In order to request a Mobile Code Certificate, you must agree to the following obligations.

Accurately represent yourself in all communications with ORC and the PKI and abide by all the terms, conditions and restrictions levied upon the use of the issued private key(s) and certificate(s), as stipulated in the US Government ECA CP and the ORC CPS. To protect the certificate private key from unauthorized access in accordance with the Private Key Protection section of the ECA CPS. To immediately report to the RA if Private Key Compromise is suspected. Request that the Code Signing Attribute Authority CSAA approve and forward to the RA an authorization on the code signer's behalf to obtain a code signing certificate. To apply for (generate a key pair) and download the code signing certificate onto a FIPS 140-1, level 2 validated smart card. When not in use, the Code Signer hardware token shall be stored in a locked container. Submit the certificate request to the ECA via a secure (SSL protected) web session. Digitally sign an e-mail, using acceptable PKI credentials, that contains the subject Distinguished Name (DN), code signer DN, and the code signing certificate request number and send it to the RA. In the event of Code Signer change (due to the verified individual having left the employ of the subscribing organization or is no longer assigned as the code signer for the certificate) the applicant organization must designate and notify the ORC ECA of the new Code Signer. That the Code Signer is a current employee of the applicant organization and is authorized to obtain a code signing certificate(s) for the applicant organization. To use the certificate only for authorized applications which have met the requirements of the US Government ECA CP and this CPS. To use the certificate only for the purpose for which it was issued, as indicated in the key usage extension. To report any changes to information contained in the certificate to the appropriate CSAA and/or RA.     A Code Signer Certificate Subscriber and their applicant organization found to have acted in a manner inconsistent with these obligations is subject to revocation of CSAA responsibilities and/ or revocation of all Code Signing Certificates issued to that applicant organization.

	Step 1. Read the Mobile Code Certificate Obligations ::
	Step 2. Download and complete the Code Signing Attribute Authority Designation Letter. :: Unless your company already has a CSAA on file with ORC.
	Step 3. Download and complete the Mobile Code Certificate Authorization Letter. ::

To Order a Cryptographic Token and/or schedule a time to meet with an RA,please contact ORC at 1-800-816-5548 or 703-246-8536, 7:30 AM to 7:30 PM Eastern Standard Time or e-mail pkihelp@orc.com.

You can also come to our ORC Fairfax Office located at 11250 Waples Mill Rd, suite 210, South Tower to purchase your token, and request your Hardware Certificate in the presence of an RA.

---

I understand that during this process I will be generating my key pair and will possess the only copy of my private key on the workstation/computer (or hardware token) from which I am making my request. If lost, damaged, or compromised, I will be responsible for requesting and incurring the costs of a new certificate.