DigiCert, Inc. Product Purchase and Subscriber Agreement

Please read this document carefully before proceeding. You must not apply for, accept, or
use a DigiCert-issued Digital Certificate or any Service provided by DigiCert before
reading and accepting the terms of this Subscriber Agreement and reading and
understanding the DigiCert Certificate Policy and Certification Practice Statement
(CP/CPS) located at http://www.digicert.com/ssl-cps-repository.htm. In any event you
will be deemed to have accepted the terms of this Agreement and the CP/CPS if you in
any way use a DigiCert-issued Digital Certificate.

BEFORE APPLYING FOR, ACCEPTING, OR USING A DIGICERT CERTIFICATE
YOU MUST READ AND ACCEPT THE TERMS OF THIS "SUBSCRIBER
AGREEMENT". IF YOU DO NOT AGREE TO THE TERMS OF THIS SUBSCRIBER
AGREEMENT, DO NOT APPLY FOR, ACCEPT, OR USE A DIGICERT DIGITAL
CERTIFICATE.

1 Application of Terms

1.1 The terms and conditions set out in this Agreement govern the relationship between
you (the "Subscriber") and DigiCert, Inc. ("DigiCert") with regard to your use of the
Certificate.
1.2 By being the Subscriber of a Certificate, you consent to the terms and conditions in
this Agreement and are deemed to have read and understood the CP/CPS.
2 Definitions

2.1 In this Agreement the following terms and expressions shall have the following
meanings:
2.1.1 "Business Day" means Monday to Friday inclusive, excluding any days on which
the banks in the State of Utah are closed for business;
2.1.3 "CP/CPS" means the combined Certificate Policy and Certification Practice
Statement released by DigiCert as amended from time to time (currently version 3.0x);
2.1.4 "CRL" means DigiCert's certificate revocation list;
2.1.5 "Digital Certificate" means an encrypted electronic data file (conforming to the
X509 version 3 ITU-T standard) issued by DigiCert in order to identify a person or entity
or to provide SSL encryption using a Digital Signature and which contains the identity of
the person or entity authorized to use the Digital Signature and a copy of their Public
Key, a serial number, a time period during which the Digital Certificate may be used and
a Digital Signature created by DigiCert.
2.1.7 "Digital Signature" means an encrypted electronic data file which is attached to or
logically associated with other electronic data and which identifies and is uniquely linked
to the signatory of the electronic data, is created using means that the signatory can

maintain under its sole control, and is linked in a way so as to make any subsequent
changes that have been made to the electronic data detectable;

2.1.8 "Force Majeure Event" means any circumstances beyond the reasonable control of
DigiCert including without prejudice to the generality of the foregoing any natural
disaster, act or regulation of any governmental or supra-national authority, lack or
shortage of materials supplied by a third party (other than where such circumstances arise
due to lack of reasonable planning), war or natural emergency, accident, epidemic, fire or
riot;
2.1.10 "Private Key" means a confidential encrypted electronic data file designed to
interface with a Public Key using the same encryption algorithm and which may be used
to create Digital Signatures, encrypt and decrypt files or messages and provide proof of
identities to access secure websites;
2.1.11 "Public Key" means a publicly available encrypted electronic data file designed to
interface with a Private Key using the same encryption algorithm and which may be used
to verify Digital Signatures, encrypt and decrypt files or messages and verify identities to
access secure websites;
2.1.12 "Subscriber" means a person who is issued a Digital Certificate signed by DigiCert
and who has entered into this Subscriber Agreement;
2.1.13 "Subordinate Certification Authority" means DigiCert or any third party appointed
by DigiCert to act as a certification authority;
2.2 In this Agreement unless otherwise specified:
2.2.1 references to clauses and schedules are to clauses of, and schedules to, this
Agreement;
2.2.2 use of any gender includes the other genders;
2.2.3 references to a "person" shall be construed so as to include any individual, firm,
company or other body corporate, government, state or agency of a state, local or
municipal authority or government body or any joint venture, association, partnership or
limited partnership (whether or not having separate legal personality);
2.2.4 a reference to any statute or statutory provision or regulations shall be construed as
a reference to the same as it may have been, or may from time to time be, amended,
modified or re-enacted;
2.2.5 any reference to a "day" (including within the phrase "Business Day") shall mean a
period of 24 hours from midnight to midnight;

