DigiCert Certificate Terms of Use

These terms apply to each digital certificate ("Certificate") issued by DigiCert, Inc., a Utah corporation ("DigiCert") to an entity ("Customer"), as identified in the Account or issued Certificates. By accepting an agreement that incorporates these terms, (collectively, the "Agreement"), the signer is entering Customer into a legally valid and enforceable agreement to obtain a form of digital identity for the Customer. The signer acknowledges that he/she has the authority to obtain the digital equivalent of a company stamp, seal, or officer's signature to establish the authenticity of the Customer's website, and that the Customer is responsible for all uses of a Certificate. By accepting an Agreement on behalf of the Customer, the signer represents that he/she (i) is acting as an authorized representative of the Customer, (ii) is expressly authorized by Customer to sign the Agreement and approve Certificate requests on Customer's behalf, and (iii) has or will confirm Customer's exclusive right to use the domain(s) to be included in any issued Certificates. Customer and DigiCert agree as follows:

  1. Requests. Customer may request SSL Certificates only for domain names registered to Customer, an affiliate of Customer, or an entity that expressly authorizes DigiCert to allow Customer to obtain and manage Certificates for the domain name. DigiCert may limit the number of domain names that Customer may include in a single Certificate in its sole discretion.

  2. Verification. After receiving a request for a Certificate through the Account, DigiCert will review the request and attempt to verify the relevant information in accordance with the DigiCert CPS and industry guidelines. "Account" means a DigiCert system account and API. Verification is subject to DigiCert's sole satisfaction, and DigiCert may refuse to issue a Certificate for any reason. DigiCert will notify Customer if a Certificate request is refused but DigiCert is not required to provide a reason for the refusal. "Certificate Practices Statement" or "CPS" means DigiCert's written statement of the policies and practices used to operate its PKI infrastructure. DigiCert's CPS documents are available at: https://www.digicert.com/ssl-cps-repository.htm.

  3. Certificate Life Cycle. The lifecycle of an issued Certificate depends on the selection made by Customer when ordering the Certificate, the requirements in the CPS, and the intended use of the Certificate. DigiCert may modify Certificate lifecycles for unissued Certificates as necessary to comply with requirements of (i) the Agreement with Customer, (ii) industry standards, (iii) DigiCert's auditors, or (iv) an Application Software Vendor. Customer agrees to cease using a Certificate and its related Private Key after the Certificate’s expiration date. "Application Software Vendors" means an entity that displays or uses Certificates in connection with a distributed root store in which DigiCert participates or will participate.

  4. Issuance. If verification is completed to DigiCert's satisfaction, DigiCert will issue the requested Certificate and deliver the Certificate to Customer. DigiCert may deliver the Certificate using any reasonable means of delivery. Typically, DigiCert will deliver Certificates via email to an address specified by Customer, as an electronic download in the Account, or in response to an API call made by Customer. Certificates are issued from a DigiCert root or intermediate Certificate selected by DigiCert. Customer will abide by all applicable laws and regulations when ordering and using Certificates, including United States export laws. Customer is responsible for obtaining and maintaining any license necessary to distribute the Certificates to end users and systems. Customer acknowledges that the Certificates are not available in countries restricted by the Office of Foreign Assets Control.

  5. Certificate License. Effective immediately after delivery and continuing until the Certificate expires or is revoked, Customer may use, for the benefit of the Certificate's subject, each issued Certificate and corresponding Key Set for the purposes described in the CPS, in accordance with all applicable laws, and in accordance with terms herein. "Key Set" means a set of two or more mathematically related keys, referred to as Private Keys or key shares along with a Public Key, having the properties that (i) the Public Key can encrypt a message which only the Private Key(s) can decrypt, and (ii) even knowing the Public Key, it is computationally infeasible to discover the Private Key(s). Customer will promptly inform DigiCert if it becomes aware of any misuse of a Certificate, Private Key, or the Account. Customer is responsible for obtaining and maintaining any authorization or license necessary to order and use a Certificate, including any license required under United States’ export laws.

  6. Key Pairs. A "Private Key" means the key that is kept secret by Customer that is used to create digital signatures and/or decrypt electronic records or files that were encrypted with the corresponding Public Key. A "Public Key" means Customer's publicly‐disclosed key that is contained in Customer's Certificate and corresponds to the secret Private Key that Customer uses. Customer must (i) generate key pairs using trustworthy systems, (ii) use key pairs that are at least the equivalent of RSA 2048 bit keys, and (iii) keep all Private Keys confidential. Customer is solely responsible for any failure to protect its Private Keys. Customer may only generate and store key pairs for Adobe Signing Certificates and EV Code Signing Certificates on a FIPS 140‐2 Level 2 device. All other Certificate types may be stored on secure software or hardware systems.

  7. Management. DigiCert will generally issue, manage, renew, and revoke a Certificate in accordance with any instructions submitted by Customer through the Account and may rely on such instructions as accurate. Customer will provide accurate and complete information when communicating with DigiCert. Customer will confirm the accuracy of the Certificate data prior to using the Certificate. Although DigiCert may send a reminder about expiring Certificates, DigiCert is under no obligation to do so, and Customer is solely responsible for ensuring Certificates are renewed prior to expiration.

