SSL OnDemand/Corporate ID +

Part I: Rates and Charges. Customer will pay the annual recurring charges (ARCs), and non-recurring charges (NRCs) for SSL OnDemand/Corporate ID + (SSL Services) as specified below and in the applicable Contract. Customer will pay additional ARCs and NRCs for any equipment management required or for optional services or features that may be ordered by Customer under the Contract. The charges shown herein are in United States dollars.

1. Term. The term of this Service Attachment during which Customer may order Certificates by executing Service Orders, begins on the Commencement Date and ends upon the completion of Service Commitment, as shown in the Service Order, at which time this Service Attachment is automatically extended on a month-to-month basis until either party terminates it upon sixty days prior written notice. If no Service Commitment is specified in a Service Order, the Service Commitment of such Service Order shall be one year. The terms of this Service Attachment will continue to apply during any service-specific term in a Service Order. Either party may terminate this Service Attachment by written notice to the other party following the expiration or termination of its obligations under the Service Orders executed hereunder. Verizon may terminate this Service Attachment if Customer does not sign a new Service Order within thirty days after the issuance of grace units/licenses as set forth in Part II, below.

Part II: Service Description and Requirements.

1. General. This Service Attachment sets forth the terms and conditions for the SSL Services as set forth in a Service Order. Verizon controls the means, methods, places and time of its performance of SSL Services. If there is a conflict between the terms of this Service Attachment, the EV Subscriber Agreement (as defined below), and a Service Order, the order of precedence is as follows: (1) Service Order, (2) this Service Attachment, and (3) EV Subscriber Agreement.

2. Grant of Rights

2.1 Verizon grants Customer, and Customer accepts, a non-exclusive, non-assignable, non-transferable, and revocable right to perform, for Customers internal business purposes only, the responsibilities and functions of a digital certificate registration authority (RA) under the root hierarchy of the public certification authority (Public CA) indicated in the applicable Service Order. Except to the extent otherwise agreed in writing, Customer may request and authorize the issuance, suspension and revocation of digital certificates, whether organizational validation (OV) SSL, extended validation (EV) SSL, or code signing (each, a "Certificate"), for Authorized Users only. Authorized User means:

(i) for SSL a computer server on which only Customer content is hosted by Customer or for Customer (by a hosting or outsourcing service provider) for Customers ordinary course of business, provided that the base domain names for which the computer server runs must be:

(a) owned by, or leased or licensed to Customer;

(b) registered in Customers name; and

(c) identified in the Service Order and processed by Verizon;

(ii) for code signing, a Customer (a) employee or contractor acting as a software developer who signs software code; or (b) software build system that signs software code which identifies the source organization or individual; or

(iii) officer, director, employee and temporary member of staff third party legal entities that maintain a business relationship with Customer (Authorized Third Party User) provided that any certificate issued for an Authorized Third Party User may be used only by that Authorized Third Party User for the purposes of securing and/or authenticating electronic communication to and from the Customer in relation to, and for the purpose of, conducting business transactions.

This Service Attachment does not provide Customer any right to issue, suspend or revoke certificates that identify individuals for any purpose other than code signing.

2.2 Customer may operate as RA for non-commercial purposes only, meaning that Customer may not, and may not permit any third party to, distribute any Certificate for the purposes of generating income for Customer. For purposes of clarification, Customer may use a Certificate in a way that allows Customer to generate income from licensing software that has been developed by Customer or a third party acting for Customer, or from transactions carried out using Customer websites.

2.3 SSL Services are governed by the then-current Public CAs Certification Practice Statement, Certificate Policy and associated policies, as amended from time to time by the Public CA (collectively Public CA Policies) located at the following web address: http://cybertrust.omniroot.com/repository.cfm. The web address may be updated or changed from time to time upon written notice to Customer or notice posted on the listed web address. Customer shall operate as an RA and administer the Certificates in conformity with: (i) the Public CA Policies, and (ii) such reasonable guidelines and/or instructions of which Verizon informs Customer from time to time in writing or on the repository at the link above.

2.4 EV Certificates are governed by the Subscriber Agreement for Cybertrust Extended Validation SSL Server Certificates (EV Subscriber Agreement), which is incorporated herein by this reference. The application, acceptance and installation of a certificate pursuant to the EV Subscriber Agreement indicates the acceptance of the terms and conditions of such agreement

2.5 By submitting a request to issue, suspend, re-instate or revoke a Certificate, Customer represents that: (i) such request relates to an Authorized User; and (ii) such request is submitted in compliance with: (a) Customers own established application, validation and approval policies and procedures applicable to the RA, which shall not be inconsistent with or less stringent than the relevant Public CA Policies, and (b) the relevant Public CA Policies. Any request submitted by or on behalf of Customer to issue, suspend, re-instate or revoke a Certificate constitutes sufficient cause for Verizon to honor such request.

3. Administration.

3.1 Customer shall appoint suitably qualified administrators to operate as RA on Customers behalf (each, an Administrator). For EV Certificates, each Administrator is a Certificate Approver and is bound by the EV Subscriber Agreement. Upon request from Verizon, Customer will confirm that any Administrator is authorized to act both as an Administrator and Certificate Approver. Customer: i) shall advise each Administrator of his or her obligations and Customers obligations under this Service Attachment, and ii) shall be responsible for each Administrators compliance therewith.

3.2 Customer must have at least two Administrators appointed and registered with Verizon at any time during the Service Commitment. Customer shall promptly inform Verizon either using the web-based interface made available to Administrators by Verizon (Administrator Interface) or in writing of any change in the appointment and/or authorization of any of its Administrators. Customer may appoint more than two Administrators, subject to an NRC shown on a Service Order for each additional Administrator.

3.3 Administrators may request the issuance of Certificates via the Administrator Interface. Verizon will provide each Administrator with an Administrator Certificate to access the Administrator Interface. Notwithstanding the Service Commitment or term of the Certificates issued by Customer hereunder, Administrator Certificates are valid until revoked or for two years from the date of issuance, whichever is earlier. Customer shall take reasonable measures to prevent the compromise of the private keys associated with the Administrator Certificates and shall promptly inform Verizon upon suspicion of compromise or actual compromise of such private keys. Customer shall be liable for the activities and charges incurred through the use of the Administrator Certificates provided to Customer by Verizon.

3.4 Customer, in its capacity as RA, agrees to be the sole party responsible for collecting, proofing and recording each Authorized Users information to be entered into the Certificates. Customer also agrees that for EV Certificates, it and its Administrators will comply with the terms of the EV Subscriber Agreement, and the then-current version of the Guidelines for the Issuance and Management of Extended Validation Certificates which can be consulted on-line at the following web address http://www.cabforum.org (the EV Guidelines).

