Certifying Authority

What is the role of RA (Registration Authority) in the DSC issuance process?

RA interacts with the DSC applicants for collection of documents and help them for submission of DSC application and in some cases for obtaining and using hardware Crypto device. CAs are responsible for verification and issuance of DSC to applicant. In the case of Aadhaar eKYC based identity verification CA may use RA service for facilitating the same. The responsibilities of an organisational RA are different from these of an RA which deals with individuals claiming no organisational affiliation.

What happens if a CA goes out of business? What happens to earlier transactions? Does this not create a legal and financial problem?

Prior to cessation of operations the CA has to follow procedures as laid down under the IT Act. The CA needs to revoke all the valid certificates prior to its closure. The subscriber has to get a new Digital Signature Certificate from other Licensed CA. Signature carried out by subscriber prior to the revocation of his certificate will remain valid. The signatures are validated with respect to validity of certificate at the time of affixing of signature.

Can CA have sub-CA? Can there be a concept of root CA, CA and sub CA?

CAs are allowed to create a Sub-CA under the CA certified by Controller. However these Sub-CAs are only technical arrangements within the same CA infrastructure for management purpose. Sub-CAs are not independent legal entities.

In what format the public key should be given by the DSC applicant to a CA for certification?

In PKCS #10 format

Whether it is mandatory for CAs to keep the DSC application form for 7 years after expiry of DSC?