Comodo Certificate Subscriber Agreement

The Comodo CSA is applicable on all Comodo certificates.

This agreement is between you ("Subscriber") and Comodo CA Limited ("Comodo"), a United Kingdom company. The agreement governs your application for and use of an SSL Certificate issued from Comodo. You and Comodo agree as follows:

1. Subscription Service

1.1. Request. Subscriber shall submit a certificate request in a form specified by Comodo for each ordered certificate ("Certificate Request"). Forms for Certificate Request are available on the Comodo website and may be completed electronically. This agreement applies to multiple future Certificate request and any resulting Certificates, regardless of when the Certificate is requested or issued.

1.2. Issuance. If Comodo accepts the Certificate Request, Comodo shall attempt to validate the information provided in the request form in accordance with the Comodo CPS and, for EV Certificates, the EV Guidelines. If Comodo chooses to accept the Certificate Request and can validate Subscriber to Comodo's satisfaction, Comodo shall issue the ordered Certificate(s) to Subscriber. Comodo may reject any Certificate Request and refuse to issue any ordered Certificate in its sole discretion.

1.3. License. After issuance, Comodo grants Subscriber a revocable, non-exclusive, non-transferable license to use the issued Certificates on the server hosting the domain name(s) listed in the Certificate. Comodo also grants Subscriber a non-exclusive, non-transferable, and revocable license to use Comodo's EV AUTO-Enhancer and EV Enhancer technology with EV Certificates issued from Comodo. All rights not expressly granted herein to Subscriber are reserved to Comodo.

1.4. TrustLogos. Comodo grants Subscriber a license to display purchased TrustLogos on domain(s) secured by a Comodo Certificate. When revoking a Certificate, Comodo may also revoke any TrustLogos issued to the same site. Subscriber shall not modify a TrustLogo in any manner. Subscriber shall not display or use a TrustLogo 1) to represent that Comodo guarantees any non-Comodo products or services, 2) on a site that is misleading, defamatory, libelous, disparaging, obscene or otherwise objectionable to Comodo, or 3) in a way that harms Comodo's rights to its trademarks or harms Comodo's business reputation.

1.5. Fee. Subscriber shall pay all fees applicable to the ordered Certificate prior to Comodo validating and issuing the Certificate. Fees for ordered Certificates are presented to Subscriber during the application process. All fees are non-refundable, except that the Certificate's seller will refund a payment if, before 20 business days after the Certificate's issuance, the Subscriber has 1) not used the Certificate and 2) made a written request to Comodo for the Certificate's revocation.

1.6. Subscriber Obligations. Subscriber shall:

(i) use the Certificates only for the purposes listed in the Comodo CPS;

(ii) only install an issued Certificate on the servers accessible at the domain name(s) listed in the Certificate and only use an issued Certificate for authorized business of the Subscriber;

(iii) be responsible for any computer hardware, telecommunications hardware, and software necessary to use the Certificate;

(iv) obtain and maintain any authorization or license necessary to use the Certificate;

(v) bind each Relying Party to Comodo's Relying Party Agreement;

(vi) keep Confidential Information confidential and uncompromised, and immediately inform Comodo and request revocation of any affected Certificates if Subscriber reasonably believes that Confidential Information has been disclosed or compromised;

(vii) ensure that all information provided to Comodo is complete and accurate and does not include any information that would be unlawful, contrary to public interest, or otherwise likely to damage the business or reputation of Comodo if used in any way;

(viii) immediately cease using a Certificate and associated Private Key if any of the following occur 1) the Private Key is compromised, 2) the agreement is terminated, or 3) the Certificate expires or is revoked,

(ix) immediately notify Comodo of 1) any a breach of this agreement or 2) any information provided to Comodo changes, ceases to be accurate, or becomes inconsistent with the warranties made by Subscriber herein, and

(x) comply with all applicable local and international laws when receiving or using a Certificate, including all export laws. Subscriber shall not export or re-export, either directly or indirectly, any Certificate to a country or entity under United Kingdom or United States restrictions. SUBSCRIBER ASSUMES ALL LIABILITY FOR ITS VIOLATION OF EXPORT LAWS.