4. Services.

4.1 Verizon will: (i) provide access to the Administrator Interface and provide the number of Administrator Certificates as shown on a Service Order as well as a set of (Verizon branded) certificate enrollment pages; (ii) have the number of Certificates issued, revoked, re-instated and/or suspended from the Public CAs certificate services platform upon receipt of an Administrators request shown on a Service Order; (iii) provide Administrators with e-mail and telephone access to help desk technical support for queries regarding the Administrator Interface or related to an Authorized Users Certificate; (iv) revoke Certificates in response to a revocation request from a requestor who authenticates such revocation request by providing the applicable passphrase that is provided to the initial requestor. Support incidents, the escalation process, and resolution targets for resolving issues are described in Part IV below.

4.2 SSL Services operate 24 hours per day, 365 days per year, except during scheduled maintenance. Verizon will notify Customer by electronic mail or other reasonable means two weeks in advance of scheduled maintenance that will: (i) require any Administrator Interface component of the SSL Service to be unavailable for greater than five minutes; or (ii) affect Verizons ability to provide a current Certificate Revocation List. Notification will be sent to the Administrators at the e-mail addresses provided by Customer.

4.3 In the case of a Service Order for bulk pricing of Certificates, a quantity of one unit represents a license to install the Certificate on one to five servers in a load balancing or virtual configuration. For the purposes of counting servers, the maximum number of concurrent servers that Customer plans to have actively handling connections during the life of the Certificate should be used. Servers in the load balancing or virtual configuration that are available in passive standby mode are excluded from the counted number of servers. When one Certificate is installed on more than five servers, the total number of servers is divided by five and rounded up to the next whole number to determine the number of units to be charged.

4.4 Further, for a Service Order bulk pricing Certificates, one unit represents a license to include one to five names within the Certificate using the subject alternate name extension. When one Certificate contains more than five names, the total number of names is divided by five and rounded up to the next whole number to determine the number of units to be charged.

4.5 When both 4.3 and 4.4 apply, that is, a Certificate that contains multiple names is to be installed on multiple servers, the cost is calculated by multiplying the number of names by the number of active servers, dividing by five, then rounding up to the next whole number to determine the number of units to be charged.

4.6 Bulk pricing units are valid for five years from the date the applicable Service Order is executed by both parties. Any unused balance at the end of five years is forfeited by the Customer with no refund due. Prepayment is due in full upon the date of execution of the Service Order. In the event that this Service Attachment is terminated, Customer forfeits the remaining number of units of un-issued Certificates with no refund due.

4.7 Service Orders for unlimited domain licenses expire after one year and need to be re-ordered annually, regardless of the term of the Certificates issued under the unlimited license. Such Service Orders provide a one year license to issue an unlimited number of Certificates of the purchased term for the specified domain. At the end of one year, unlimited domain licenses must be re-ordered by executing a new Service Order in order for Customer to retain the privilege to issue an unlimited number of Certificates for the specified domain.

4.8 Verizons may block the ability for an Administrator to issue Certificates in the event the purchased unit(s)/license(s) are exceeded. To allow for processing time for additional purchases, Verizon may, at its discretion, establish a quantity of grace unit(s)/license(s. Grace unit(s)/license(s) allow the Customers unit/license balance to become negative until such time as a new Service Order is executed by the parties, at which time the newly-purchased quantity of unit(s)/license(s) is applied against the negative balance.

4.9 For the initial Service Order for OV SSL Services, processing of up to 10 domains is included. Additional domains will be processed subject to an additional fee as documented in the Service Order. EV Certificates do not include processing of any domains in the fee, and processing of all domains for EV Certificates incurs a fee as documented in the Service Order.

4.10 For EV SSL Services, the roles of Contract Signer and Certificate Approver (as defined in the EV Guidelines) are assigned to individuals by execution of this Service Attachment and the related Service Orders. The person who signs this Service Attachment is in the role of Contract Signer and must be validated according to the EV Guidelines. The Administrators noted in the Service Order serve in the role of Certificate Approvers and are granted Certificate Approver rights perpetually until revoked upon request from the Contract Signer or another Certificate Approver, or until termination of this Service Attachment.

4.11 Verizon will make training and documentation available to Administrators that Verizon reasonably deems appropriate to familiarize the Administrators with the Administrator Interface and the administrative procedures relevant to the issuance, suspension and revocation of Certificates. Customer may request additional training, and one such training will be provided at no additional charge over the internet (or through such other means of telecommunication available to Verizon), and Customer shall cause its Administrators to attend such training. All additional training and documentation, or any training performed on-site at a Customer location will be subject to availability and payment of the applicable fees, including all reasonable travel and other expenses incurred by Verizon in connection with such training, which Customer agrees to pay. The fee for training additional Administrators added after an initial Service Order is executed is included in the fee to add such additional Administrators.

5. Customer Responsibilities.

5.1 Customer shall comply with the Public CA Policies and to regularly consult and stay current with the Public CA information found at secure.omniroot.com/repository or other URL provided by Verizon from time to time. Customer shall provide first tier support to its Certificate requestors and other personnel, including the analysis and resolution of general queries regarding the installation and usage of the Certificates. If, notwithstanding Customers reasonable efforts, technical issues with a Certificate cannot be resolved, Customer may request second tier support from Verizon at [email protected] or other e-mail provided by Verizon from time to time..

5.2 Customer represents to Verizon and any Relying Party (i.e., an individual or entity that acts in reliance on a Certificate or electronic signature created with such Certificate and/or has entered into a relying party agreement valid for the Certificate) that:

(i) all information instrumental and/or material to Verizons issuance of a Certificate is accurate at the time of application for such issuance and thereafter;

(ii) it will promptly (a) inform Verizon if any of the information and/or materials that were provided in support of Customers Certificate request or for inclusion in the Certificate is no longer valid or accurate, and (b) request revocation of the applicable Certificate;

(iii) it will use (or, where permitted, allow usage of) the Certificate only for lawful purposes and to the extent permitted by this Service Attachment and the applicable Public CA Policies;

(iv) it has and will maintain, at its own expense, any rights, authorizations, approvals and consents required in respect of its Certificate request and subsequent Certificate usage (including, without limitation, ownership of or the exclusive rights to the domain name to be listed in the Certificate), and will provide information reasonably requested by Verizon for verification purposes;

(v) it will cease use of the Certificate and the associate private keys upon expiration or revocation of that Certificate; and

(vi) it will not install or use the Certificate until such time as it has verified that the information contained in the Certificate is accurate.

