What is EPKI?
An Enterprise PKI (EPKI) Agreement allows an authorized representative to assume responsibility for retaining and validating identity evidence of employees or contractors within a company or organization. This agreement is typically used to purchase a high volume of North American Energy Standards Board (NAESB) client auth certificates and Individual Validation+Organization Validation (IV+OV) S/MIME certificates enabling pre-validation of certificates containing an individual identity associated with the organizational identity. After a successful validation of the individual identity of a signatory to an EPKI agreement as well as an organizational validation of the entity the signatory represents, that person will then attain the function of the EPKI Administrator and be granted the authority to manage the life cycle of NAESB and IV+OV S/MIME certificates. Specifically, the EPKI Administrator can:- Issue NAESB and IV+OV S/MIME certificates to other people in the organization without having to submit ID evidence for each individual certificate.
- Request, renew, revoke, and re-issue NAESB and IV+OV S/MIME certificates for other members of the organization.
- Enable automatic individual validation of bulk orders issued for the same previously-validated organization.
The Subscriber entering into an EPKI Agreement must retain IDs and make identity evidence available for sampling, if needed, during SSL.com quarterly and annual audits.
Partner Obligations in the EPKI Agreement
SSL.com includes the following obligations to its partners in an EPKI Agreement:- Appoint an EPKI Administrator to set up and maintain the Service, including any required registration, ordering, and configuration required to utilize the EPKI service.
- Ensure the access credentials (typically, username and password) issued to the EPKI Administrator are secure.
- Protect the confidentiality of Private Keys from unauthorized use.
- Enter into and ensure compliance by each Subscriber with the terms of the Subscriber Agreement.
- Create and keep all records relevant to SSL.com’s functions as an LRA, including but not limited to records of: a) Subscriber identity verification b) Certificate revocation requests sent to SSL.com and c) authorizations to serve as Applicant Representative.
- Collaborate with SSL.com to facilitate internal or external auditing requirements applicable to partners.
Below are steps for submitting a completed EPKI agreement:
- Fill out all required fields in the main form below
- Download and complete the 3 ePKI forms: Download ePKI forms
- After accomplishing the downloaded forms, attach/upload them to the main form below and click the Submit button.
- A member of the SSL.com sales team will reach out to confirm order details and schedule the next steps in the validation process.