Section 23 in The Information Technology (Certifying Authorities) Rules, 2000
23. Digital Signature Certificate.
- The Certifying Authority shall, for issuing the Digital Signature Certificates, while complying with the provisions of section 35 of the Act, also comply with the following, namely:-(a)the Digital Signature Certificate shall be issued only after a Digital Signature Certificate application in the form provided by the Certifying Authority has been submitted by the subscriber to the Certifying Authority and the same has been approved by it:Provided that the application form contains, inter alia, the particulars given in the model Form given in Schedule IV;(b)no interim Digital Signature Certificate shall be issued;(c)the Digital Signature Certificate shall be generated by the Certifying Authority upon receipt of an authorised and validated request for-(i)new Digital Signature Certificates;(ii)Digital Signature Certificates renewal;(d)the Digital Signature Certificate must contain or incorporate, by reference such information, as is sufficient to locate or identify one or more repositories in which revocation or suspension of the Digital Signature Certificate will be listed, if the Digital Signature Certificate is suspended or revoked;(e)the subscriber identity verification method employed for issuance of Digital Signature Certificate shall be specified in the Certification Practice Statement [in accordance with the Identity Verification Guidelines issued by the Controller] [Inserted by Notification No. G.S.R. 662(E), dated 25.8.2015 (w.e.f. 17.10.2000).] and shall be subject to the approval of the Controller during the application for a licence;(ea)[ subsequent to initial approval of Certification Practice Statement by the Controller during the application for a licence, all the changes in the subscriber identity verification method or guidelines employed for issuance of Digital Signature Certificate shall be in accordance with the Identity Verification Guidelines issued by the Controller and the changes shall be incorporated in the Certification Practice Statement periodically and shall be approved by the Controller.] [Inserted by Notification No. G.S.R. 662(E), dated 25.8.2015 (w.e.f. 17.10.2000).](f)where the Digital Signature Certificate is issued to a person (referred to in this clause as a New Digital Signature Certificate) on the basis of another valid Digital Signature Certificate held by the said person (referred in this clause as an Originating Digital Signature Certificate) and subsequently the Originating Digital Signature Certificate has been suspended or revoked, the Certifying Authority that issued the new Digital Signature Certificate shall conduct investigations to determine whether it is necessary to suspend or revoke the new Digital Signature Certificate;(g)the Certifying Authority shall provide a reasonable opportunity for the subscriber to verify the contents of the Digital Signature Certificate before it is accepted;(h)if the subscriber accepts the issued Digital Signature Certificate, the Certifying Authority shall publish a signed copy of the Digital Signature Certificate is a repository;(i)where the Digital Signature Certificate has been issued by the licensed Certifying Authority and accepted by the subscriber, and the Certifying Authority comes to know of any fact, or otherwise, that affects the validity or reliability of such Digital Signature Certificate, it shall notify the same to the subscriber immediately;(j)all Digital Signature Certificates shall be issued with a designated expiry date.