5.3 Set-Up. Customer will complete an initial information request from Verizon (including domains and Administrators information) and submit to Verizon.

5.4 Authorization Method and Approval Process. Customer will:

5.4.1 Establish an organization of Certificate Administrators operating in the capacity of RA as defined in the Public CA Policies.

5.4.2 Notify the Administrators to apply for an Administrator Certificate by fulfilling the invitation when they receive it from Verizon.

5.4.3 Review requests for Certificates and authenticate each requestor, verify the accuracy of the information supplied by the requestor, approve or reject the request.

5.4.4 Require that Administrators restrict access to the Administrator Certificate(s), the private key associated with the Administrator Certificate(s), and any user ID or password related to the Administrator Certificates or the Administrators right to access the RA-only accessible pages established at the Certificate administration portal.

5.5 Certificate Issuance and Revocation. Customer will:

5.5.1 Perform required due diligence to confirm that Certificates issued are fully authorized and are only for authorized domains.

5.5.2 When the need arises to revoke a Certificate immediately online through the RA, use the Certificate administration portal to change the Certificate status to indicate the Certificate has been revoked.

5.6 Notification of a Change or Compromise.

5.6.1 Notify Verizon in the event any Administrator ceases to be an authorized Administrator, any information contained in an Administrator Certificate changes or becomes false or misleading, or the private key corresponding to the public key contained in any Administrator Certificate is compromised or likely to be compromised.

5.6.2 Create a record of, and report to Verizon, actual or suspected compromises of the RA function and of any private keys as soon as the compromise is detected.

5.7 Support. Administrator will act as the sole intermediary contact for communications with end users.

6. Revocation. Verizon may revoke a Certificate at any time without notice and without liability for such revocation upon occurrence of any or all of the following:

(i) a revocation request issued by or on behalf of Customer;

(ii) Verizon in good faith, after using reasonable effort, believes that the Certificate is or is likely to become compromised or used in an illegal or otherwise unauthorized manner;

(iii) Verizon has good faith reason to believe that any of the information contained in the Certificate has materially changed or is no longer accurate;

(iv) the Certificate has been issued to persons or organizations that (a) are or at any time become identified or known as publishers or distributors of malicious software, or (b) that impersonate other persons or otherwise undertake activities that are illegal, fraudulent or unethical;

(v) a compelling event under applicable law (including, by way of an example, if the Certificate has been issued to persons or organizations against which any form of supra-national, international, or national trade embargo becomes enforced);

(vi) Verizon reasonably believes that Customer violated a material obligation under this Service Attachment;

(vii) Verizon discontinues for any reason its provision of public certification services or the trust associated with the certificate hierarchy under which the Certificate has been issued becomes compromised;

(viii) Customer fails to maintain any permits, approvals, rights or authorizations as required for the issuance and/or use of the Certificate (including, without limitation, any failure to maintain domain name registration);

(ix) Verizon determines that Customer, in connection with SSL Services, has engaged in activities that may be harmful to or compromise Verizons (or a Verizon affiliates, agents or service providers) business reputation or trust status;

(x) any additional and reasonable grounds for revocation as Verizon may publish from time to time in the Public CA Policies or make otherwise known to Customer.

For additional clarity, except as mandated by the Public CA Policies or applicable law, Verizon does not have any obligation to revoke a Certificate upon occurrence of any or all of the events listed under items (ii) through (x) above. Customer agrees that this Section 6. is without prejudice to and does not release Customer from its obligation to promptly request revocation of any Certificate upon learning or suspecting that any of the events pursuant to which Verizon may revoke the Certificate has occurred or is likely to occur.

6.1 Upon revocation or expiration of a Certificate, Customer must permanently remove that Certificate from applications, systems and/or devices on which it is installed and cease further use of the Certificate. If, in connection with the Certificate issued, Customer received a license from Verizon to display a seal (i.e., a graphical object showing brand of certificate that is used to protect a site, which shows the status of the Certificate when a user clicks on the object), logo, mark and/or other indicium on a website or other medium, Customer must remove such seal or indicium upon revocation or expiration of the applicable Certificate(s), unless Customer is actively in the process of replacing such revoked or expired Certificate(s) with other Verizon certificates.

Part III: Service Terms and Conditions.

1. This Service Attachment or a Service Order may be terminated immediately and without liability upon providing written notice if Verizons reputation, goodwill and/or infrastructure security posture is compromised or is threatened to be compromised due to any act or failure to act by Customer, or if Customer does not submit documentation and information requested by Verizon for validation purposes.

2. Upon termination of this Service Attachment or expiration of all Service Orders executed hereunder: (i) the rights to operate each Certificate until the end of its term granted hereunder to Customer shall terminate; (ii) Customer shall cease all further use of the SSL Services; (iii) the Administrator Certificates shall be revoked; (iv) Verizon shall continue to have the right to revoke any Certificate following the date of termination upon receipt of a revocation request from Customer or for any of the reasons set forth in Section 6 Revocation; (v) no refund, credit or any other form of reimbursement will be made to Customer for Certificate licenses previously purchased which have not been converted into or redeemed for issued Certificates as of the date of termination of this Service Attachment or expiration of all Service Orders. Termination or expiration of this Service Attachment or a Service Order shall not affect the continuance in force of any provision which is expressly or by implication intended to continue in force on or after such termination or expiration. Unless this Service Attachment or a Service Order is terminated for cause by Verizon, Certificates issued prior to the date of termination will remain valid until the earlier of: (a) the expiration of the Certificate; or (b) the revocation of the Certificate. In the event this Service Attachment or a Service Order is terminated by Verizon for cause, all Certificates issued thereunder shall also be terminated as of the date of termination.

3. Customer Data.

3.1 Customer acknowledges that Verizon and its respective affiliates and agents may, by virtue of the provision of the SSL Services, come into possession of information regarding Customer, its Certificate requestors, Administrators, employees and users, including personal and/or private information, data transmissions and the originating and destination numbers and IP addresses, date, time, duration, and other data necessary for the establishment, billing or maintenance of such transmissions (Customer Data).

3.2 Verizon will implement appropriate technical and organizational measures to protect Customer Data the use, processing or transfer of which is regulated by law or regulation as personal data (Regulated Customer Data) against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against other unlawful forms of processing.

3.3 Customer may access Regulated Customer Data in the possession of Verizon, on written notice, and Verizon will use reasonable efforts to rectify any errors between such Regulated Customer Data provided by Customer and the Regulated Customer Data in the possession of Verizon.

