Relying Party Agreement
IMPORTANT – Do not rely on or use SSL.com’s certificate services prior to reading and accepting this relying party agreement (“Agreement”).
1. Definitions and Interpretations
5. Limitation of Liability
SSL.com’s Relying Party Agreement applies to any entity or individual relying on the use of any SSL.com service or product. These services and products include:
- SSL.com’s certificate validation service
- SSL.com’s Online Certificate Status Protocol (“OCSP”) services
- SSL.com’s Certificate Revocation List (“CRL”)
- Other documents published in SSL.com’s repository information
- Any certificate issued by SSL.com
- Any SSL.com site seal
1. Definitions and Interpretations
Capitalized terms used in this Agreement shall have the following meanings, unless otherwise specified:
- Certificate: A digitally signed document that is a public-key certificate in the version 3 format specified by ITU-T Recommendation X.509. The digital signature on the certificate binds a subject’s identity and other data items to a public key value, thus attesting to the ownership of the public key by the subject. The certificate data items include, at least, the identify of the subject; the public key value; the identity of the certification authority that signs the certificate; and the certificate’s serial number.
- Certification Practice Statement (CPS): The SSL.com document setting forth SSL.com’s validation and issuance practices. The SSL.com CPS can be found here.
- SSL.com: SSL Corp, the issuer of the Certificate covered by the Warranty.
- Covered Loss: A direct monetary loss associated with an online credit card transaction that meets the criteria under Section 3.
- Covered Person: A person who meets all of the criteria found in Section 4 of this Agreement that will receive payment for a Covered Loss.
- Incident: Any instance of a fraudulent online credit card transaction made in reliance on a unrevoked and unexpired SSL.com issued Digital Certificate where SSL.com failed to perform the validation requirements set forth in its CPS.
- Maximum Certificate Coverage: The maximum amount of a single transaction that will be covered by the Warranty associated with the Certificate.
- Payment Limit: The maximum aggregate claims that can be made against a Certificate under the Warranty. Payment Limits for each Certificate type are set forth in Section 6.
- Relying Party: A party using the Certificate to conduct an online transaction using a credit card with the Subscriber named in the Certificate.
- Repository: SSL.com’s collection of documents pertaining to its Certificate issuance and validation processes as set forth at http://www.ssl.com/repository.
- Subscriber: The entity named in the Certificate with whom the Relying Party wishes to conduct an online credit card transaction.
- Warranty: SSL.com’s guarantee against loss associated with an online credit card transaction caused by SSL.com’s failure to exercise reasonable care to perform the validation steps set forth in the SSL.com CPS prior to the Certificate’s issuance.
Any terms not defined in this section shall have the meaning set forth in the SSL.com CPS.
2.1 Binding Agreement
The terms and conditions set forth herein (the “Agreement”) constitute a final binding agreement between you (the “Relying Party”) and SSL Corp (“SSL.com”) with respect to any services related to the Certificate’s use, including the use of SSL.com’s repository, SSL.com’s validation services such as its OCSP or CRLs, or the use of a Certificate when conducting an online transaction. Your use of any of these services constitutes your unmodified acceptance of this Agreement.
2.2 Steps for Compliance
In consideration for use of SSL.com’s certificate services and being permitted access to and use of the Repository and/or an SSL.com-issued Certificate, you agree that prior to using a Certificate, you will:
- Verify the Certificate chain in any instance where the Certificate is issued by a third party, to ensure that the third party is an authorized subordinate Certification Authority of SSL.com and that the Certificate was issued in accordance with the policies set out in the SSL.com CPS;
- Check the CRL/OSCP to ensure that the Certificate is valid and operational
- Comply with all applicable policies and procedures set out in the SSL.com CPS.; and
- Take any other steps which would be reasonable to take in the given circumstances.
2.3 Certificate Use
You may not use an SSL.com-issued Certificate for any purpose other than as set forth in the relevant section of the SSL.com CPS for that particular class and type of Certificate.
2.4 SSL.com Obligations
- Validate the information provided by the Subscriber using the methods set forth in the SSL.com CPS prior to issuing the corresponding Certificate, and
- Update the CRL by logging all Certificates revoked in the past 24 hours
Under normal conditions, SSL.com posts new entries to the CRL as soon as a revocation request is confirmed.
2.5 Terms and Conditions
As a Relying Party, you acknowledge that:
- The CRL/OSCP does not contain a real time record of all Certificate revocations
- The security or integrity of a Private Key which corresponds to a Public Key contained in a Certificate may be compromised due to an act or omission of a third party which has not been authorized by SSL.com, and you agree that SSL.com shall not be liable for any losses suffered as a result of such compromise
- SSL.com relies upon authorization records, government records, third party business databases and domain name services to validate information contained in Certificates, and you agree that SSL.com shall not be liable for loss suffered as a result of inaccuracies or deficiencies contained in those records or databases or inaccurate information supplied by providers of domain name services or any other third party; and
- SSL.com performs differing degrees of Certificate validation depending on the type of Certificate and its intended use, and you agree to take these factors into consideration when deciding whether or not to rely on a Certificate.
2.6 Relying Party Obligations
As a Relying Party, you must ensure that a Certificate is valid and not revoked prior to relying on that Certificate. SSL.com makes Certificate validity information available through its Repository. The Repository is available on as “as is” and “as available” basis over publicly accessible networks. SSL.com excludes any warranty as to the availability of the Repository and reserves the right to exclude access to or close the Repository without notice at any time.
Subject to the provisions of the Relying Party Agreement and limited to the value of the Warranty. SSL.com warrants to you that SSL.com has exercised reasonable care in following the validation process set forth in the SSL.com CPS when issuing a relied-upon Certificate.