1.7. Restrictions. Subscriber shall not:

(i) impersonate or misrepresent Subscriber's affiliation with any entity,

(ii) modify, license, create a derivative work of, or transfer any Certificate (except as required to use the Certificate) or Private Key;

(iii) install or use an issued Certificate until after Subscriber has reviewed and verified the Certificate data's accuracy;

(iv) upload or distribute any files or software that may damage the operation of another's computer,

(v) use the Services with any on-line control equipment in hazardous environments requiring fail-safe performance where the failure of the Services could lead directly to death, personal injury or severe physical or environmental damage.

(vi) use the Services to 1) engage in conduct that is offensive, abusive, contrary to public morality, indecent, defamatory, obscene, or menacing, 2)breach the confidence of a third party, 3) infringe on the intellectual property rights of a third party, 4) cause Comodo or a third party distress, annoyance, denial of any service, disruption or inconvenience, 5) send or receive unsolicited bulk correspondence or 6) create a Private Key that is substantially similar to a Comodo or third party's Private Key,

(vii) make representations regarding the Service to any third party except as agreed to in writing by Comodo.

2. Warranties and Representations Subscriber warrants that:

(i) for EV Certificates, the subject named in the Certificate has exclusive control of the domain name(s) listed in the Certificate;

(ii) it has full power and authority to enter into this agreement and perform its obligations hereunder;

(iii) for EV Certificates, the individual accepting the agreement is expressly authorized by Subscriber to sign the agreement for Subscriber.

3. Revocation. Comodo may revokea Certificate if Comodo believes that :

(i) Subscriber requested revocation of the Certificate or did not authorize the Certificate's issuance;

(ii) Subscriber breached this agreement;

(iii) Confidential Information related to the Certificate has been disclosed or compromised;

(iv) the Certificate has been 1) misused, 2) used contrary to law, rule, or regulation or 3) used, directly or indirectly, for illegal or fraudulent purposes;

(v) information in the Certificate is inaccurate or misleading,

(vi) Subscriber loses exclusive control over a domain name listed in the Certificate;

(vii) the Certificate was not issued or used in accordance with Comodo's CPS, industry standards, or, for EV Certificates, the EV Guidelines;

(viii) Comodo 1) ceased operations or 2) is no longer allowed to issue the Certificate, and no other certificate authority has agreed to provide revocation support for the Certificate;

(ix) Subscriber is added as a denied party or prohibited person to a blacklist, or is operating from a prohibited destination under the laws of Comodo's jurisdiction of operation;

(x) the Certificate was issued to publishers of malicious software;

(xi) the CPS authorizes revocation of the Certificate;

(xii) this agreement terminates; or

(xiii) the Certificate, if not revoked, will compromise the trust status of Comodo.

After revoking the Certificate, Comodo may, in its sole discretion, reissue the Certificate to Subscriber or terminate the agreement.

4. Intellectual Property Rights.

4.1.Comodo IP Rights. Comodo retains, and Subscriber shall not obtain or claim, all title, interest, and ownership rights in:

(i) the services and products provided by Comodo, including issued Certificates,

(ii) all copies or derivative works of the Comodo's services and products, regardless of who produced, requested, or suggested the copy or derivative work,

(iii) documentation, software, and other supporting materials provided by Comodo, and

(iv) Comodo's copyrights, patent rights, trademarks, trade secret rights and other proprietary rights.

4.2.Trademarks. Subscriber shall not use a Comodo trademark without Comodo's written consent. Comodo consents to use of trademarks to displayed issued TrustLogos.

4.3.Other Rights. EV AUTO-Enhancer™ for Windows uses Microsoft Detours Professional 2.1. Detours is Copyright 1995-2004, Microsoft Corporation. Portions of the Detours package may be covered by patents owned by Microsoft corporation.

Microsoft, MS-DOS, Windows, Windows NT, Windows 2000, Windows XP, and DirectX are registered trademarks or trademarks of Microsoft Corporation in the U.S. and other countries.