  8. Security and Use of Key Sets. Customer will securely generate and protect the Key Sets associated with a Certificate and take all steps necessary to prevent the compromise, loss or unauthorized use of a Private Key associated with a Certificate. To minimize internal risk of Private Key compromise, Customer will only allow employees, agents, and contractors to access or use Private Keys if the employee, agent, or contractor has undergone a background check by Customer (to the extent allowed by law) and has training or experience in PKI and other information security fields. Customer will request revocation of a Certificate, cease using such Certificate and remove the Certificate from all devices where it is installed if any information in the Certificate is or becomes incorrect or inaccurate. Customer will request revocation of a Certificate, cease using the Certificate and its associated Private Key and notify DigiCert if there is any actual or suspected misuse or compromise of the Private Key associated with the Public Key included in the Certificate. Customer will promptly cease using the Key Set corresponding to a Certificate upon the earlier of (i) revocation of the Certificate and (ii) the date when the allowed usage period for the Key Set expires. After revocation, Customer must cease using the Certificate.

  9. Defective Certificates. Customer's sole remedy for a defect in a Certificate is to have DigiCert use commercially reasonable efforts to cure the defect after receiving notice from Customer. DigiCert is not obligated to correct a defect if (i) Customer misused, damaged, or modified the Certificate, (ii) Customer did not promptly report the defect to DigiCert, or (iii) Customer has breached any provision of the Agreement.

  10. Relying Party Warranty. Customer acknowledges that the Relying Party Warranty is only for the benefit of Relying Parties. Customer does not have rights under the warranty, including any right to enforce the terms of the warranty or make a claim under the warranty. "Relying Party" means an entity other than Customer that acts in reliance on a Certificate or a digital signature. An Application Software Vendor is not a Relying Party when the software distributed by the Application Software Vendor merely displays information regarding a Certificate or facilitates the use of the Certificate or digital signature. "Relying Party Warranty" means a warranty offered to a Relying Party that meets the conditions found in the Relying Party Warranty Agreement posted on DigiCert's website at /docs/agreements/DigiCert_RPA.pdf.

  11. Representations. For each requested Certificate, Customer represents to DigiCert that:

    • Customer has the right to use or is the lawful owner of (i) any domain name(s) specified in the Certificate and (ii) any common name or organization name specified in the Certificate,

    • the individual accepting the Agreement is expressly authorized by the Customer to enter into an Agreement on behalf of the Customer,

    • Customer will use the Certificate only for authorized and legal purposes, consistent with the Certificate purpose, the CPS, any applicable certificate policy, and the Agreement,

    • Customer has read, understands, and agrees to the CPS, and

    • the organization included in the Certificate and the registered domain name holder is aware of and approves of each Certificate request.

  12. Restrictions. Customer will only use a TLS/SSL Certificate on the servers accessible at the domain names listed in the issued Certificate. Customer will not:

    • modify, sublicense, or create a derivative work of any Certificate (except as required to use the Certificate for its intended purpose) or Private Key,

    • upload or distribute any files or software that may damage the operation of another's computer,

    • make representations about or use a Certificate except as allowed in the CPS,

    • impersonate or misrepresent Customer's affiliation with any entity,

    • use the Certificates or any related software (such as a DigiCert Account) in a manner that could reasonably result in a civil or criminal action being taken against Customer or DigiCert,

    • use a Certificate or related software to breach the confidence of a third party or to send or receive unsolicited bulk correspondence,

    • use code signing Certificates to sign malicious code or any code that is downloaded without a user’s consent,

    • interfere with the proper functioning of the DigiCert website or with any transactions conducted through the DigiCert website,

    • attempt to use a Certificate to issue other Certificates, or

    • intentionally create a Private Key that is substantially similar to a DigiCert or third party Private Key.

  13. Certificate Revocation. DigiCert may revoke a Certificate without notice for the reasons stated in the CPS, including if DigiCert reasonably believes that:

    • Customer requested revocation of the Certificate or did not authorize the issuance of the Certificate,

    • Customer has breached its Agreement or an obligation it has under the CPS,

    • any provision of an agreement with Customer containing a representation or obligation related to the issuance, use, management, or revocation of the Certificate terminates or is held invalid,

    • Customer is added to a government prohibited person or entity list or is operating from a prohibited destination under the laws of the United States,

    • the Certificate contains inaccurate or misleading information,

    • the Certificate was used outside of its intended purpose or used to sign malicious software,

    • the Private Key associated with a Certificate was disclosed or compromised,

    • the Certificate was (i) misused, (ii) used or issued contrary to law, the CPS, or industry standards, or (iii) used, directly or indirectly, for illegal or fraudulent purposes,

    • industry standards or DigiCert’s CPS require Certificate revocation, or

    • revocation is necessary to protect the rights, confidential information, operations, or reputation of DigiCert or a third party.

  14. Industry Standards. Both parties will comply with all industry and privacy standards that apply to the Certificates. If a law or industry standard changes and that change affects the Certificates or other services provided under the Agreement, then DigiCert may amend the Agreement to the extent necessary to comply with the change.

  15. Equipment. Customer is responsible, at Customer's expense, for (i) all computers, telecommunication equipment, software, access to the Internet, and communications networks (if any) required to use the Certificates and related DigiCert software or services, and (ii) Customer’s conduct and its website maintenance, operation, development, and content.

  16. Certificate Beneficiaries. Relying Parties and Application Software Vendors are express third party beneficiaries of Customer’s obligations and representations related to the use or issuance of a Certificate. The Relying Parties and Application Software Vendors are not express third party beneficiaries with respect to any DigiCert software.

Terms of Use: last updated September 9, 2016