4. Confidential Information. In addition to the Confidentiality requirements of the Master Terms, Confidential Information does not include information that is comprised of statistical information, or other aggregated information such that use of such data will not be identifiable as originating from Customer.

5. Intellectual Property Rights.

5.1 All title, copyrights, trademarks, service marks, patents, patent applications and all other intellectual proprietary rights now known or hereafter recognized in any jurisdiction (IP Rights) in and to Verizons and the Public CAs technology, web sites, documentation, products and services and any derivative works thereof (Proprietary Materials) are, as between Verizon and Customer, owned and will continue to be solely and exclusively owned by Verizon. Customer agrees to make no claim of interest in or to any such IP Rights. Customer acknowledges that no title to the IP Rights in and to the Proprietary Materials is transferred to Customer and that Customer does not obtain any rights, express or implied, in any Proprietary Materials other than the rights expressly granted in this Service Attachment.

5.2 Verizon does not claim ownership of any of Customers factual information that Verizon obtains from Customer in connection with the issuance of Certificates. However, Customer hereby grants Verizon, its affiliates, agents and service providers a free license to copy, store, use, transmit and process, edit, translate and reformat such information as set forth herein and as otherwise required for the purposes of performing the SSL Services hereunder.

6. Limited Warranty. Verizon warrants that it will exercise reasonable care to generate Certificates that will not contain material errors as compared to the information provided by Customer for inclusion in such Certificates. Except to the extent explicitly stated otherwise in this SERVICE ATTACHMENT AND to the maximum extent permitted by law, THE SSL SERVICES are provided as is and Verizon makes no warranties with respect to THE SSL SERVICES or any certificate. Verizon hereby disclaims all other warranties, express or implied, including, without limitation any warranty of merchantability, fitness for a particular purpose, or non-infringement.

7. Limitation Of Liability.

7.1 Under no circumstances AND UNDER NO LEGAL THEORY, whether in tort, contract or otherwise shall either party be liable to the other for any consequential, special, INdirect, PUNITIVE or incidental damages, including but not limited to, loss of profits, revenue, information, or data, even IF SUCH party has been advised of the possibility of such damages.

7.2 Verizons aggregate liability to Customer for all damages and in respect of any and all causes of action and claimS at any time or times, including, without limitation, any breach of warranty, shall not exceed the lesser of: (i) the fees actually paid by Customer PURSUANT TO THIS SERVICE ATTACHMENT FOR THE SERVICE ORDER GIVING RISE TO THE CLAIM during the preceding twelve (12) months; or (ii) two Hundred fifty thousand U.S. DollarS ($250,000).

7.3 EXCEPT FOR CUSTOMERS PAYMENT OBLIGATIONS UNDER THIS SERVICE ATTACHMENT, CUSTOMERS AGGREGATE LIABILITY TO VERIZON FOR ALL DAMAGES AND IN RESPECT OF ANY AND ALL CAUSES OF ACTION AND CLAIMS AT ANY TIME OR TIMES INCLUDING, WITHOUT LIMITATION, ANY BREACH OF WARRANTY, SHALL NOT EXCEED THE LESSER OF: (I) THE FEES ACTUALLY PAID BY CUSTOMER PURSUANT TO THIS SERVICE ATTACHMENT FOR THE SERVICE ORDER GIVING RISE TO THE CLAIM DURING THE PRECEDING TWELVE (12) MONTHS; OR (II) TWO HUNDRED FIFTY THOUSAND U.S. DOLLARS ($250,000).

7.4 Notwithstanding anything to the contrary herein, Customer shall bear sole and exclusive responsibility and liability to any entity or person other than Verizon for any actions or failures to act by Customer (including, without limitation, the acts or omissions by any Administrator) in connection with this Service Attachment or the SSL Services. Such entities or persons will have no direct recourse against Verizon under this Service Attachment or otherwise, and as between Verizon and Customer, such entities and persons sole remedy and recourse related to provision of SSL Services hereunder lie with Customer and not with Verizon. As between the parties, Customer has the sole responsibility of enforcing the terms and conditions of this Section 7.4.

8. Indemnity. Customer will indemnify, defend and hold harmless Verizon for and against all liabilities, losses, damages, costs and expenses (including, without limitation, reasonable attorneys fees and costs) incurred by Verizon to the extent resulting from: (i) any inaccuracy or error in the proofing and validation of the data or in any information to be entered into the Administrator Certificates and any other Certificates requested by Customer to be issued hereunder; (ii) the use or misuse of the Administrator Interface by an Administrator; and (iii) the use and/or compromise of an Administrator Certificate, except to the extent such liabilities, losses, damages, costs and expenses (including, without limitation, reasonable attorneys fees and costs) arise solely from Verizons gross negligence or willful misconduct in complying with its obligations under this Service Attachment.

9. Audit. Customer shall keep reasonable records relating to Customers responsibilities and obligations under this Service Attachment. During the term of this Service Attachment and any Service Orders and for a period of one calendar year thereafter, Verizon may, upon reasonable notice and during normal business hours, audit Customers compliance with this Service Attachment. During such audits, Verizon and its auditors shall use reasonable efforts to not disrupt Customers business. Unless prompted by a third party request or Verizons perception of anomalies associated with a Certificate, the number of audits requested by Verizon shall be reasonable and shall occur no more than one time per year, provided however, that the duration and number of visits required for any one audit will be determined by the level of effort required to gather facts required to comply with the Public CA Policies, EV Guidelines, and the industry standard requirements for the subject matter of the audit. In the event any such audit discloses any material breach by Customer (or its Administrators, employees or agents) of its obligations hereunder, Customer shall, in addition to such other rights and remedies that may be available to Verizon, pay Verizon the reasonable costs and expenses incurred by Verizon in connection with such audit.

Part IV: Service Level Agreement.

1. Support incident severity definitions.The following definitions are used to categorize the severity of a reported incident.

*Severity*	*Definition*
1	Problems which prohibit critical business operations in the Customers production environment and for which no feasible workaround exists, as reasonably determined by the parties on a case by case basis.
2	Failure of one or more of the system functions making use of the SSL system/SSL Services difficult, degradation of service. Severity 1 issues for which a feasible workaround is presented but which causes a degradation of service.
3	*Failure of a SSL system function having no significant effect on the SSL system/SSL Service operation.*
4	*Requests for information/administrative changes.*
5	*Enhancement requests.*

2. Support Incident Resolution Targets and Escalation Matrix. This matrix demonstrates Verizons standard resolution targets and the pace at which Verizon escalates open incidents to the next tier in the absence of a Customer request. Customers may also request an escalation to the next tier.

