RapidSSL(tm) Subscriber Agreement

Please read the following agreement carefully. By submitting an enrollment form to obtain a RapidSSL Digital Certificate (the “Certificate”) and accepting and using such Certificate, you indicate the acceptance of the following terms and conditions and you agree to be bound by them.

This RapidSSL Subscriber Agreement (this "Agreement") is made by and between GeoTrust, Inc. ("GeoTrust") and you, a Certificate applicant and governs your application for, issuance and use of a Certificate. By accepting this Agreement, you represent that you have express authority to apply for and accept the Agreement on behalf of either (i) the organization named on the enrollment form (“Subscriber”), or (ii) an internet service provider, hosting company, or GeoTrust reseller ("Partner") who has express authority from the Subscriber to apply for and accept the Agreement on such Subscriber’s behalf. To the extent that Partner performs any obligations on behalf of the Subscriber, the term “Subscriber” shall also apply to Partner. Both the Subscriber and the Partner agree to be bound by the terms of this Agreement.

Subscriber hereby represents that it s/he fully authorized to apply for a Certificate for secure and authenticated electronic transactions. The Subscriber understands that a Digital Certificate serves to identify the Subscriber for the purposes of electronic commerce, and that the management of the Private Key associated with such Digital Certificate is the responsibility of the Subscriber and/or its contractors.

NOW, THEREFORE, in consideration of the above premises and the mutual covenants set forth herein, and for other good and valuable mutual consideration, the receipt and sufficiency of which are hereby mutually acknowledged, GeoTrust and Subscriber agree as follows:

1. Definitions.

"Digital Certificate" means a record that, at a minimum (a) identifies the Certification Authority issuing it, (b) names or otherwise identifies its Subscriber, (c) contains a Public Key that corresponds to a Private Key under the control of the Subscriber, (d) identifies its operational period, and (e) contains a Certificate serial number and is Digitally Signed by the issuing Certification Authority.

"Certification Authority" means an entity which issues Digital Certificates and performs certain functions associated with issuing such Digital Certificates.

"Digital Signature" means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's Public Key can accurately determine whether the transformation was created using the Private Key that corresponds to the signer's Public Key and whether the message has been altered since the transformation was made.

"Digitally Signed" means the application of a Digital Signature to electronic data.

"Key Pair" means two mathematically related keys, having the following properties: (a) one key can be used to encrypt a message that can only be decrypted using the other key, and (b) even knowing one key, it is computationally infeasible to discover the other key.

"Public Key" means the key of a Key Pair used to verify a Digital Signature. The Public Key is made freely available to anyone who will receive Digitally Signed messages from the holder of the Key Pair. The Public Key is usually provided via a Digital Certificate issued by a Certification Authority. A Public Key is used to verify the Digital Signature of a message purportedly sent by the holder of the corresponding Private Key.

"Private Key" means the key of a Key Pair used to create a Digital Signature. This key must be kept private.

"Subscriber" means a person or entity who (a) is the subject named or identified in a Digital Certificate issued to such person or entity, (b) holds a Private Key that corresponds to a Public Key listed in that Digital Certificate, and (c) the person or entity to whom Digitally Signed messages verified by reference to such Digital Certificate are to be attributed.

"Trustworthy System" means computer hardware, software, and procedures that (a) are reasonably secure from intrusion and misuse, (b) provide a reasonable level of availability, reliability, and correct operation, (c) are reasonably suited to performing their intended functions, and (d) adhere to generally accepted security procedures.

2. Subscriber Obligations. In addition to complying with the terms of the RapidSSL Certificate Practice Statement (“CPS”) located at http://www.rapidssl.com/resources and that are incorporated by reference into this Agreement, Subscriber shall comply with each of the following obligations: (a) provide information on the enrollment form that is correct and accurate, (b) generate a Key Pair using a Trustworthy System, (c) use the Certificate only for legal purposes and not for any potentially fraudulent or misleading purpose, (d) use the Certificate only for such uses as are permitted in the CPS, (e) protect the confidentiality of the Private Key from unauthorized use, access or disclosure, (f) use the Certificate only in conjunction with properly licensed cryptographic software, (g) promptly request that GeoTrust revoke the Certificate upon any change to the information on the Certificate or the enrollment form, including, but not limited to the change of the organization name or domain name registration of Subscriber, (h) promptly request that GeoTrust revoke the Certificate upon any actual or suspected loss, disclosure, or other compromise of the Private Key, and (i) shall not install the Certificate on more than the number of servers selected in the enrollment form. Any failure of Subscriber to comply with each of the obligations under this Section 2 shall be a material breach of the Agreement.

