access to the Private Key. The Subscriber shall treat this information – including the Private Key itself - as confidential and keep it secret. • The Subscriber shall notify the ATC, without any unreasonable delay, if o any of the above described violations occur up to the end of the validity period indicated in the Certificate, or o the Subscribers Private Key – or the control over it - has been potentially or actually lost, stolen or compromised, or o certificate(s) issued to him by the ATC became compromised. o it is discovered that Code submitted to the Signing Service for Code Signature contained Suspect Code. • If the Subscriber Certificate is use for a high-traffic FQDN, the Subscriber has to “sta- ple” the OCSP response for the Certificate in its TLS handshake, see RFC4366 • The Subscriber shall promptly cease all use of the Private Key corresponding to the Public Key included in the Certificate upon expiration or revocation of the Certificate. • The Subscriber uses the Certificate and associated Private Key only for authorized and legal purposes, including not using the Certificate to sign Suspect Code and to use the Certificate and Private Key solely in compliance with all applicable laws and solely in accordance with the Subscriber Agreement or Terms of Use. If subscriber and certificate owner are different persons or subjects, the subscriber has to inform the certificates owner about his duties.

Subscriber’s Obligations. The Subscriber’s obligations are: •  The application details provided by the Subscriber shall be truthful, accurate, and not misleading. Failure by a subscriber to comply, or to promptly correct inaccurate in- formation will result in revocation of the certificate. •  Review and verify the Certificate contents for accuracy •  The key pair is only used in accordance with the above limitations. •  Reasonable care is exercised to avoid unauthorized use of the Subscribers Private Key. •  The Subscriber handles a User-ID, Password or PIN, which can be used to access the ATC’s Webservice and which give access to the Private Key. The Subscriber shall treat this information – including the Private Key itself - as confidential and keep it secret. •  The Subscriber shall notify the ATC, without any unreasonable delay, if o any of the above described violations occur up to the end of the validity period indicated in the Certificate, or o the Subscribers Private Key – or the control over it - has been potentially or actually lost, stolen or compromised, or o certificate(s) issued to him by the ATC became compromised. o it is discovered that Code submitted to the Signing Service for Code Signature contained Suspect Code. •  If the Subscriber Certificate is use for a high-traffic FQDN, the Subscriber has to “sta- ple” the OCSP response for the Certificate in its TLS handshake, see RFC4366 • The Subscriber shall promptly cease all use of the Private Key corresponding to the Public Key included in the Certificate upon expiration or revocation of the Certificate. • The Subscriber uses the Certificate and associated Private Key only for authorized and legal purposes, including not using the Certificate to sign Suspect Code and to use the Certificate and Private Key solely in compliance with all applicable laws and solely in accordance with the Subscriber Agreement or Terms of Use. If subscriber and certificate owner are different persons or subjects, the subscriber has to inform the certificates owner about his duties.

Subscriber’s Obligations. The Subscriber’s obligations are: • The application details provided by the Subscriber shall be truthful, accurate, and not misleading. Failure by a subscriber to comply, or to promptly correct inaccurate in- formation infor- mation will result in revocation of the certificate. • Review and verify the Certificate contents for accuracy accuracy. • The key pair is only used in accordance with the above limitations. • Reasonable care is exercised to avoid unauthorized use of the Subscribers Private Key. • The Subscriber handles a User-ID, Password or PIN, which can be used to access the ATC’s Webservice and which give access to the Private Key. The Subscriber shall treat this information – including the Private Key itself - as confidential and keep it secret. • The Subscriber shall notify the ATC, without any unreasonable delay, if o any of the above described violations occur up to the end of the validity period indicated in the Certificate, or o the Subscribers Private Key – or the control over it - has been potentially or actually lost, stolen or compromised, or o certificate(s) issued to him by the ATC became compromised. o it is discovered that Code submitted to the Signing Service for Code Signature contained Suspect Code. • If the Subscriber Certificate is use for a high-traffic FQDN, the Subscriber has to “sta- ple” the OCSP response for the Certificate in its TLS handshake, see RFC4366 RFC4366. • The Subscriber shall promptly cease all use of the Private Key corresponding to the Public Key included in the Certificate upon expiration or revocation of the Certificate. • The Subscriber uses the Certificate and associated Private Key only for authorized and legal purposes, including not using the Certificate to sign Suspect Code and to use the Certificate and Private Key solely in compliance with all applicable laws and solely in accordance with the Subscriber Agreement or Terms of Use. If subscriber and certificate owner are different persons or subjects, the subscriber has to inform in- form the certificates owner about his duties.