*Severity*	*Target Response Time*	*Target Resolution / Workaround Time*	*1^st Escalation* *Tier 2*	*2^nd Escalation* *Tier 2 Management*	*Final Escalation* *Regional Head of Operations & Global Support Services*
1	*15 minutes* *(Phone )*	*1 hour*	*30 Minutes*	*45 Minutes*	*1 hour*
2	*15 minutes* *(Phone)*	*4 hours*	*1 hour*	*3 hours*	*4 hours*
3	*2 hours* *(E-mail/phone)*	*48 hours*	*8 hours*	*36 hours*	*48 hours*
4	*2 hours* *(E-mail/phone)*	*72 hours*	*8 hours*	*48 hours*	*72 hours*
5	*2 hours* *(E-mail/phone)*	*Customer will be notified*	*8 hours*	*N/A*	*N/A*

Cybertrust Extended Validation SSL Server Certificates SUBSCRIBER AGREEMENT

Important NOTICE

YOU MUST READ THIS SUBSCRIBER AGREEMENT CAREFULLY BEFORE APPLYING FOR, ACCEPTING, INSTALLING AND/OR USING ANY TYPE OR CATEGORY OF Extented Validation SSL SERVER CERTIFICATE FROM CYBERTRUST. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT YOU MUST NOT APPLY FOR, ACCEPT, INSTALL OR USE ANY SUCH CERTIFICATE. BY APPLYING FOR, ACCEPTING, INSTALLING OR USING ANY SUCH CERTIFICATE YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD AND AGREE TO BE BOUND BY AND COMPLY WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT.

This Subscriber Agreement (Agreement) applies to certain digital certificates Cybertrust offers as part of its Cybertrusts Public Certification Services and is for the express benefit of Cybertrust, any Relying Party (as such term is defined below) and Application Software Vendor (as such term is defined below). Except where expressly set forth otherwise in the Agreement, references to Cybertrust shall be deemed references to Cybertrust Belgium NV, BTW BE 0.455.138.450 RPR Leuven, a Belgian corporation that, in its capacity as Public Certification Authority, controls and operates the Cybertrust Public Certification Services in respect of which this Agreement applies and that, at the date of this Agreement, forms part of the Cybertrust group of companies.

The application, acceptance, and installation a certificate pursuant to this Agreement indicates your acceptance of the terms and conditions of this Agreement pursuant to Section 7.1 below and you represent and warrant to Cybertrust and any Certificate Beneficiaries that you are either an Applicant (as such term is defined below), employed by the Applicant, or an authorized agent who has express authority to represent Applicant, and who has the necessary authority on behalf of the Applicant to accept this Agreement.

1. Definitions

In addition to the capitalized words, acronyms and phrases elsewhere defined herein, for the purposes of this Agreement the following words, acronyms and phrases shall have the following meaning, unless the context requires otherwise:

*Agreement*	*means this Subscriber Agreement together with any Cybertrust document or materials incorporated herein by reference.*
*Applicant*	means (i) a non-governmental legal entity (whether ownership interests are privately held or publicly traded) whose existence was created by a filing with (or an act of) the incorporating agency in its jurisdiction of Incorporation; or (ii) a government-operated legal entity, agency, department, ministry, or similar element of the government of a country, or political subdivision within such country (such as a state, province, city, county, etc.); (iii) an entity that conforms to neither (i) or (ii) above (such as, by way of an example, a general partnership, an unincorporated association), that applies for (or seeks renewal of) an EV Certificate naming it as the subject.
*Application Software Vendor*	*means a developer of Internet browser software or other software that displays or uses certificates and distributes root certificate.*
*CA Policies*	means Cybertrusts policies, practices and policies in operating a public CA for the purposes of providing public certification services and issuing Certificates (including the relevant and then applicable Certificate Practice Statement or CPS), as documented and modified from time to time by Cybertrust. A copy of the most recent CA Policies are currently located at http://cybertrust.omniroot.com/repository.cfm or can be obtained upon request from Cybertrust.
*Certificate*	*means an electronic data file digitally signed and issued by Cybertrust that is a so-called Extended Validation SSL Server Certificate and issued under the Guidelines.*
*Certificate Beneficiaries*	means (i) the Subscriber entering into a subscriber agreement for the Certificate; (ii) the Subject named in the Certificate; (iii) all application software vendors with whom Cybertrust has entered into a contract for inclusion of its relevant root certificate in software distributed by such vendors; (iv) all Relying Parties that actually rely on a Certificate during its validity period.
*Force Majeure Event*	*means acts of governments, hostilities, power failures, fire, strike, riot, or any other event beyond the reasonable control of a party hereto.*
*Guidelines*	means the version of the Guidelines for the Issuance and Management of Extended Validation Certificates most recently adopted and made affective by the CA/Browser forum at the time of issuance of the Certificate. At the date of publication of this Subscriber Agreement, the CA/Browser forum has posted the Guidelines at http://www.cabforum.org.
*Relying Party*	means any individual or entity that acts in reliance on a Certificate or electronic signature created with such Certificate and/or has entered into a Relying Party Agreement valid for the Certificate.
*Subscriber*	*means the person or entity named during the Certificate application and enrollment by the applicant and named as the Certificate subject and for whose use a Certificate is issued.*

2. GENERAL

2.1 Subject to the terms and conditions of this Agreement, and Cybertrusts acceptance of the Certificate application and subsequent issuance of a Certificate to Subscriber, Cybertrust grants Subscriber a personal, non-exclusive, non-transferable, non-sublicensable, revocable and limited license to install and use any Certificate issued to Subscriber by Cybertrust and any digital signature Subscriber creates using the public and private key associated with such Certificate. The Certificate will be issued under and subject to the applicable CA Policies and is provided for Subscribers sole use. In relation to the issuance and management of Certificates, Cybertrust conforms to the current version of the Guidelines which are incorporated into this Agreement by reference. To the extent of any conflict or inconsistency between this Agreement and the Guidelines, the Guidelines shall take precedence.

2.2 In connection with the issuance of a Certificate Subscriber is or will be provided with one or more private keys. Subscriber must keep, and represents and warrants that it shall keep, its private keys associated with the Certificate (and any associated access information or device such as, by way of an example, passwords or tokens) safe from unauthorized use, compromise and disclosure. Subscriber must promptly inform Cybertrust and Subscriber represents and warrants to Cybertrust and any Relying Party that it will promptly request Cybertrust to revoke the Certificate upon (i) learning of any actual or threatened unauthorized use, misuse, or compromise of the Certificate and/or the private key(s) associated with the Certificate; (ii) any information in the Certificate becomes incorrect or inaccurate.