3. GeoTrust Services. Under this Agreement, GeoTrust is a Certification Authority. GeoTrust shall only issue a Certificate upon authenticating and validating the enrollment information provided by Subscriber according to the CPS as may be amended from time to time by GeoTrust. GeoTrust, in its sole discretion, may refuse to issue a Certificate to any Subscriber. GeoTrust shall, consistent with this Agreement and the CPS, and to the extent necessary or applicable (a) receive and process the enrollment form, (b) if the enrollment form is approved, issue a Certificate, (c) process requests for Certificate revocation upon the receipt of an authenticated request from Subscriber as stated in the CPS, and (d) perform its other duties under the CPS. GeoTrust shall have the right to revoke a Certificate as stated in the CPS, including but not limited to, upon Subscriber's breach of this Agreement or the CPS. Upon request, GeoTrust shall use reasonable efforts to provide to all requesting parties, including entities or persons using or relying on a Certificate, information concerning the status of such Certificate.

4. Fees. Subscriber shall pay to GeoTrust or Partner (as applicable) the fees associated with the issuance of the Certificate upon the application therefor.

5. Subscriber Information. Except as provided herein, information regarding Subscriber that is submitted on the enrollment form will be kept confidential by GeoTrust and GeoTrust shall not release such information without the prior consent of the Subscriber. Notwithstanding the foregoing, GeoTrust may make such information available to (a) courts, law enforcement agencies or other third parties (including release in response to civil discovery) upon receipt of a court order or subpoena or upon the advice of GeoTrust's legal counsel, (b) law enforcement officials and others for the purpose of investigating suspected fraud, misrepresentation, unauthorized access, or potential illegal activity by the Subscriber as determined in the reasonable judgment of GeoTrust, or (c) to Subscriber or others upon request submitted by the Subscriber in a form satisfactory to GeoTrust. In addition, the foregoing confidentiality obligation shall not apply to information appearing on Certificates, information relating to Certificate revocation, or to information regarding Subscribers that is already in the possession of or separately acquired by GeoTrust. Notwithstanding the above, Subscriber hereby acknowledges and agrees that GeoTrust (x) may publish or otherwise disclose the serial number and other information contained on the Certificate in connection with GeoTrust's dissemination of Certificate status information, and (y) may collect information regarding the use of Certificates and disclose such information in its aggregated form.

6. Term and Termination.

6.1 Term. The term of this Agreement shall begin on the date the enrollment form is submitted to GeoTrust and shall terminate immediately upon the earlier of (a) the end of the Certificate’s stated validity period, (b) the revocation of the Certificate, (c) the rejection of the enrollment form, (d) ten (10) days after receipt of notice by Subscriber from GeoTrust regarding a breach by Subscriber of its obligations under this Agreement which remains uncured for such period of time.

6.2 Termination and Effect on Use of Certificate. Upon the revocation or cancellation of the Certificate or termination of this Agreement, Subscriber shall have no right in and shall not use the Certificate in any manner. Notwithstanding the foregoing, any use of the Certificate prior to the revocation of the Certificate or termination of this Agreement shall not be affected thereby.

