This is an agreement between the client and GeoTrust Inc., the certification authority that will issue the clients SSL certificate.
Please read the following agreement carefully. By submitting an application to obtain a RapidSSL Certificate and accepting and using such certificate, you indicate the acceptance of the following terms and conditions and you agree to be bound by them.
This GeoTrust RapidSSL™ Web Server Certificate Subscriber Agreement (this "Agreement") is made by and between GeoTrust Inc. ("GeoTrust") and you, a certificateapplicant and governs your application for, issuance and use of a GeoTrust RapidSSL Web Server Certificate. By accepting this Agreement, Internet service providers, hosting companies or others (" Hosting Companies"), represent that they have express authority from certificate applicants to apply for, and accept the digital certificate on the certificate applicants behalf, and that both the certificate applicant and the Hosting Company (collectively referred to as the "Subscriber") have agreed to be bound by all the terms of this Agreement. Subscriber hereby represents that it is fully authorized to apply for a GeoTrust RapidSSL Web server certificate for secure and authenticated electronic transactions. The Subscriber understands that a digital certificate serves to identify the Subscriber for the purposes of electronic commerce, and that the management of the private keys associated with such certificates is the responsibility of the Subscriber and/or its contractors.
NOW, THEREFORE, in consideration of the above premises and the mutual covenants set forth herein, and for other good and valuable mutual consideration, the receipt and sufficiency of which are hereby mutually acknowledged, GeoTrust and Subscriber agree as follows:
1. Definitions. For the purposes of this Agreement, all capitalized terms used in this Agreement shall have the meaning ascribed to them in this Section 1 and elsewhere in this Agreement. "Certificate" means a record that, at a minimum (a) identifies the Certification Authority issuing it, (b) names or otherwise identifies its Subscriber; (c) contains a Public Key that corresponds to a Private Key under the control of the Subscriber, (d) identifies its operational period, and (e) contains a Certificate serial number and is Digitally Signed by the issuing Certification Authority. "Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates. "CSR" or "Certificate Signing Request" means a text file submitted with your enrollment form which contains the organization name, division, country, state, city and your PublicKey and is used by GeoTrust to generate your Certificate.
"Digital Signature" means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's Public Key can accurately determine whether the transformation was created using the Private Key that corresponds to the signer's Public Key and whether the message has been altered since the transformation was made. "Digitally Signed" means the application of a Digital Signature to electronic data. "Key Pair" means two mathematically related keys, having the following properties: (a) one key can be used to encrypt a message that can only be decrypted using the other key, and (b) even knowing one key, it is computationally infeasible to discover the other key. "Public Key" means the key of a Key Pair used to verify a Digital Signature. The Public Key is made freely available to anyone who will receive digitally signed messages from the holder of the Key Pair. The Public Key is usually provided via a Certificate issued by a Certification Authority. A Public Key is used to verify the digital signature of a message purportedly sent by the holder of the corresponding Private Key. "Private Key" means the key of a Key Pair used to create a Digital Signature. This key must be kept private.
"Subscriber" means a person or entity who (a) is the subject named or identified in a Certificate issued to such person or entity, (b) holds a Private Key that corresponds to a Public Key listed in that Certificate, and (c) the person or entity to whom Digitally Signed messages verified by reference to such Certificate are to be attributed.
"Trustworthy System" means computer hardware, software, and procedures that (a) are reasonably secure from intrusion and misuse, (b) provide a reasonable level of availability, reliability, and correct operation, (c) are reasonably suited to performing their intended functions, and (d) adhere to generally accepted security procedures.
2. Subscriber Obligations. In addition to complying with the terms of the Certificate Practices Statement (" CPS") which are incorporated by reference into this Agreement, Subscriber shall comply with each of the following obligations: (a) provide information on the Certificate application that is correct and accurate, (b) generate a Key Pair using a Trustworthy System; (c) use the Certificate exclusively for authorized and legal Public and Private Key operations consistent with this Agreement; (d) protect the confidentiality of the Private Key from unauthorized use, access or disclosure; (e) use the Certificate only in conjunction with properly licensed cryptographic software, (f) promptly request that GeoTrust revoke the Certificate upon any change to the information on the Certificate or the Certificate application, including, but not limited to the change of the organization name or domain name registration of Subscriber, (g) promptly request that GeoTrust revoke the Certificate upon any actual or suspected loss, disclosure, or other compromise of the Private Key, and (h) install the Certificate on no more than one server at a time. Any failure of Subscriber to comply with each of the obligations under this Section 2 shall be a material breach of the Agreement. Subscriber acknowledges the inherent possibility of the compromise of Subscriber's and/ or another Subscriber's Private Key, which may or may not be detected, and the possible use of a stolen or compromised Private Key to forge Subscriber's or another Subscriber's Digital Signature.