2.2.6 subject to clause 16, references to "indemnifying" any person against any
circumstance include indemnifying and keeping him harmless from all actions, claims
and proceedings from time to time made against him and all loss, damage, payments, cost
or expenses suffered made or incurred by him as a consequence of that circumstance;
2.2.7 a reference to any other document referred to in this Agreement is a reference to
that other document as amended, varied, novated or supplemented (other than in breach
of the provisions of this Agreement) at any time;
2.2.8 headings and titles are for convenience only and do not affect the interpretation of
this Agreement;
2.2.9 general words introduced by the word "other" shall not be given a restrictive
meaning by reason of the fact that they are preceded by words indicating a particular
class of acts, matters or things; and
2.2.10 references to "$" are to US Dollars and reference to any amount in such currency
shall be deemed to include reference to an equivalent amount in any other currency.
3 Subscriber Obligations

3.1 Subscriber agrees to do the following:
• To minimize internal risk of private key compromise by ensuring that it and its
agents have adequate knowledge and training on Public Key Infrastructures (PKI) and
Digital Certificates.
• To generate a secure private / public key pair to be used in association with the
certificate request submitted to DigiCert.
• Ensure that the public key submitted to DigiCert is the correct one and
corresponds with the private key used.
• Provide correct and accurate information in communications with DigiCert and
alert DigiCert if any information originally submitted has changed since it was submitted
to DigiCert.
• Read, understand and agree with all terms and conditions in the CP/CPS and
associated policies published in the DigiCert Repository at http://www.digicert.com/ssl-
cps-repository.htm.
• Use DigiCert certificates for legal and authorized purposes in accordance with the
CP/CPS.
• Cease using the certificate if any information in it becomes misleading, obsolete
or invalid.
• Cease using the certificate if it is expired and remove it from any applications
and/or devices it has been installed on.
• Make reasonable efforts to prevent the compromise, loss, disclosure,
modification, or otherwise unauthorized use of the private key corresponding to the
public key published in a DigiCert certificate.
• Request the revocation of a certificate in case of any occurrence that might
materially affect the integrity of the certificate.

• Be responsible for the acts and omissions of partners and agents it uses to
generate, retain, escrow, or destroy its private keys
3.2 Subscriber is hereby prohibited from:
• Using the certificate or corresponding key pair for or on behalf of any other
organization;
• Performing private or public key operations in connection with any Domain or
Intranet Domain and/or organization name other than the domain submitted by
Subscriber on the Certificate Application; and
• Using the Certificate for use as control equipment in hazardous circumstances or
for uses requiring fail-safe performance such as the operation of nuclear facilities, aircraft
navigation or communication systems, air traffic control systems, or weapons control
systems, where failure could lead directly to death, personal injury, or severe
environmental damage.
3.3 Without limiting other Subscriber obligations stated herein and in the CP/CPS,
Subscriber is solely liable for any misrepresentations it makes in certificates to third
parties who reasonably rely on the representations contained therein. Upon accepting a
certificate, Subscriber represents to DigiCert and to Relying Parties that at the time of
acceptance and until further notice:
• Transactions effectuated using the private key corresponding to the public key
included in the certificate are the acts of Subscriber and that the certificate has been
accepted and is properly operational at that time and until further notice to DigiCert.
• Subscriber retains control of Subscriber’s private key, uses a trustworthy system,
and takes reasonable precautions to prevent its loss, disclosure, modification, or
unauthorized use and that no unauthorized person has ever had access to the Subscriber’s
private key.
• All representations made by the Subscriber to DigiCert regarding the information
contained in the certificate are accurate and true to the best of the Subscriber’s knowledge
or to the extent that the Subscriber receives notice of such information, the Subscriber
shall act promptly to notify DigiCert of any material inaccuracies contained in the
certificate.
• The certificate is used exclusively for authorized and legal purposes, consistent
with this Agreement and the CP/CPS, and that the Subscriber will use the certificate only
in conjunction with the entity named in the organization field of the certificate
• The Subscriber agrees with the terms and conditions of the CP/CPS and other
agreements and policy statements of DigiCert.
• The Subscriber abides by the laws applicable in his/her country or territory
including those related to intellectual property protection, fair trade practices and
computer fraud and abuse,
• The Subscriber complies with all export laws and regulations for dual usage
goods as may be applicable.