5. Indemnification.

5.1.Indemnification. Subscriber shall indemnify Comodo and its affiliates and their respective directors, officers, employees, and agents (each an "Indemnified Person") against all liabilities, losses, expenses, or costs (including reasonable attorney's fees) (collectively "Losses") that, directly or indirectly, are based on Subscriber's breach of this agreement, information provided by Subscriber, or Subscriber's or its customers' infringement on the rights of a third party.

5.2.Indemnification Procedure. Comodo shall notify Subscriber promptly of any demand for indemnification. However, Comodo's failure to notify will not relieve Subscriber from its indemnification obligations except to the extent that the failure to provide timely notice materially prejudices Subscriber. Subscriber may assume the defense of any action, suit, or proceeding giving rise to an indemnification obligation unless assuming the defense would result in potential conflicting interests as determined by the Indemnified Person in good faith. Subscriber may not settle any claim, action, suit or proceeding related to this agreement unless the settlement also includes an unconditional release of all Indemnified Persons from liability.

5.3.Additional Liability. The indemnification obligations of Subscriber are not Comodo's sole remedy for Subscriber's breach and are in addition to any other remedies Comodo may have against Subscriber under this agreement. Subscriber's indemnification obligations survive the termination of this agreement.

6. Term and Termination.

6.1. Term. Unless otherwise terminated as allowed herein, this agreement is effective upon Subscriber's acceptance and lasts for as long as a Certificate issued under the agreement is valid.

6.2. Termination. Either party may terminate the agreement with 20 business days notice for convenience. Comodo may terminate this agreement immediately without notice if

(i) Subscriber materially breaches this agreement,

(ii) Comodo revokes a Certificate as allowed herein,

(iii) Comodo rejects Subscriber's Certificate application or cannot satisfactorily validate Subscriber in accordance with section 1.2, or

(iv) if industry standards change in a way that affects the validity of the Certificates ordered by Subscriber.

6.3. Events Upon Termination. After termination, Subscriber shall pay any amounts still owed for the Certificates and cease using all Certificates issued under this agreement. Comodo is not obligated to refund any payment made by Subscriber upon termination of this Agreement.

7. Disclaimers and Limitation of Liability.

7.1. Relying Party Warranties. Subscriber acknowledges that the Relying Party Warranty is only for the benefit of Relying Parties. Subscriber does not have rights under the warranty, including any right to enforce the terms of the warranty or make a claim under the warranty.

7.2. Exclusion of Warranties. THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE". COMODO EXPRESSLY DISCLAIMS ALL IMPLIED AND EXPRESS WARRANTIES IN THE SERVICES. THIS DISCLAIMER INCLUDES ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT AND IS EFFECTIVE TO THE MAXIMUM EXTENT ALLOWED BY LAW. COMODO DOES NOT GUARANTEE THAT 1) THE SERVICES WILL MEET SUBSCRIBER'S REQUIREMENTS OR EXPECTATIONS OR 2) THAT ACCESS TO THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.

7.3. Limitation on Liability. SUBJECT TO SECTION 7.4, THE TOTAL LIABILITY OF COMODO AND ITS AFFILIATES, AND EACH OF THEIR OFFICERS, DIRECTORS, PARTNERS, EMPLOYEES, AND CONTRACTORS, RESULTING FROM OR CONNECTED TO THIS AGREEMENT IS LIMITED TO THE AMOUNT PAID BY SUBSCRIBER FOR THE SERVICES GIVING RISE TO THE LIABILITY. SUBSCRIBER WAIVES ALL LIABILITY FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES. THIS WAIVER INCLUDES ALL DAMAGES FOR LOST PROFITS, REVENUE, USE, OR DATA AND APPLIES EVEN IF COMODO IS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. These limitations apply to the maximum extent permitted by law regardless of 1) the reason for or nature of the liability, including tort claims, 2) the number of any claims, 3) the extent or nature of the damages, and 4) whether any other provisions of this agreement have been breached or proven ineffective.

7.4. Exception. Nothing in this agreement excludes or limits the liability of either party for death or personal injury resulting from the negligence of that party or for any statements made fraudulently by either party.