3. GeoTrust Services. Under this Agreement, GeoTrust is a Certification Authority. GeoTrust shall only issue a Certificate upon authenticating and validating the application and enrollment information of Subscriber according to the CPS as may be amended from time to time by GeoTrust. The CPS is available for viewing at: http:// www. geotrust. com. GeoTrust, in its sole discretion, may refuse to issue a Certificate to any Subscriber. GeoTrust shall, consistent with this Agreement and CPS, and to the extent necessary or applicable, (a) receive and process the Certificate application, (b) send an acknowledgment to Subscriber of either the approval or rejection of the Certificate application, (c) if the Certificate application is approved, issue a Certificate, (d) publish the Certificate, and (e) process all requests for Certificate revocation upon the receipt of an authenticated request from Subscriber. GeoTrust shall have the right to revoke a Certificate upon (a) any change to the information on the Certificate or the Certificate application, including, but not limited to the change of the organization name or domain name registration of Subscriber or (b) any actual or suspected loss, disclosure, or other compromise of Subscriber's Private Key. Upon request, GeoTrust shall use reasonable efforts to provide to all requesting parties, including entities or persons using or relying on a Certificate, information concerning the status of such Certificate. 4. Fees. Subscriber shall pay to GeoTrust the applicable fees associated with the issuance of the Certificate upon the application therefor.
5. Confidentiality. GeoTrust and Subscriber agree that certain information contained in the enrollment form may be confidential and proprietary information of the disclosing party (collectively "Confidential Information") and agree to use such Confidential Information only in connection with its obligations hereunder. These obligations shall continue indefinitely for so long as the Confidential Information is a trade secret under applicable law and shall continue for two (2) years following termination of this Agreement with respect to Confidential Information that does not rise to the level of a trade secret. Notwithstanding the above, Subscriber hereby acknowledges and agrees that GeoTrust (a) may publish certain information provided by Subscriber in the CSR in order to establish or update a unique business identification number profile; (b) may publish or otherwise disclose the serial number and other information contained on the Certificate in connection with GeoTrust's dissemination of Certificate status information; and (c) may collect information regarding the use of Certificates and disclose such information in its aggregated form. 6.1 Term. The term of this Agreement shall begin on the date the Certificate application is submitted to GeoTrust and shall terminate immediately upon the earlier of (a) the end of the Certificate's stated validity period, (b) the revocation of the Certificate, (c) the rejection of the Certificate application, (d) thirty (30) days after receipt of notice by Subscriber from GeoTrust regarding a breach by Subscriber of its obligations under this Agreement which remains uncured for such period of time, or (e) receipt of notice by GeoTrust from Subscriber of its intent to terminate this Agreement. 6.2 Effect of Termination. Upon the termination of this Agreement for any reason, GeoTrust shall revoke the Certificate. Upon the revocation of the Certificate for any reason, Subscriber shall have no right in and shall not use the Certificate in any manner. Notwithstanding the foregoing, any use of the Certificate prior to the revocation of the Certificate or termination of this Agreement shall not be affected thereby. 6.3 No Damages or Indemnification for Termination. Neither party shall be liable to the other party for any costs or damages of any kind, including direct, indirect, incidental special, multiple, punitive, exemplary or consequential damages, or for indemnification of the party, solely on account of the lawful termination of this Agreement, even if informed of the possibility of such damages. 7. Disclaimer of Warranties. GEOTRUST EXPRESSLY DISCLAIMS AND MAKES NO REPRESENTATION, WARRANTY OR COVENANT OF ANY KIND, WHETHER EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, WITH RESPECT TO THE SERVICES PROVIDED OR THE CERTIFICATE ISSUED HEREUNDER, INCLUDING WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE OR USE OF THE SERVICES OR CERTIFICATE, AND ALL WARRANTIES, REPRESENTATIONS, CONDITIONS, UNDERTAKINGS, TERMS AND OBLIGATIONS IMPLIED BY STATUTE OR COMMON LAW, TRADE USAGE, COURSE OF DEALING OR OTHERWISE ARE HEREBY EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW. GEOTRUST FURTHER DISCLAIMS AND MAKES NO REPRESENTATION, WARRANTY OR COVENANT OF ANY KIND, WHETHER EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, TO SUBSCRIBER OR ANY THIRD PARTY THAT (A) ANY SUBSCRIBER TO WHICH IT HAS ISSUED A CERTIFICATE IS IN THE FACT THE PERSON, ENTITY OR ORGANIZATION IT CLAIMS TO BE IN THE INFORMATION SUPPLIED TO GEOTRUST, (B) A SUBSCRIBER IS IN FACT THE PERSON, ENTITY OR ORGANIZATION LISTED IN A CERTIFICATE, OR (C) THAT THE INFORMATION CONTAINED IN THE CERTIFICATES OR IN ANY CERTIFICATE STATUS MECHANISM COMPILED, PUBLISHED OR OTHERWISE DISSEMINATED BY GEOTRUST, OR THE RESULTS OF ANY CRYPTOGRAPHIC METHOD IMPLEMENTED IN CONNECTION WITH THE CERTIFICATES IS ACCURATE, AUTHENTIC, COMPLETE OR RELIABLE. 