Revoking SSL certificates. If the Subscriber knows, or has reason to believe, or should have understood that any unauthorised persons have acquired knowledge about the private key, the Subscriber shall immediately take steps to revoke the SSL certificate. The SSL certificate shall be revoked in the event of loss, misuse or suspected misuse. Failure to do so shall be regarded as coarse negligence. The SSL certificate shall also be revoked if the information in the certificate is incorrect or inaccurate. If the SSL certificate is revoked due to one of the reasons listed below (read about revocation reasons on Buypass Web), the reason must be specified when requesting revocation: • the private key is compromised (keyCompromize #1) • the Subscriber’s name or other identity information in the certificate has changed (affiliationChanged #3) • the certificate has been replaced by another certificate (superseded #4) • the certificate contains domain names that are no longer in use or the certificate will no longer be used because the website is no longer operative (cessationOfOperation #5) A reason code (in parentheses) will be included on the CRL/OCSP giving information to relaying parties about the reason for revoking the certificate. If the certificate is revoked for any other reason, no reason code should be specified. For PSD2 QWACs, the certificate shall be revoked if the authorization to act as a PSP has been withdrawn, or any of the PSP roles included in the certificate has been withdrawn. Subscribers may submit revocation requests to Buypass’ revocation service by phone or by contacting the revocation service on Buypass Web. The Contract Signer and Authorized Subscriber Representatives may request certificate revocation on behalf of the Subscriber. The Subscriber must ensure that Authorized Subscriber Representatives are, at any time, able to receive and acknowledge notifications from Buypass regarding any incident that requires certificates to be revoked within 24 hours or 5 days depending on the severity of the incident, and act upon them immediately. In such cases the Subscriber is responsible for replacing affected SSL certificates within the given timeframe to avoid services becoming inaccessible when certificates are revoked. The Subscriber shall stop using the private key immediately when: • the information in the SSL certificate is incorrect or invalid • it is suspected or demonstrated that the private key has been subject to misuse or has been compromised • the SSL certificate has been revoked If it is suspected or demonstrated that the private key has been subject to misuse or has been compromised, the Subscriber shall immediately comply with Buypass' instructions on the use of private keys and SSL certificates. The loss of a private key implies that the Subscriber must apply for a new SSL certificate.
Appears in 1 contract
Sources: Subscriber Agreement
Revoking SSL certificates. If Buypass may revoke an SSL certificate if the Subscriber knows, fails to comply with the terms and conditions contained in this agreement or has reason to believe, if the certificate is used for illegal activities such as phishing or should have understood that any unauthorised persons have acquired knowledge about the private key, the Subscriber shall immediately take steps to fraud or is otherwise misused. Buypass may also revoke the SSL certificate. The an SSL certificate shall be revoked in the event of loss, misuse or suspected misuse. Failure to do so shall be regarded as coarse negligence. The SSL certificate shall also be revoked if the Buypass is made aware that important information in the certificate is incorrect or inaccurateinaccurate or the Subscriber no longer exists. If the SSL certificate is revoked due to one of the for any reasons listed below (read about revocation reasons on Buypass Web)below, the reason must will be specified when requesting revocation: revoking the certificate and included as reason code on CRL and OCSP (see also 4.5): • Buypass obtains evidence that the private key is has been compromised (keyCompromize #1) • Buypass is made aware that the Subscriber’s name or other identity information in the certificate has changed (affiliationChanged #3) • Buypass finds it necessary to revoke the certificate has been replaced by another certificate because it no longer satisfies the requirements stated in the CP/CPS (superseded #4) • Buypass is made aware that the certificate contains domain names that are no longer in allowed to use or the certificate will no longer be used because the website is no longer operative (cessationOfOperation #5) A reason code • Buypass obtains evidence that the certificate has been misused or is made aware of that the Subscriber fails to comply with terms and conditions in this agreement (in parenthesesprivilegeWithdrawn #9) will be included on the CRL/OCSP giving information to relaying parties about the reason for revoking the certificate. If the certificate is revoked for any other reason, no reason code should will be specified. For Buypass may revoke PSD2 QWACs, QWACs based on revocation requests from an NCA identified in the certificate shall be revoked if in case the Subscriber (PSP) has lost its authorization to act as a PSP has been withdrawn, or any of the PSP roles included role in the certificate has been withdrawn. Subscribers may submit revocation requests to Buypass’ revocation service by phone or by contacting the revocation service on Buypass Web. The Contract Signer and Authorized Subscriber Representatives may request certificate revocation on behalf of the Subscriber. The Subscriber must ensure that Authorized Subscriber Representatives are, at any time, able to receive and acknowledge notifications from will be notified when Buypass regarding any incident that requires certificates to be revoked within 24 hours or 5 days depending on the severity of the incident, and act upon them immediately. In such cases the Subscriber is responsible for replacing affected SSL certificates within the given timeframe to avoid services becoming inaccessible when certificates are revoked. The Subscriber shall stop using the private key immediately when: • the information in the SSL certificate is incorrect or invalid • it is suspected or demonstrated that the private key has been subject to misuse or has been compromised • the SSL certificate has been revoked If it is suspected or demonstrated that the private key has been subject to misuse or has been compromised, the Subscriber shall immediately comply with Buypass' instructions on the use of private keys and SSL certificates. The loss of a private key implies that the Subscriber must apply for a new revoke an SSL certificate.
