ACES

Component/Server Certificate Subscriber Agreement (Obligations)

In order to request, renew, and use a Non Government Component/Server Certificate issued under the ORC ACES CPS you the applicant agency or company and Component/Server Certificate Subscriber must agree to the following obligations.

	To accurately represent themselves in all communications with ORC and the PKI, and abide by all the terms, conditions, and restrictions levied upon the use of the issued private key(s) and certificate(s).
	To protect the certificate private key from unauthorized access in accordance with the Private Key Protection section of the ACES CPS.
	To immediately report to the RA and request certificate revocation processing if Private Key Compromise is suspected.
	In the event of a PKI Sponsor change, due to the verified individual having left the employ of the subscribing company or is no longer being assigned as the PKI Sponsor for the certificate(s), the applicant company must designate a new PKI Sponsor for the certificate(s). The applicant company must designate a new PKI Sponsor and the new PKI Sponsor must complete a new identity verification.
	When renewing the server certificate the PKI Sponsor must complete a new identity verification.
	Confirm that you are a current employee of the applying company and that you are authorized to obtain server/component certificates for the company by completing and submitting the Non Government Component/Server Proof of Organizational Affiliation letter.
	That the server designated in the certificate request is the only system on which the certificate is to be installed.
	To use the certificate only for authorized applications that have met the requirements of this CPS.
	To use the certificate only for the purpose for which it was issued, as indicated in the key usage extension.
	To report any changes to information contained in the certificate to the appropriate RA for certificate reissue processing.

A Component/Server Certificate Subscriber and their applicant organization found to have acted in a manner inconsistent with these obligations is subject to revocation of LRA responsibilities and/or revocation of all Component/Server Certificates issued to that applicant organization.

I understand that during this process I will be generating my key pair and will possess the only copy of my private key on the workstation/computer (or hardware token) from which I am making my request. If lost, damaged, or compromised, I will be responsible for requesting and incurring the costs of a new certificate.