2.3 Applicant, on its own behalf and on behalf of the Subscriber, represents and warrants to Cybertrust and any Relying Party that:

(i) all information instrumental and/or material to Cybertrusts issuance of a Certificate shall be provided in a complete and accurate manner at the time the issuance of a Certificate is applied for and thereafter;

(ii) Subscriber will use (or, where permitted, allow usage of) the Certificate for lawful purposes only, in compliance with all applicable laws, solely for authorized company business and further to the extent permitted by this Agreement and the applicable CA Policies;

(iii) Subscriber will promptly inform Cybertrust if any of the information and/or materials that have been provided in support of the Certificate issuance application or for inclusion in the Certificate is no longer valid or accurate, and promptly request for revocation of the Certificate;

(iv) Subscriber has and will maintain, at its own expense, any rights, authorizations, approvals and consents required in respect of your Certificate issuance application and Subscribers subsequent Certificate usage (including, without limitation and where applicable, any exclusive rights pertaining to the domain name to be listed in the Certificate);

(v) Subscriber will install the Certificate only on the server accessible at a domain name listed on the Certificate;

(vi) Subscriber will immediately cease all further use of the Certificate and the associated private keys upon expiration or revocation of that Certificate;

(vii) Subscriber will not install nor use the Certificate until such time that it has reviewed and verified that the information included in the Certificate is accurate;

(viii) Subscriber will require each Certificate Relying Party to agree to be bound by Cybertrusts relevant Relying Party agreement as available from Cybertrust at Cybertrusts repository currently located at http://cybertrust.omniroot.com/repository.cfm or which can be obtained upon request from Cybertrust.

To the extent this Agreement is entered into on behalf of another person or entity intended to be the Subscriber the party entering into this Agreement represents and warrants to Cybertrust and any Relying Party that it has all necessary power and authorization to do so and to unconditionally bind such other person or entity vis-à-vis Cybertrust by this Agreement.

3. REVOCATION

3.1 Cybertrust reserves the right to revoke Subscribers Certificate at any time without notice and without indemnity upon occurrence of any or all of the following:

(i) a revocation request issued by or on behalf of Subscriber;

(ii) Cybertrust has good faith reasons to believe that the Certificate is or is likely to become compromised or used in an illegal or otherwise unauthorized manner;

(iii) Cybertrust has good faith reasons to believe that any of the information contained in the Certificate has materially changed or is no longer accurate;

(iv) the Certificate has been issued to persons or organizations that are or at any time become identified or known as publishers or distributors of malicious software, or that impersonate other persons or otherwise undertake activities that are illegal, fraudulent or unethical;

(v) any compelling event under applicable law (including, by way of an example, if the Certificate has been issued to persons or organizations against which any form of supra-national, international, or national trade embargo becomes enforced);

(vi) Cybertrust obtains reasonable evidence that Subscriber violated any of its material obligations under this Agreement or otherwise;

(vii) Cybertrust discontinues for any reason its provision of public certification services or the trust associated with the certificate hierarchy under which the Certificate has been issued becomes compromised;

(viii) Subscribers failure to maintain any permits, approvals, rights or authorizations as required for the issuance and/or use of the Certificate (including, without limitation, any failure to maintain domain name registration);

(ix) Cybertrust, in its sole discretion, determines that the Certificate if not revoked or Subscriber engaged in activities that may be harmful or compromise Cybertrusts (or a Cybertrusts affiliates, agents or service providers) business reputation or trust status.

(x) any additional and reasonable grounds for revocation as Cybertrust may publish from time to time in its CA Policies or make otherwise known to Subscriber.

For additional clarity, except as mandated by the CA Policies or applicable law, Cybertrust does not have any obligation to revoke a Certificate upon occurrence of any or all of the events listed under items (i) through (ix) under Section 3.1. Subscriber agrees that this Section 3.1 is without prejudice to and does not release Subscriber from its obligation to promptly request revocation of any Certificate upon learning or suspecting that any of the events pursuant to which Cybertrust may revoke the Certificate has occurred or is likely to occur.

3.2 Upon revocation or expiration of a Certificate, Subscriber must permanently remove that Certificate from all applications, systems and/or devices on which it is installed and immediately cease all further use of the Certificate. If, in connection with the Certificate issued, Subscriber received a license from Cybertrust to display a seal, logo, mark and/or other on a website or other medium, Subscriber must immediately remove such seal or indicium upon revocation or expiration of the Certificate.

4. INTELLECTUAL PROPERTY RIGHTS

4.1 As between Subscriber and Cybertrust, all title, copyrights, trademarks, service marks, patents, patent applications and all other intellectual proprietary rights now known or hereafter recognized in any jurisdiction (IPR) in and to the Cybertrusts public certification services (including, without limitation the CA Policies), and any related functionality and technology, know how, trade secrets, information, concepts and methodologies are owned and will continue to be owned by Cybertrust and/or its licensors. You agree to make no claim of interest in or ownership of any such IPR. Subscriber acknowledges that no title or interest in and to any IPR, Cybertrusts public certification services (including, without limitation the CA Policies) and any related functionality and technology, know how, trade secrets, information, concepts and methodologies is transferred to Subscriber and that Subscriber do not obtain any rights, express or implied, other than the rights expressly granted in this Agreement.

4.2 Cybertrust does not claim ownership of any of Subscribers factual proprietary information that Cybertrust obtains from or about Subscriber in connection with the issuance of a Certificate. However, Subscriber hereby grants Cybertrust (including its affiliates, agents and service providers) a free permission to copy, store, use, transmit and process, edit, translate and reformat such information for the purposes of its (i) provisioning of public certification services and performing associated functions (such as billing, accounting and administering); (ii) performance under and/or enforcement of this Agreement.

5. Confidentiality AND PERSONAL INFORMATION

5.1 Each party agrees not to disclose to a third party any confidential and/or proprietary information that it may obtain or receive from the other party (Confidential Information) and to take all reasonable precautions to prevent unauthorized disclosure or use of that other partys Confidential Information. Confidential Information shall not include information that is already in the public domain through no fault of the receiving party, or was already known to the receiving party through no breach of a confidentiality obligation.