The terms of this warranty and the level of coverage for each Certificate are covered by the Warranty Agreement set forth on the SSL.com Relying Party Warranty.
Different Certificates require different levels of validation and the difference in the warranty levels reflects this.
4.1 Indemnification agreement
You agree to indemnify, defend and hold harmless SSL.com and its agents, directors, shareholders, officers, agents, employees, successors and assigns from any and all third party claims, suits, proceedings, judgments, damages, and costs (including reasonable attorney’s fees and expenses) arising from:
- Your failure to perform the obligations of a Relying Party in accordance with this Agreement
- Your reliance on a Certificate that is not reasonable under the circumstances, or
- Your failure to check the status of a Certificate to determine if the Certificate is expired or revoked.
4.2 Indemnification obligations
As a Relying Party, you agree to:
- Keep SSL.com informed of the initiation, progress or status of such litigation or settlement
- Not have any right to settle any claim without SSL.com’s consent, which shall not be unreasonably withheld, if such settlement results in anything other than a monetary payment by you; and
- Allow SSL.com to participate in the defense of a claim with counsel of its choice at its own expense.
5. Limitation of Liability
5.1 Private Key Notification
You are hereby notified of the possibility of theft or other form of compromise of a private key corresponding to a public key contained in a certificate, which may or may not be detected, and of the possibility of use of a stolen or compromised key to forge a digital signature.
5.2 Disclaimer of other Warranties
Except as specifically set forth herein, SSL.com expressly disclaims all other warranties whether express or implied and at law or in equity. SSL.com expressly disclaims the warranties of merchantability, fitness for a particular purpose, and non-infringement. This disclaimer is effective to the maximum amount allowed under any applicable law.
5.3 Waiver of Liability
You waive liability for special, indirect, incidental or consequential damages that might occur under this agreement or through the use of a certificate. This waiver includes any damages for lost profits, revenue, use, or data. This limitation shall apply even if SSL.com is aware of the possibility of such damages. SSL.com does not guarantee that the certificates, its service, or its repository information will meet your requirements or expectations or that access to its repository or certificates will be uninterrupted, timely, secure, or error-free. SSL.com’s maximum liability to you shall be limited to the warranty associated with the certificate as set forth in the SSL.com relying party warranty.
5.4 Terms of limitation
The limited warranty and limited liability set forth in this section are fundamental terms of the Agreement and are fair and reasonable having regard to the relationship between the parties.
6.1 Termination of agreement
SSL.com may terminate its obligations with respect to this Agreement at any time. Notice of the termination shall be made by posting the notice on the SSL.com website.
6.2 Results of termination
If this Agreement is terminated for any reason then you must not use or access the Repository or use, access, or rely on a Certificate or any service provided by SSL.com. Upon termination, the Warranty shall no longer be available and all of SSL.com’s obligations hereunder shall cease.
All notices, questions, and requests shall be in writing and in English. Notices shall be made by first class mail, return receipt requested, sent to:
3100 Richmond Suite 405
Houston TX 77098
or by email transmission to:
Notices to you shall be made by posting the notice on the Repository and shall be deemed to be served upon the time of posting.
7.2 Entire Agreement
This Agreement with all documents referred to herein shall constitute the entire agreement between you and SSL.com with respect to your use of the Repository, the Warranty, or an SSL.com Certificate. This Agreement shall supersede any other existing agreements between you and SSL.com, whether oral or written, with respect to the subject matter hereof. SSL.com reserves the right to amend this Agreement and the SSL.com CPS at any time without prior notice to you. All such amendments shall be made by posting the amended CPS or the amended Agreement to the Repository. Any such amendment shall be effective as of the date of posting to the Repository.
The waiver by either party of a breach or default of any of the provisions of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions, nor shall any delay or omission on the part of either party to exercise or avail itself of any right, power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.
7.4 Force Majeure and Internet Frailties
Any delays in or failure by either party in the performance of any obligation under this Agreement shall be excused to the extent that such failure or delay is caused by occurrences beyond such party’s reasonable control, including acts of God, storms, hurricane, earthquakes, riots, war (whether declared or not), sabotage, interruption or failure of telecommunication or digital transmission links, Internet slow-downs or failures, failure of power/electricity and any other cause that cannot reasonably be foreseen or controlled by such party. Each party acknowledges that the Internet consists of a series of networks that are subject to failures and errors. In no event shall either party be liable for or as a result of any such failures or errors.
Neither party shall be liable for failing to fulfill any provision of this Agreement that is rendered impossible as a result of an operation of law or because of an act of a government or political subdivision having jurisdiction over the party or over a parent of the party.
7.6 Governing Law and Venue
This Agreement shall be interpreted and construed under the laws of the United States without regard to any conflicts of law principles. Any claims or legal actions by one party against the other arising under this Agreement shall be commenced in the courts of the United States. Both parties hereby submit to the jurisdiction and venue of any such court.
You may not assign, in whole or in part, any rights, duties, or obligations under this Agreement to any person or entity. Any attempt to do so shall be void and shall be a material breach of this Agreement. SSL.com may assign this Agreement in its sole discretion.
If any provision of this Agreement is determined to be invalid or unenforceable under any applicable statute or rule of law, then the provision shall be reformed to the minimum extent necessary to cause the provision to be valid and enforceable. If reformation is not possible, then the provision shall be deemed omitted and the balance of the Agreement shall remain valid and enforceable.
All provisions of this Agreement relating to confidentiality, proprietary rights, indemnification, and limitations of liability shall survive the termination of this Agreement.
7.10 Third Party Beneficiaries
There are no third party beneficiaries under this Agreement. Subscribers are not considered Relying Parties or Covered Persons under this Agreement.