4 DigiCert Obligations

DigiCert agrees to:

• Comply with its CP/CPS and its internal or published policies and procedures.
• Comply with applicable laws and regulations.
• Provide infrastructure and certification services, including but not limited to the
establishment and operation of the DigiCert Repository and web site for the operation of
PKI services.
• Provide trust mechanisms, including a key generation mechanisms, key
protection, and secret sharing procedures regarding its own infrastructure.
• Provide prompt notice in case of compromise of its private key(s).
• Provide and validate application procedures for the various types of certificates
that it may make publicly available.
• Issue digital certificates in accordance with its CP/CPS and fulfill its obligations
presented therein.
• Provide support to Subscribers and Relying Parties as described in its CP/CPS.
• Revoke certificates according to its CP/CPS.
• Provide for the expiration and renewal of certificates according to its CP/CPS.
• Make available a copy of its CP/CPS and applicable policies to requesting parties.
• Warrant the accuracy of information published on a Qualified Certificate issued
pursuant to the requirements of the European Directive 99/93.
• Warrant that the signatory held the private key at the time of issuance of a
certificate issued pursuant to the requirements for Qualified Certificates as in the
European Directive 99/93.
5 Amendments to the CPS

DigiCert reserves the right to amend any section of the CP/CPS at any time without prior
notice to the Subscriber, including without limitation, the section of the CP/CPS that sets
all the validation procedures for Digital Certificates.

6 Exclusion of Warranties

Save as expressly provided under this Agreement all other warranties either expressed or
implied are hereby excluded to the fullest extent permissible by law.

7 Termination

This Agreement shall commence on the date hereof and shall continue in force until the
Certificate expires or is revoked.

8 Consequences of Termination

If this Agreement is terminated by DigiCert in accordance with clause 20 below,
Subscriber shall not, from the date of such termination use, access or rely on the Digital
Certificate that was issued or any Service provided by DigiCert that are related to that
Certificate, and DigiCert's obligations under this Agreement shall cease.


9 Limitation of Liability

9.1 Nothing in this Agreement shall exclude or limit either party's liability:
9.1.1 for death or personal injury resulting from the negligence of such party or its
directors, officers, employees, contractors or agents (if any); or
9.1.2 in respect of fraud or of any statements made fraudulently by such party.
9.2 Subject to clause 9.1, DigiCert shall not be liable to Subscriber whether in contract
(including under any indemnity or warranty), in tort (including negligence), under statute
or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or
corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is
direct, indirect or consequential and if DigiCert shall be liable to the Subscriber in
contract (including under any indemnity or warranty), in tort (including negligence),
under statute or otherwise, DigiCert's maximum liability to the Subscriber for SSL
Certificates shall be limited to the amount paid by the Subscriber to DigiCert.
9.3 The parties acknowledge and agree that the limited warranty and limited liability set
forth in this clause 9 are fundamental terms of this Agreement and are fair and reasonable
having regard to the relationship between the parties and the benefits received by the
Subscriber and obligations imposed on DigiCert under this Agreement.
10 Force Majeure

DigiCert shall not be liable for any breach of its obligations under this Agreement
resulting from a Force Majeure Event.

11 Waiver

The waiver by either party of a breach or default of any of the provisions of this
Agreement by the other party shall not be construed as a waiver of any succeeding breach
of the same or other provisions nor shall any delay or omission on the part of either party
to exercise or avail itself of any right, power, or privilege that it has or may have
hereunder operate as a waiver of any breach or default by the other party.

12 Notices

12.1 Notices to DigiCert
Any notice, request, instruction or other document to be given to DigiCert under this
Agreement shall be delivered or sent by first class mail or by facsimile transmission (such
facsimile transmission notice to be confirmed by letter posted within 12 hours) to the
address or to the facsimile number of DigiCert set out in this Agreement (or such other
address or numbers as may have been notified to the Subscriber in writing) and any such
notice or other document shall be deemed to have been served (if delivered) at the time of
delivery (if sent by mail) upon the expiration of 48 hours after posting or (if sent by
facsimile transmission) upon the expiration of 12 hours after dispatch. The address for
DigiCert, Inc. is 333 South 520 West, Lindon, Utah 84042, Tel: 801-805-1620, Fax: 801-
705-0481 to be marked for the attention of the DigiCert Legal Department.

12.2 Notices to Subscriber
Any notice, request, instruction or other document to be given to the Subscriber under
this Agreement shall be given via e-mail to the e-mail address provided by Subscriber or
may be posted on DigiCert's website, situated at www.DigiCert.com in the section
"Legal" and shall be deemed to have been served at the time of entry of the notice on
DigiCert's website.
13 Invalidity and Severability

If any provision of this Agreement (not being of a fundamental nature to its operation)
shall be found by any court or administrative body of competent jurisdiction to be invalid
or unenforceable, the invalidity or unenforceability of such provision shall not affect the
other provisions of this agreement, and all provisions not affected by such invalidity or
unenforceability shall remain in full force and effect. The parties hereby agree to attempt
to substitute for any invalid or unenforceable provision a valid or enforceable provision
which achieves to the greatest extent possible the economic, legal and commercial
objectives of the invalid or unenforceable provision.