8. Remedy.

8.1.Injunctive Relief. Subscriber acknowledges that its breach of this agreement will result in irreparable harm to Comodo that cannot adequately be redressed by compensatory damages. Accordingly, in addition to any other legal remedies which may be available, Comodo may seek and obtain an injunctive order against a breach or threatened breach of the agreement by Subscriber.

8.2.Limitation on Actions. Except for actions and claims related to a party's indemnification and confidentiality obligations, all claims and actions arising from this agreement must be brought within one (1) year from the date when the cause of action occurred.

8.3.Remedy. Subscriber's sole remedy for a defect in the Services is to have Comodo use reasonable efforts to correct the defect. Comodo is not obligated to correct a defect if (i) the Service was misused, damaged, or modified, (ii) Subscriber did not immediately report the defect to Comodo, or (iii) Subscriber breached any provision of this agreement.

9. Confidentiality. Except as allowed herein, a party ("Receiving Party") shall not use or disclose any Confidential Information provided by the other party (the "Disclosing Party") other than for the purpose of performing its obligations under this agreement. The Receiving Party shall take reasonable measures to prevent unauthorized disclosure and shall ensure that any person receiving Confidential Information complies with the restrictions in this section. The Receiving Party may disclose Confidential Information if the information:

(i) is already possessed by the Receiving Party before receipt from the Disclosing Party;

(ii) is or becomes public domain without fault of the Receiving Party;

(iii) is received by the Receiving Party from a third party who is not under an obligation of confidentiality or a restriction on the use and disclosure of the information,

(iv) is disclosed in response to the requirements of a law, governmental order, regulation, or legal process and the Receiving Party first gives prior notice to the Disclosing Party of the requirement to disclose the information, or

(v) is disclosed under operation of law to the public without a duty of confidentiality.

A party asserting one of the exceptions to Confidential Information above shall prove the assertion using verifiable documentary evidence. The restrictions contained in this section apply for the duration of the agreement plus five years after its termination.

10. Privacy.

(i) Comodo shall follow the privacy policy posted on its website when receiving and using information from the Subscriber. Comodo may amend the privacy policy at any time by posting the amended privacy policy on its website. Subject to Section 10(ii), Comodo shall use reasonable efforts in protecting Subscriber's information. Subscriber acknowledges that risks remain that are beyond Comodo's reasonable control and waives all liability of Comodo for these risks.

(ii) Subscriber consents to 1) Comodo disclosing Subscriber's information publicly by embedding the information in issued Certificates and 2) Comodo disclosing and transferring Subscriber's information to third parties located outside of the European Union as necessary to validate and issue Certificates.

(iii) Subscriber may opt-out of having information used for purposes not directly related to the Services by emailing a clear notice to optout@comodo.com. By clicking "I AGREE", Subscriber affirmatively consents to receiving Comodo's and its affiliates marketing material.

11. Miscellaneous.

11.1. Force Majeure and Internet Frailties. Other than for payment obligations by Subscriber, neither party will be liable for a delay or failure to perform an obligation to the extent that the delay or failure is caused by an occurrence beyond the party's reasonable control. Each party acknowledges that the operation of the Internet is beyond the other party's reasonable control, and neither party will be liable for a delay or failure caused by an interruption or failure of telecommunication or digital transmission links, Internet slow-downs or failures, or other such transmission failure.

11.2. Notices.Subscriber shall send all notices to Comodo by first class mail in English writing, with return receipt requested, to Comodo CA Limited, 26 Office Village, 3rd Floor, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ, United Kingdom. Comodo shall send all notices to Subscriber's contact information listed on its Certificate application. Comodo may send notices by mail, email, or facsimile.

11.3. Entire Agreement. This agreement and all documents referred to herein constitute the entire agreement between the parties with respect to the subject matter, superseding all other agreements that may exist. Section headings are for reference and convenience only and are not part of the interpretation of this agreement.

11.4. Amendments. Comodo may amend this agreement, the CPS, the Relying Party Agreement, the Relying Party Warranty, its website, and any documents listed in its Repository at any time by posting the amendment or amended document on its website. Subscriber shall periodically review the website to be aware of any changes. Subscriber may terminate the agreement if Subscriber does not agree to the amendment. Subscriber's continued use of the Services after an amendment is posted constitutes Subscriber's acceptance of the amendment.

