In order to request and use a Code Signing Certificate issued under the ORC ACES CPS you (the subscriber) must agree to the following obligations.

To accurately represent themselves in all communications with the PKI and abide by all the terms, conditions and restrictions levied upon the use of the issued private key(s) and certificate(s). To protect the certificate private key from unauthorized access in accordance with the Private Key Protection section of the ORC ACES CPS. To immediately report to the RA if Private Key Compromise is suspected. Request that the Code Signing Attribute Authority approve and forward to the RA an authorization on the code signer’s behalf to obtain a code signing certificate. To apply for (generate a key pair) and download the code signing certificate onto a FIPS 140-1/2 Level 2 validated smart card. When not in use, the Code Signer hardware token shall be stored in a locked container. Submit the certificate request to the CA via a secure (SSL protected) web session. Digitally sign an e-mail, using acceptable PKI credentials, that contains the subject Distinguished Name (DN), code signer DN, and the code signing certificate request number and send it to an ORC RA. In the event of Code Signer change (due to the verified individual having left the employ of the subscribing organization or no longer being assigned as the code signer for the certificate) the applicant organization must designate and notify ORC of the new Code Signer. The Code Signer is a current employee of the organization and is authorized to obtain a code signing certificate(s) for the organization. To use the certificate only for authorized applications which have met the requirements of this CPS. To use the certificate only for the purpose for which it was issued, as indicated in the key usage extension. To report any changes to information contained in the certificate to the appropriate RA

	Step 1. Read the Code Signer Certificate Obligations ::
	Step 2. Download and complete the Proof of Organization Affiliation and Authorization for Code Signing document. ::
	Step 3. Download and complete the Acknowledgment of Responsibilities form. ::

To Order a Cryptographic Token and/or schedule a time to meet with an RA, please contact ORC at 1-888-816-5503 , 7:30 AM to 7:30 PM Eastern Standard Time or e-mail pkihelp@orc.com.

You can also come to our ORC Fairfax Office located at 11250 Waples Mill Rd, suite 210, South Tower to purchase your token, and request your Hardware Certificate in the presence of an RA.

---

I understand that during this process I will be generating my key pair and will possess the only copy of my private key on the workstation/computer (or hardware token) from which I am making my request. If lost, damaged, or compromised, I will be responsible for requesting and incurring the costs of a new certificate.