C-1.1 - Act to establish a legal framework for information technology

Full text
48. A certificate may be attached directly to another document used in a communication or be made accessible through a directory that is itself accessible to the public.
A certificate must contain, at least, the following information :
(1)  the distinctive name and the signature of the issuing certification service provider ;
(2)  a reference to the policy statement of the certification service provider, including its practices, on which the guarantees offered by the certificate are based ;
(3)  the certificate version and the serial number of the certificate ;
(4)  the dates of the beginning and end of the valid period of the certificate ;
(5)  in the case of a certificate confirming the identity of a person or the identification of an association, a partnership or the State, the distinctive name of the person or entity or, in the case of a certificate confirming the identifier of an object, that identifier ; and
(6)  in the case of an attribute certificate, the designation of the attribute confirmed by the certificate and, if need be, the identification of the person, association, partnership, State or object to which it is linked.
The distinctive name of a natural person may be a pseudonym, but the certificate must indicate if that is the case. Certification service providers are required to communicate the name of the person using the pseudonym to any person legally authorized to obtain that information.
2001, c. 32, s. 48.