Section 5A in The Information Technology (Certifying Authorities) Rules, 2000
5A. [ Verification of Digital Signature Certificate. [Inserted by Notification No. G.S.R. 782 (E) dated 25.10.2011 (w.e.f. 17.10.2000)]
(a)The self signed certificate generated by the Controller, which begins the trust chain for the public key infrastructure, shall be used to verify the authenticity of the public key certificate of the licensed Certifying Authorities;(b)the public key certificate of the licensed Certifying Authorities shall be used to verify the authenticity of the digital signature certificate issued to the subscribers;(c)the certificate revocation list maintained by the licensed Certifying Authorities shall be checked to confirm whether the certificate is valid or whether it has been revoked under section 38 of the Act;(d)while verifying the validity of a digital signature the corresponding digital signature certificate should chain up through the public key certificate of the issuing Certifying Authority to the self signed certificate of the Controller and if any of the certificates in the trust chain is not trusted the signature will not be verified.](b)the electronic record was unaltered, which is known to be the case if the hash result computed by the verifier is identical to the hash result extracted from the Digital Signature during the verification process.
