The Certification Practice Statement (“CPS”) at http://www.entrust.net/CPS/pdf/webcps090809.pdf applies to the following Certificate Types:
- Entrust SSL Certificates and Entrust SSL Web Server Certificates
- Entrust Code Signing Certificates
- Entrust Client Certificates
These are collectively referred to as “Certificates”
- Provides Applicants, Subscribers, Relying Parties, Resellers, Co-marketers and other persons, entities, and organizations with a statement of the practices and policies of Entrust in issuing and revoking Certificates.
- Sets out the terms and conditions under which Entrust makes Certificate services available.
- Is applicable to all persons, entities, and organizations, including, without limitation, all Applicants, Subscribers, Relying Parties, Resellers, Co-marketers and any other persons, entities, or organizations that have a relationship with Entrust in respect to the Certificates.
- Is incorporated by reference into all Certificates issued by an Entrust.
- Provides a statement of the rights and obligations of Entrust, Applicants, Subscribers, Relying Parties, Resellers, Co-marketers and any other persons, entities, or organizations that may use or rely on Certificates or have a relationship with Entrust in respect to Certificates and/or any related services.
These CPS should be carefully reviewed. It is to be noted that the CPS sets out important limits pertaining to the maximum liability that Entrust will be subject to in connection with Certificates, including a provision that states that Entrust’s liability will not exceed the greater of (1) ten thousand United States dollars ($10,000.00 U.S..); and (2) ten times the fees paid by the applicable subscriber to Entrust during the twelve months prior to the initiation of the claim to a maximum of one million dollars ($1,000,000) (such greater number referred to as the “cumulative damage cap”).
In the case of Entrust Extended Validation Certificates (“EV SSL Certificates”), the Entrust Certificate Services Certification Practice Statement for EV SSL Certificates (“EV CPS”) at http://www.cabforum.org. The Guidelines describe certain of the minimum requirements that a Certification Authority (CA) must meet in order to issue EV SSL Certificates. Subject Organization information from valid EV SSL Certificates may be displayed in a special manner by certain relying-party software applications (e.g., browser software) in order to provide users with a trustworthy confirmation of the identity of the entity that controls the website they are accessing. In the event of any inconsistency between the EV CPS and the Guidelines, the Guidelines take precedence over the EV CPS.