8. Disclaimer of Damages and Limitations of Liability. In no event shall GeoTrust be liable for any default or delay in the performance of its obligations hereunder to the extent and while such default or delay is caused, directly or indirectly, by electronic or communications failures fire, flood, earthquake, elements of nature or acts of God, acts of war, terrorism, riots, civil disorders, rebellions or revolutions in the United States, strikes, lockouts, or labor difficulties or any other similar cause beyond the reasonable control of GeoTrust. IN NO EVENT SHALL THE CUMULATIVE LIABILITY OF GEOTRUST TO SUBSCRIBER OR ANY THIRD PARTY FOR ALL CLAIMS RELATED TO THE USE OF OR RELIANCE ON A CERTIFICATE OR FOR THE SERVICES PROVIDED HEREUNDER INCLUDING WITHOUT LIMITATION ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT OR STRICT LIABILITY EXCEED THE AMOUNTS PAID BY SUBSCRIBER TO GEOTRUST UNDER THIS AGREEMENT. UNDER NO CIRCUMSTANCES SHALL EITHER PARTY BE LIABLE TO THE OTHER OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, MULTIPLE, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, THE ABOVE EXCLUSIONS OF INCIDENTAL AND CONSEQUENTIAL DAMAGES MAY NOT APPLY TO SUBSCRIBER BUT SHALL BE GIVEN EFFECT TO THE FULL EXTENT PERMITTED BY LAW. 9. Indemnification. The Subscriber hereby agrees to indemnify and hold GeoTrust and its officers, directors, employees, agents, successors and assigns harmless from and against any and all claims, losses, damages, judgments, costs and expenses (including attorneys' fees) arising out of or related to Subscriber's use of the Certificate.
10. Notices. Any notices between the parties shall be in physical or electronic writing. The parties shall send all notices by e-mail or first class mail, postage prepaid. Notices shall be effective upon receipt. GeoTrust shall send notices to Subscriber at the e-mail and/ or physical address provided in the Certificate application. Subscriber shall send notices in writing to the following address: GeoTrust RapidSSL, 40 Washington Street, Suite 20, Wellesley Hills, MA 02481 USA.
11. No Other Rights. By virtue of this Agreement, Subscriber does not acquire any right, title or interest of any kind in or to any trademark, trade name, service mark, logo, patent, copyright, or other proprietary right of GeoTrust. 12. Miscellaneous. Any controversy or claim arising out of or relating to this Agreement or the breach thereof will be settled by arbitration in Boston, Massachusetts, before and in accordance with the Commercial Arbitration Rules of the American Arbitration Association. The award rendered in that arbitration will be binding on the parties hereto, and judgment upon the award can be entered by any court having jurisdiction thereof. This Agreement shall be governed and interpreted according to the internal laws of the Commonwealth of Massachusetts, excluding choice of law provisions. For all disputes arising out of or related to this Agreement not covered by the Arbitration provision above, the parties irrevocably consent to the exclusive jurisdiction of the state and federal courts located in Suffolk County, Massachusetts, United States of America. No modification of this Agreement shall be binding unless it is in writing and is signed by an authorized representative of the party against whom enforcement is sought. Notwithstanding termination of this Agreement, the following paragraphs shall survive, along with all definitions required thereby: Paragraphs 1, 2, 3, 5, 6, 7, 8, 9, 10, 11, and 12. This Agreement shall not be assigned by Subscriber without prior written consent of GeoTrust, and any attempt to assign any rights, duties, or obligations, which arise under this Agreement without such consent will be void. If any provision of this Agreement (or any portion thereof) shall be held to be invalid, illegal, or unenforceable, the validity, legality, or enforceability of the remainder of this Agreement shall not in any way be affected or impaired thereby. GeoTrust is not an agent, fiduciary, trustee, or other representative of Subscriber and the relationship between GeoTrust and Subscriber is not that of an agent and a principal. Subscriber does not have any authority to bind GeoTrust by contract or otherwise, to any obligation. This Agreement constitutes the complete and exclusive statement of the agreement between the Subscriber and GeoTrust with respect to the application for, acceptance of, and use of a certificate and supersedes any proposal or prior agreement, oral or written, and any other communications relating to this Agreement.[v. 1.1 2.6.03]