External Certificate Authority

In order to request and use an Encryption Certificate issued under the ORC ECA CPS you (the subscriber) must agree to the following obligations.

IMPORTANT: Be aware that this Encryption Certificate WILL NOT decrypt email that was encrypted with a previous Encryption Certificate. This certificate will be a NEW (and different) decryption (Private) Key. You MUST keep a backup copy of your old Encryption Certificate to ensure that you can continue to decrypt old encrypted email. See the Instructions to learn how to make a backup copy of a certificate.

	To accurately represent yourself in all communications with ORC and the PKI.
	To protect the certificate private key from unauthorized access in accordance with the Private Key Protection section of the ECA CPS.
	To immediately report to an RA or LRA and request certificate revocation if Private Key Compromise is suspected.
	To use the certificate only for authorized applications which have met the requirements of the US Government ECA CP and this CPS.
	To use the certificate only for the purpose for which it was issued, as indicated in the key usage extension.
	To report any changes to information contained in the certificate to the appropriate RA or LRA for certificate reissue processing.
	Abide by all the terms, conditions, and restrictions levied upon the use of their private keys and certificates.

Theft, compromise or misuse of the private key may cause the Subscriber, Relying Party, and their organization legal consequences.

I understand that during this process I will be generating my key pair and will possess the only copy of my private key on the workstation/computer (or hardware token) from which I am making my request. If lost, damaged, or compromised, I will be responsible for requesting and incurring the costs of a new certificate.