7. Disclaimer of Warranties. GEOTRUST AND PARTNER EXPRESSLY DISCLAIM AND MAKE NO REPRESENTATION, WARRANTY OR COVENANT OF ANY KIND, WHETHER EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, WITH RESPECT TO THE SERVICES PROVIDED OR THE CERTIFICATE ISSUED HEREUNDER, INCLUDING WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE OR USE OF THE SERVICES OR CERTIFICATE, AND ALL WARRANTIES, REPRESENTATIONS, CONDITIONS, UNDERTAKINGS, TERMS AND OBLIGATIONS IMPLIED BY STATUTE OR COMMON LAW, TRADE USAGE, COURSE OF DEALING OR OTHERWISE ARE HEREBY EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW. GEOTRUST AND PARTNER FURTHER DISCLAIM AND MAKE NO REPRESENTATION, WARRANTY OR COVENANT OF ANY KIND, WHETHER EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, TO SUBSCRIBER OR ANY THIRD PARTY THAT (A) ANY SUBSCRIBER TO WHICH IT HAS ISSUED A CERTIFICATE IS IN THE FACT THE PERSON, ENTITY OR ORGANIZATION IT CLAIMS TO BE IN THE INFORMATION SUPPLIED TO GEOTRUST OR PARTNER, (B) A SUBSCRIBER IS IN FACT THE PERSON, ENTITY OR ORGANIZATION LISTED IN A CERTIFICATE, OR (C) THAT THE INFORMATION CONTAINED IN THE CERTIFICATES OR IN ANY CERTIFICATE STATUS MECHANISM COMPILED, PUBLISHED OR OTHERWISE DISSEMINATED BY GEOTRUST, OR THE RESULTS OF ANY CRYPTOGRAPHIC METHOD IMPLEMENTED IN CONNECTION WITH THE CERTIFICATES IS ACCURATE, AUTHENTIC, COMPLETE OR RELIABLE.

8. Limitation of Liability. IN NO EVENT SHALL THE CUMULATIVE LIABILITY OF GEOTRUST OR PARTNER TO SUBSCRIBER OR ANY THIRD PARTY FOR ALL CLAIMS RELATED TO THE USE OF OR RELIANCE ON A CERTIFICATE OR FOR THE SERVICES PROVIDED HEREUNDER INCLUDING WITHOUT LIMITATION ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT OR STRICT LIABILITY EXCEED THE AMOUNTS PAID BY SUBSCRIBER TO GEOTRUST OR PARTNER UNDER THIS AGREEMENT.

9. Limitation of Damages. UNDER NO CIRCUMSTANCES SHALL GEOTRUST OR PARTNER BE LIABLE TO SUBSCRIBER OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, MULTIPLE, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, THE ABOVE EXCLUSIONS OF INCIDENTAL AND CONSEQUENTIAL DAMAGES MAY NOT APPLY TO SUBSCRIBER BUT SHALL BE GIVEN EFFECT TO THE FULL EXTENT PERMITTED BY LAW.

10. Indemnification. Subscriber hereby agrees to indemnify and hold GeoTrust and Partner and their officers, directors, employees, agents, successors and assigns harmless from and against any and all claims, losses, damages, judgments, costs and expenses (including attorneys' fees) arising out of or related to Subscriber's breach of this Agreement, including without limitation, as a result of reliance in any misrepresentation of a material fact by Subscriber.

11. Governing Law. The enforceability, construction, interpretation, and validity of this Agreement and any resolution of any dispute concerning this Agreement shall be governed by the substantive laws of the Commonwealth of Massachusetts, United States of America, excluding (i) its conflicts of law provisions, and (ii) the United Nations Convention on Contracts for the International Sale of Goods. Venue shall be in the Commonwealth of Massachusetts.

12. Notices. Any notices between the parties shall be in physical or electronic writing. The parties shall send all notices by e-mail or first class mail, postage prepaid. Notices shall be effective upon receipt. GeoTrust shall send notices to Subscriber at the e-mail and/or physical address provided in the enrollment form. Subscriber shall send notices in writing to the following address: GeoTrust, RapidSSL Notices, 117 Kendrick Street, Suite 350, Needham, MA 02494 USA. 13. Force Majuere. In no event shall GeoTrust or Partner be liable for any default or delay in the performance of its obligations hereunder to the extent and while such default or delay is caused, directly or indirectly, by electronic or communications failures fire, flood, earthquake, elements of nature or acts of God, acts of war, terrorism, riots, civil disorders, rebellions or revolutions in the United States, strikes, lockouts, or labor difficulties or any other similar cause beyond the reasonable control of GeoTrust.

14. Entire Agreement. This Agreement and the CPS constitute the entire agreement between the parties respecting its subject matter superseding any prior and contemporaneous agreements and understandings.

Return to previous page