Controller of Certifying Authorities | generalprovisions

National Portal \| Home \| Site Map \| Contact Us

Root Certifying Authority of India (CPS)

General Provisions

2.2 Liability

2.2.1 CA Liability
The Government of India disclaims any liability that may arise from use of any certificate issued by the CCA, or by the CCA's decision to revoke a certificate issued by it. In no event will the CCA or the Government of India be liable for any losses, including direct or indirect, incidental, consequential, special, or punitive damages, arising out of or relating to any certificate issued by the CCA.

The CCA, however, guarantees that the contents given below relevant to the License/certificate issued by it are correct.

The contents in the issued certificate are correct.
The certificate is issued under the IT Act.
The matters about suspension and revocation of certificate are correct.

The CCA has no responsibility for any delays or damages due to force majeure such as warfare or a natural disaster or reasons beyond provisions of the IT Act, the rule and regulations.

2.3 Financial responsibility
The CCA disclaims all liability due to the use of any certificates issued by the CCA which certify public keys of CAs.

2.3.1 Indemnification by relying parties
No Stipulation.

2.4 Interpretation and Enforcement

2.4.1 Governing Law
The Certification Practice Statement, relationship between CCA and Licensed CA and any other parties will be interpreted in accordance with the IT Act, 2000 and the relevant rules and regulations.

2.4.2 Dispute Resolution procedures
The CCA is competent under the IT Act, clause 18(l), to resolve any dispute between CAs and subscribers. However, Cyber Appellate Tribunal, under the IT Act, is the competent court to mediate a dispute arising out of any order of the CCA.

The CCA can mediate between CAs and subscribers directly or through an arbitrator. For this purpose he can request any information or materials from both the parties which are in order as per their CPS, and the provisions of the IT Act. It will be the Endeavour of the CCA to facilitate the resolution of conflicts between CAs and subscribers that may arise as a result of the use of certificates.

2.5 Fees

2.5.1 Certificate Issuance or renewal fees

Certificate Issuance
CCA charges a fee of twenty five thousand rupees for issuance of a License/certificate as per notified rules, regulations and guidelines. In case more than one public key is certified then the fees will be per PKC.

Certificate Renewal
An application for renewal of a License shall be-

(a) in such form as may be prescribed by the Central Government and available on web site of CCA and shall be made not less than forty-five days before the date of expiry of the period of validity of the License. In case more than one public key is certified then the fees will be per PKC. CCA charges a fee of five thousand rupees for renewal of a license/certificate as per notified rules, regulations, and guidelines.
(b) accompanied by such fees, not exceeding five thousand rupees.

2.5.2 Certificate Access Fee
CCA makes no charge to the relying party reading and confirming certificate.

2.5.3 Revocation or status information access fees
CCA makes no charge to the relying party accessing the suspension and revocation list of certificates.

2.5.4 Fees for other services such as policy information
CCA can charge for printed documents, CD-ROMs etc., if required under the provisions of the IT Act.

2.5.5 Refund policy
Not Applicable.

2.6 Publication and Repository

2.6.1 Publication of information on services offered by CCA
The CCA publishes following information to the repository and/or on its website. The repository is referred to as NRDC

Digital self-signed CCA certificate of RCAI
Digital Certificates of all Licensed CAs and of all the public keys used by them
Digital Certificates of all subscribers
Practices being followed in issuing / renewing / revoking / suspending the digital certificates
List of invalid digital certificates (commonly known as Certificate Revocation Lists [CRLs])

2.6.2 Frequency of publication

2.6.2.1 Issued Certificates
The RCAI shall publish all certificates in the NRDC within one working day of the completion of the issuance of the certificate.

2.6.2.2 Revoked Certificates
The RCAI shall add revoked certificates originally certified by CCA to the relevant CRL on a daily/weekly basis on the completion of the revocation process.

2.6.3 Access controls
All users will be able to read the information published in the NRDC. Access controls declining write, modify or any other capability other than read shall be defined and managed by the RCAI.

2.6.4 Repositories
The CCA shall maintain NRDC containing " Digital signature certificates of Licensed CAs

ARL's of licensed CAs.
Digital signature certificates of end entities of Licensed CAs
CRLs of end entities of licensed CAs.

2.7 Compliance audit

Audit logs of all transactions are maintained to provide an audit trail of all actions, transaction and processes. Audit logs are monitored by the CCA as per procedures detailed in the Operations Manual.

2.7.1 Frequency of entity compliance audit
The CCA shall conduct,

half yearly audit of the Security Policy, physical security and planning of its operation;
a quarterly audit of its repository.

2.7.2 Topics covered by audit
The CCA shall get its operations audited annually by an auditor and such audit shall include inter - alia,

security policy and planning;
physical security;
technology evaluation;
Certifying Authority's services administration;
relevant Certification Practice Statement;
compliance to relevant Certification Practice Statement;
contracts/agreements;
regulations prescribed by the CCA;
Policy requirements of Certifying Authorities Rules, 2000.

2.7.3 Actions taken as a result of deficiency
The CCA shall immediately take appropriate action on the deficiencies pointed out by the audit so as to secure the operations of RCAI and NRDC.