Appears in 1 contract
Sources: Subscriber Agreement
Revoking SSL certificates. If Buypass may revoke an SSL certificate if the Subscriber knows, fails to comply with the terms and conditions contained in this agreement or has reason to believe, if the certificate is used for illegal activities such as phishing or should have understood that any unauthorised persons have acquired knowledge about the private key, the Subscriber shall immediately take steps to fraud or is otherwise misused. Buypass may also revoke the SSL certificate. The an SSL certificate shall be revoked in the event of loss, misuse or suspected misuse. Failure to do so shall be regarded as coarse negligence. The SSL certificate shall also be revoked if the Buypass is made aware that important information in the certificate is incorrect or inaccurateinaccurate or the Subscriber no longer exists. Buypass may, at any time, notify the Subscriber via Authorized Subscriber Representatives about incidents that require SSL certificates to be revoked, and revoke any SSL certificate within 24 hours or 5 days depending on the severity of the incident. Incidents that require revocation may be changes in requirements, compromised keys or compromised algorithms etc. If the SSL certificate is revoked due to one of the for any reasons listed below (read about revocation reasons on Buypass Web)below, the reason must will be specified when requesting revocation: revoking the certificate and included as reason code on CRL and OCSP (see also 4.5): • Buypass obtains evidence that the private key is has been compromised (keyCompromize #1) • Buypass is made aware that the Subscriber’s name or other identity information in the certificate has changed (affiliationChanged #3) • Buypass finds it necessary to revoke the certificate has been replaced by another certificate because it no longer satisfies the requirements stated in the CP/CPS (superseded #4) • Buypass is made aware that the certificate contains domain names that are no longer in allowed to use or the certificate will no longer be used because the website is no longer operative (cessationOfOperation #5) A reason code • Buypass obtains evidence that the certificate has been misused or is made aware of that the Subscriber fails to comply with terms and conditions in this agreement (in parenthesesprivilegeWithdrawn #9) will be included on the CRL/OCSP giving information to relaying parties about the reason for revoking the certificate. If the certificate is revoked for any other reason, no reason code should will be specified. For Buypass may revoke PSD2 QWACs, QWACs based on revocation requests from an NCA identified in the certificate shall be revoked if in case the Subscriber (PSP) has lost its authorization to act as a PSP has been withdrawn, or any of the PSP roles included role in the certificate has been withdrawn. Subscribers may submit revocation requests to Buypass’ revocation service by phone or by contacting the revocation service on Buypass Web. The Contract Signer and Authorized Subscriber Representatives may request certificate revocation on behalf of the Subscriber. The Subscriber must ensure that Authorized Subscriber Representatives are, at any time, able to receive and acknowledge notifications from will be notified when Buypass regarding any incident that requires certificates to be revoked within 24 hours or 5 days depending on the severity of the incident, and act upon them immediately. In such cases the Subscriber is responsible for replacing affected SSL certificates within the given timeframe to avoid services becoming inaccessible when certificates are revoked. The Subscriber shall stop using the private key immediately when: • the information in the SSL certificate is incorrect or invalid • it is suspected or demonstrated that the private key has been subject to misuse or has been compromised • the SSL certificate has been revoked If it is suspected or demonstrated that the private key has been subject to misuse or has been compromised, the Subscriber shall immediately comply with Buypass' instructions on the use of private keys and SSL certificates. The loss of a private key implies that the Subscriber must apply for a new revoke an SSL certificate.
Appears in 1 contract
Sources: Subscriber Agreement