5.2 Notwithstanding the foregoing, Subscriber agrees and hereby expressly authorizes Cybertrust to provide any information from or about Subscriber to any of its affiliates, agents and service providers to the extent reasonably required for performance hereunder. Subscriber further agrees that Cybertrust may use any information from or about Subscriber to provision certification and certificate lifecycle management services, to communicate with Subscriber regarding its subscription, any Cybertrust products and services and other topics Cybertrust may deem of interest to Subscriber. Subscriber acknowledges and accepts that Cybertrust will include certain information in the Certificate (including Personal Information, as such term is defined below) and that Cybertrust shall have the right to disclose the same to third parties and, further, that Cybertrust may make publicly available any such information embedded in the Certificate and any information regarding the validity of the Certificate (including, by way of an example only, suspension or revocation status information). Subscriber also agrees that Cybertrust may use any information from or about Subscriber in any format for any purpose provided that all such data is aggregated with other data such that any use of such data by Cybertrust, its affiliates, agents and/or service providers (as applicable) will not be identifiable as originating from Subscriber.

5.3 Subscriber acknowledges that Cybertrust will, and any Cybertrust affiliate, agent or service provider may, by virtue of its subscribing under this Agreement and/or its use of a Cybertrust web site come into possession of Personal Information about Subscriber. Personal Information as used in this Agreement means any non-public personally identifiable information concerning a natural or legal person that is as such protected by applicable legislation and regulations (Applicable Privacy Laws). Subscriber accepts and agrees that Cybertrust and any Cybertrust affiliate, agent or service provider may, on Subscribers behalf, use, process and/or transfer any or all of its Personal Information both within and outside one or more national or supra-national jurisdictions in connection with this Agreement and its subject matter. Cybertrust will treat Subscribers Personal Information as set forth herein and in its Privacy Policy forming part of the CA Policies, as amended from time to time by Cybertrust, and Cybertrust further agrees to comply with the Applicable Privacy Laws and so does Subscriber.

6. FEES ; PAYMENT TERMS

6.1 Subscriber shall make timely payment of the applicable Certificate purchase price and/or associated services fees as set forth on Cybertrusts website at the time of purchase or as otherwise agreed upon in writing by Cybertrust or the relevant authorized Cybertrust reseller or distributor. Except where explicitly otherwise agreed upon in writing, all fees are due immediately and, except to the extent explicitly set forth otherwise herein, non-refundable. All fees and prices are specified exclusive of any taxes or duties that may apply. Subscriber shall pay such additional amounts as may be required in order that the net amount actually received by Cybertrust, after deduction or withholding of all applicable taxes and duties, shall be equal to the amount expressed to be payable that Cybertrust would have received but for such deduction or withholding being required.

6.2 To the extent Subscriber purchases Certificates from a Cybertrust authorized reseller or distributor the provisions of Section 6.1 shall not apply and fees and payment terms shall be as agreed between Subscriber and that reseller or distributor.

7. TERM AND TERMINATION

7.1 This Agreement commences on the earlier date that acceptance of its terms and conditions is signified by or on behalf of Subscriber, as such acceptance may be signified the application for, acceptance, installation and/or use of a Certificate. This Agreement shall continue until the Certificate has expired or has been revoked, whichever is earlier.

7.2 Subscriber may terminate this Agreement at any time by revoking the Certificate. In no event shall termination of this Agreement give rise to any reimbursement, credit or refund of any pre-paid fees. Subscribers obligation to make payment that accrued prior to termination of this Agreement shall survive termination of this Agreement.

8. INDEMNITY

8.1 Subscriber understands and agrees that Subscriber is personally responsible for use of the Certificate and for the safeguard of the associated private keys. Subscriber agrees to indemnify, defend and hold harmless Cybertrust, its affiliates, agents and service providers and their respective directors, officers, employees, successors and assigns from and against all actual or threatened third party claims or proceedings and any losses, expenses, damages and costs (including reasonable attorneys fees and costs) that may be sustained, resulting from or arising out of (i) Subscribers use or misuse of the Certificate; (ii) information submitted by or on behalf of Subscriber during the Certificate application process and the accuracy thereof, (iii) Subscribers breach of any provision of this Agreement (including, without limitation, breach of any representations or warranties Subscriber makes hereunder); (iv) Subscribers failure to safeguard the private key associated with the Certificate, or failure to use of a trustworthy and secured system, or to take such actions and measures as necessary or reasonable to prevent and protect against the compromise, loss, disclosure or modification or unauthorized use of the associated private key, except to the extent such claims, losses, expenses, damages and costs arise from Cybertrusts gross negligence or willful misconduct in complying with its obligations and undertakings under this Agreement. Cybertrust reserves the right, at its own expense, to assume the exclusive defense and control of any matter for which Subscriber is required to indemnify hereunder, and Subscriber agrees to cooperate with our defense of these claims.

9. CYBERTRUST WARRANTIES AND DISCLAIMER OF WARRANTIES

9.1 Cybertrust represents and warrants, as related to and for the benefit of the Certificate Beneficiaries, that: (i) during the period when the Certificate is valid the relevant Cybertrust CA has followed the requirements of the Guidelines and its own CA Policies as they relate to the type of Certificates covered by this Agreement in issuing the Certificate and in verifying the accuracy of the information contained in the Certificate; (ii) Cybertrust has confirmed with the incorporating or registration agency in the Subjects jurisdiction of incorporation or registration that, as of the date the Certificate was issued, the Subject named in the Certificate legally exists as a valid organization or entity in the jurisdiction of incorporation or registration; (iii) Cybertrust has confirmed that, as of the date the Certificate was issued, the legal name of the Subject named in the Certificate matches the name on the official government records of the incorporating or registration agency in the Subjects jurisdiction of incorporation or registration, and if an assumed name is also included, that the assumed name is properly registered by the Subject in the jurisdiction of its place of business; (iv) Cybertrust has taken all steps reasonably necessary to verify that, as of the date the Certificate was issued, the Subject named in the Certificate has the exclusive right to use the domain name(s) listed in the Certificate; (v) Cybertrust has taken all steps reasonably necessary to verify that the Subject named in the Certificate has authorized the issuance of the Certificate; (vi) Cybertrust has taken all steps reasonably necessary to verify that all of the other information in the Certificate is accurate, as of the date the Certificate was issued; (vii) the Subject named in the Certificate has entered into a legally valid and enforceable subscriber agreement that satisfies the requirements of the Guidelines; (viii) Cybertrust will follow the requirements of these Guidelines and will use all reasonable efforts to maintain a 24 x 7 online-accessible repository with current information regarding the status of the Certificate as valid or revoked; and (ix) Cybertrust will follow the requirements of the Guidelines and revoke the Certificate upon the occurrence of any revocation event as specified in the Guidelines.