14 Entire Agreement

This Agreement and all documents referred to herein contain the entire and exclusive
agreement and understanding between the parties on the subject matter contained herein
and supersede all prior agreements, understandings and arrangements relating thereto.

15 Assignment

Neither party may assign or transfer or purport to assign or transfer a right or obligation
under this Agreement without first obtaining the other party's written consent.
Notwithstanding the foregoing, either party may assign this Agreement in whole as part
of a corporate reorganization, consolidation, merger or sale of substantially all of its
assets.

16 Variation

16.1 Any variations to this Agreement required by law shall take effect immediately.
16.2 Subject to Clause 16.1, DigiCert may vary any term of this Agreement at any time
on the provision of 20 Business Days written notice to the Subscriber of the variation.
17 Governing Law and Jurisdiction

This Agreement and all matters arising from or connected with it, are governed by and
shall be construed in accordance with the laws of the State of Utah, and the parties hereby
submit to the non-exclusive jurisdiction of the Utah courts.

18 Export

You acknowledge and agree that you shall not import, export, or re-export directly or
indirectly, any commodity, including your Certificate, to any country in violation of the
laws and regulations of any applicable jurisdiction. This restriction expressly includes,
but is not limited to, the export regulations of the United States of America (the "United
States"). Specifically, you shall not download or otherwise export or re-export the
Certificate to (i) a national or resident of Cuba, Iran, Sudan, North Korea, Syria, or any


other country where such use is prohibited under United States export regulations, or (ii)
to anyone on the United States Treasury Department's list of Specially Designated
Nationals or the United States Commerce Department's Table of Denial Orders. You
agree to the foregoing and represent and warrant that you are not located in, under the
control of, or a national or resident of any such country or on any such list. DIGICERT
MAY BE REQUIRED BY LAW TO REPORT TO THE UNITED STATES
GOVERNMENT YOUR COMPANY NAME AND ADDRESS IF YOU ARE A NON-
UNITED STATES OR CANADA ENTITY OR INDIVIDUAL PURCHASING THE
CERTIFICATE.

19 General Compliance with Laws

You shall comply with all applicable laws, statutes, ordinances and regulations regarding
your use of the certificate. DigiCert may immediately revoke your certificate if you
engage in any activity contrary to any applicable statutes, ordinances and regulations
governing your Internet activity.

20 Breach

We may immediately issue a warning or revoke your certificate and terminate this
Agreement if any of your actions breach this agreement or if we are unable to verify any
information you provide to us.

21 Obligations Upon Revocation or Expiration

In the event that your certificate is revoked for any reason, you agreed to cease any
further use of the Certificate.

22 Expiration

Your Certificate will automatically expire one, two or three year(s) from the date of its
issuance (depending on which option you choose). Upon the expiration of your
Certificate, you agree to no longer use the Certificate for any purpose.

23 Refusal

DigiCert has the right to refuse any application for any reason. This includes any
application which DigiCert determines might damage its reputation and/or integrity of its
products and services.

24 Indemnity

You agree to release, indemnify, defend and hold harmless DigiCert and any of its
contractors, agents, employees, officers, directors, shareholders, affiliates and assigns
from all liabilities, claims, damages, costs and expenses, including reasonable attorney's
fees and expenses, of third parties relating to or arising out of (a) the breach of your
warranties, representations and obligations under this Subscriber Agreement, (b)
falsehoods or misrepresentations of fact by you on the Certificate Application, (c) any
intellectual property or other proprietary right of any person or entity, (d) failure to
disclose a material fact on the Certificate Application if the misrepresentation or omission
was made negligently or with intent to deceive any party, or (e) failure to protect the
private key, or use a trustworthy system, or to take the precautions necessary to prevent


the compromise, loss, disclosure, modification or unauthorized use of the private key
under the terms of this Subscriber Agreement. When DigiCert is threatened with suit or
sued by a third party, DigiCert may seek written assurances from you concerning your
promise to indemnify DigiCert, your failure to provide those assurances may be
considered by DigiCert to be a material breach of this Subscriber Agreement. DigiCert
shall have the right to participate in any defense by you of a third-party claim related to
your use of any DigiCert services, with counsel of our choice at your own expense. You
shall have sole responsibility to defend DigiCert against any claim, but you must receive
DigiCert's prior written consent regarding any related settlement. The terms of this
paragraph will survive any termination or cancellation of this Subscriber Agreement.

This Subscriber Agreement was last updated on 21 March 2007.