Singapore legislation
Section 29
Section 29
Issue of certificate
(1)
A certification authority may issue a certificate to a prospective subscriber only after the certification authority —
has received a request for issuance from the prospective subscriber; and
has —
if it has a certification practice statement, complied with all of the practices and procedures set forth in such certification practice statement including procedures regarding identification of the prospective subscriber; or
in the absence of a certification practice statement, complied with the conditions in subsection (2).
(2)
In the absence of a certification practice statement, the certification authority shall confirm by itself or through an authorised agent that —
the prospective subscriber is the person to be listed in the certificate to be issued;
if the prospective subscriber is acting through one or more agents, the subscriber authorised the agent to have custody of the subscriber’s private key and to request issuance of a certificate listing the corresponding public key;
the information in the certificate to be issued is accurate;
the prospective subscriber rightfully holds the private key corresponding to the public key to be listed in the certificate;
the prospective subscriber holds a private key capable of creating a digital signature; and
the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the prospective subscriber.