11.5. Waiver. A party's failure to enforce a provision of this agreement will not waive the party's right to enforce the same provision later or right to enforce any other provision of this agreement. To be effective, all waivers must be both in writing and signed by the party benefiting form the waived provision.

11.6. Assignment. Subscriber shall not assign any of its rights or obligations under this agreement without the prior written consent of Comodo. Any transfer without consent will be void. Comodo may assign its rights and obligations without Subscriber's consent.

11.7. Governing Law and Venue. The laws of England and Wales govern the interpretation, construction, and enforcement of this agreement and all proceedings arising out of it, including tort claims, without regard to any conflicts of law principles. All proceedings or legal action arising from this agreement must be commenced in the courts of England and Wales. Both parties agree to the exclusive venue and jurisdiction of these courts.

11.8. Severability. Any provision determined invalid or unenforceable by rule of law will be reformed to the minimum extent necessary to make the provision valid and enforceable. If reformation is not possible, the provision will be deemed omitted and the balance of the agreement will remain valid and enforceable.

11.9. Survival. All provisions of the agreement related to confidentiality, proprietary rights, indemnification, and limitations of liability survive the termination of the agreement.

11.10. Rights of Third Parties. The Certificate Beneficiaries are express third party beneficiaries of Subscriber's obligations and warranties in this agreement.

12. Definitions.

12.1."Certificate" means a digitally signed electronic data file issued by Comodo to a person or entity seeking to conduct business over a communications network which contains the identity of the person authorized to use the Digital Signature, a copy of their Public Key, a serial number, a time period during which the data file may be used, and a Digital Signature issued by Comodo.

12.2."CPS" refers to the documents explaining Comodo's polices and procedures when operating its PKI infrastructure.

12.3."Confidential Information" means all material, data, systems, technical operations, and other information concerning Comodo's business operations that is not known to the general public, including all information about the Certificate issuance services (such as all Private Keys, personal identification numbers and passwords).

12.4."Certificate Beneficiaries" means the Subject named in the Certificate, any third parties with whom Comodo has entered into a contract for inclusion of its root certificate, and all Relying Parties that actually rely on such Certificate during the period when it is valid.

12.5."Digital Signature" means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using the signatory's Private Key and is linked in a way so as to make any subsequent changes to the electronic data detectable.

12.6."EV AUTO-Enhancer" means Comodo's patent-pending process and software to enable EV functionality on web browsing computers using a modified Apache configuration file or the Comodo developed IIS plug-in.

12.7."EV Certificate" means a Certificate signed to Comodo's EV root certificate that is designed for use with an SSL v3 or TLS v 1.0 enabled web browse and that complies with the EV Guidelines.

12.8."EV Enhancer" means the process and software used by Comodo to enable EV functionality on web browsing computers by pointing the web browser on the web browsing computer to a beacon website designed to download and install a new EV root certificate.

12.9."EV Guidelines" refers to the official, adopted guidelines governing EV Certificates as established by the CA/Browser Forum that are available online at http://www.cabforum.org.

12.10."Private Key" means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algori thm and which may be used to create Digital Signatures, and decrypt files or messages which have been encrypted with a Public Key.

12.11."Public Key" means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures and encrypt files or messages.

12.12."Relying Party" means an entity that acts in reliance on a Certificate or a Digital Signature.

12.13."Relying Party Agreement" refers to an agreement located on the Comodo Repository that governs a Relying Party's use of the Certificate when transacting business with the Subscriber's website.

12.14."Relying Party Warranty" refers to a warranty offered by Comodo to a Relying Party under the terms and conditions found in the Comodo Relying Party Agreement in connection with the Relying Party's use of a Certificate.

12.15."Repository" means a publicly available collection of information and databases relating to Comodo's Certificate practices and which is available at http://www.comodo.com/repository.

12.16."Services" means the Certificates ordered hereunder along with any related TrustLogos, software, and documentation.

12.17."TrustLogo" means a logo provided by Comodo for use on a Subscriber's site in connection with an issued Certificate.