Subdivision 1. After request. A licensed certification authority must revoke a certificate that it issued but which is not a transactional certificate, after:
(1) receiving a request for revocation by the subscriber named in the certificate; and
(2) confirming that the person requesting revocation is the subscriber, or is an agent of the subscriber with authority to request the revocation.
Subd. 2. After identity confirmed. A licensed certification authority must confirm a request for revocation and revoke a certificate within one business day after receiving both a subscriber's written request and evidence reasonably sufficient to confirm the identity and any agency of the person requesting the suspension.
Subd. 3. After death or dissolution. A licensed certification authority must revoke a certificate that it issued:
(1) upon receiving a certified copy of the subscriber's death record, or upon confirming by other evidence that the subscriber is dead; or
(2) upon presentation of documents effecting a dissolution of the subscriber, or upon confirming by other evidence that the subscriber has been dissolved or has ceased to exist, except that if the subscriber is dissolved and is reinstated or restored before revocation is completed, the certification authority is not required to revoke the certificate.
Subd. 4. Unreliable certificate. A licensed certification authority may revoke one or more certificates that it issued if the certificates are or become unreliable, regardless of whether the subscriber consents to the revocation and notwithstanding a provision to the contrary in a contract between the subscriber and certification authority.
Subd. 5. Notice of revocation. Immediately upon revocation of a certificate by a licensed certification authority, the licensed certification authority must give notice of the revocation according to the specification in the certificate. If one or more repositories are specified, then the licensed certification authority must publish a signed notice of the revocation in all repositories. If a repository no longer exists or refuses to accept publication, or if no repository is recognized under section 325K.13, then the licensed certification authority must also publish the notice in a recognized repository.
Subd. 6. When certification by subscriber ceases. A subscriber ceases to certify, as provided in section 325K.12, and has no further duty to keep the private key secure, as required by section 325K.13, in relation to the certificate whose revocation the subscriber has requested, beginning at the earlier of either:
(1) when notice of the revocation is published as required in subdivision 5; or
(2) one business day after the subscriber requests revocation in writing, supplies to the issuing certification authority information reasonably sufficient to confirm the request, and pays any contractually required fee.
Subd. 7. Warranties discharged. Upon notification as required by subdivision 5, a licensed certification authority is discharged of its warranties based on issuance of the revoked certificate as to transactions occurring after the notification and ceases to certify as provided in section 325K.11, subdivisions 2 and 3, in relation to the revoked certificate.
Subd. 8. Administrative procedures. For purposes of this section, the provisions of chapter 14 do not apply when the secretary acts as a licensed certification authority for governmental entities.
History: 1997 c 178 s 16; 1998 c 321 s 25,26; 1999 c 250 art 1 s 100; 1Sp2001 c 9 art 15 s 32