9.2 Except to the extent explicitly stated otherwise in this Agreement AND to the maximum extent permitted by law, all CYBERTRUSTS products and services are provided as is and CYBERTRUST makes no warranties with respect to usefulness, functionality, operability, timeliness and non-infringement. CYBERTRUST hereby EXPRESSLY disclaims TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW all other warranties, express or implied, STATUTORY OR OTHERWISE, including, without limitation any warranty of merchantability or fitness for a particular purpose.

10. LIMITATION OF LIABILITY

10.1 IN NO EVENT WILL CYBERTRUST BE LIABLE FOR ANY DAMAGES WHATSOEVER, INCLUDING, BUT NOT LIMITED TO ANY DIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY OR OTHER INDIRECT DAMAGES ARISING OUT OF (I) THE USE OF OR INABILITY TO USE THE CERTIFICATE (II) ANY TRANSACTION CONDUCTED THROUGH OR FACILITATED BY THE USE OF THE CERTIFICATE; (III) ANY CLAIM ATTRIBUTABLE TO ERRORS, OMISSIONS, OR OTHER INACCURACIES IN THE CERTIFICATE NOT ARISING FROM CYBERTRUSTS BREACH OF THE WARRANTIES PROVIDED UNDER SECTION 9.1 ABOVE; (IV) SUBSCRIBERS FAILURE TO COMPLY WITH ANY PROVISION OF THIS AGREEMENT, EVEN IF SUCH DAMAGES WERE FORESEEABLE AND EVEN IF CYBERTRUST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE EXTENT PERMITTED BY APPLICABLE LAW: IF SUBSCRIBER IS DISSATISFIED WITH THE CERTIFICATE, OR WITH THE TERMS OF USE, SUBSCRIBERS SOLE AND EXCLUSIVE REMEDY IS TO REVOKE IT.

10.2 The aggregate liability (including attorneys fees and court costs and expenses awarded hereunder) of Cybertrust AND ANY CYBERTRUST AFFILIATE, AGENT AND SERVICE PROVIDER and of and their respective directors, officers, employees, successors and assigns, IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW AND shall IN NO EVENT EXCEED, IN THE AGGREGATE, THE HIGHER OF (i) THE EQUIVALENT OF FIVE THOUSAND U.S. DOLLARS ($5,000.00); OR (ii) THE PURCHASE PRICE PAID FOR THE CERTIFICATE. THE LIMITATIONS SET FORTH IN THIS SECTION SHALL BE THE SAME AND SHALL APPLY IRRESPECTIVE OF THE NUMBER OF DIGITAL SIGNATURES, TRANSACTIONS OR CLAIMS RELATED TO SUCH CERTIFICATE.

11. UPDATES AND AMENDMENTS

11.1 This Agreement as well as other policies, statements, agreements, information and materials (collectively Materials) related to or associated with Cybertrusts certification services and the provision thereof may be updated, revised, supplemented or replaced from time to time by Cybertrust in its sole discretion and without prior notice. A Subscriber is responsible to monitor and maintain awareness of any such changes to the Materials. Unless a later date is indicated by Cybertrust, Materials become effective upon the date such Materials are posted by Cybertrust under the Cybertrust Repository currently located at http://cybertrust.omniroot.com/repository.cfm. By continuing to use the Certificate or Cybertrusts certification services after changes to any of the Materials have become effective, Subscriber signifies acceptance of such changed Materials.

12. GENERAL PROVISIONS

12.1 Severability. The invalidity or unenforceability of any provision of this Agreement shall not affect the validity or enforceability of any other provision hereof. In the event that any provision of this Agreement is determined to be invalid, unenforceable or otherwise illegal, such provision shall be deemed restated, in accordance with applicable law, to reflect as nearly as possible the original intent, and the remainder of this Agreement shall remain in full force and effect.

12.2 Assignment and Subcontracting. Subscriber may not assign or transfer or attempt to do so any right or obligation under this Agreement, in whole or in part, to any person or entity, whether by assignment, transfer, merger or otherwise without Cybertrusts prior written consent. Cybertrust shall have the right to, in its sole discretion, assign or transfer this Agreement or delegate all or part of its rights hereunder and may use affiliated companies, agents or service providers to perform all or some of its services, duties and obligations.

12.3 Force Majeure. Neither party will be liable for any default or delay in the performance of all or part of its obligations (other than an obligation to make payment of any monies) under this Agreement to the extent such default or delay is caused by a Force Majeure Event.

12.4 Headings. Section headings used in this Agreement are for reference and convenience and are not to be construed as limitations of the substance of any provision.

12.5 Notices. Any notice required or permitted under this Agreement must be served to Cybertrust at the address of Cybertrusts then current seat of operations with a copy to: Cybertrust Legal Department EMEA, Philipssite 5, B-3001 Leuven, Belgium. A notice takes effect from the time it is received unless a later time is specified in it. A notice is deemed to be received by Cybertrust (i) in the case of an express couriered letter, on the date of actual delivery; (ii) in the case of a mailed letter, on the fifth (5th) day, or, if mailed to or from one country to another, on the seventh (7th) day after mailing; and (iii) in the case of a facsimile, on production of a transmission report by the machine from which the facsimile was sent which indicates that the facsimile was sent in its entirety to the facsimile number of the recipient.

12.6 No waiver. No waiver, modification or cancellation of any of the provisions of this Agreement shall take effect unless made in writing and signed by Cybertrust. Cybertrusts failure to require performance of any provision thereof shall not affect Cybertrusts right to enforce the same, nor shall any waiver of a breach be deemed a waiver of any other breach.

12.7 Entire Agreement. Except to the extent set forth otherwise herein or in a written agreement between Subscriber and Cybertrust (or a Cybertrust affiliated company), this Agreement constitutes the entire agreement between Subscriber and Cybertrust regarding the subject matter hereof, superseding any prior agreements that Subscriber may have with Cybertrust regarding its subject matter.

12.8 Applicable Law and Jurisdiction. This Agreement shall be construed, interpreted and enforced in accordance with the laws of Belgium, exclusive of any choice of law rules. The United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. Any and all disputes, claims or litigation arising from or related in any way to this Agreement or the Certificate shall be resolved by the courts located in Brussels, Belgium. Subscriber agrees to waive any objections against and agree to submit to the aforementioned jurisdiction.

12.9 Dispute Resolution. To the extent permitted by applicable law, Subscriber shall first serve Cybertrust written notice of any dispute that Subscriber believes may have arisen in connection with this Agreement prior to seeking judicial remediation, action or relief. If despite Cybertrusts and Subscribers good faith efforts no amicable resolution can be reached within sixty (60) days from Cybertrusts receipt of Subscribers notice, either party may seek resolution or settlement by submitting the dispute to the competent courts as determined in accordance with Section 12.8 above.