Enterprise PKI (EPKI) Agreement Setup

What is EPKI?

An Enterprise PKI (EPKI) Agreement allows an authorized representative to assume responsibility for retaining and validating identity evidence  of employees or contractors  within a company or organization. This agreement is typically used to purchase a high volume of North American Energy Standards Board (NAESB) client auth certificates  and Individual Validation+Organization Validation (IV+OV) S/MIME certificates enabling pre-validation of certificates containing an individual identity associated with the organizational identity.

After a successful validation of the individual identity of a signatory to an EPKI agreement as well as an organizational validation of the entity the signatory represents, that person will then attain the function of the EPKI Administrator and be granted the authority to manage the life cycle of NAESB and IV+OV S/MIME certificates. Specifically, the EPKI Administrator can:
  • Issue NAESB and Personal ID+Organization S/MIME certificates to other people in the organization without having to submit ID evidence for each individual certificate. 
  • Request, renew, revoke, and re-issue NAESB and Personal ID+Organization S/MIME certificates for other members of the organization.
  • Enable automatic individual validation of bulk orders issued for the same previously-validated organization.
The EPKI Administrator can purchase EPKI-enabled, pre-validated Personal ID+Organization S/MIME certificates and NAESB certificates through the SSL.com Bulk Order Tool. Visit this guide  for instructions on how to use the bulk order tool with an enabled EPKI agreement. 
The Subscriber entering into an EPKI Agreement must retain IDs and make identity evidence available for sampling, if needed, during SSL.com quarterly and annual audits.

Partner Obligations in the EPKI Agreement

SSL.com includes the following obligations to its partners in an EPKI Agreement:
  • Appoint an EPKI Administrator to set up and maintain the Service, including any required registration, ordering, and configuration required to utilize the EPKI service.
  • Ensure the access credentials (typically, username and password) issued to the EPKI Administrator are secure.
  • Protect the confidentiality of Private Keys from unauthorized use.
  • Enter into and ensure compliance by each Subscriber with the terms of the Subscriber Agreement. 
  • Create and keep all records relevant to SSL.com’s functions as an LRA, including but not limited to records of: a) Subscriber identity verification b) Certificate revocation requests sent to SSL.com and c) authorizations to serve as Applicant Representative.
  • Collaborate with SSL.com to facilitate internal or external auditing requirements applicable to partners.

Below are steps for submitting a completed EPKI agreement:

  1. Fill out all required fields in the main form below
  2. Download and complete the 3 ePKI forms: Download ePKI forms
  3. After accomplishing the downloaded forms, attach/upload them to the main form below and click the Submit button.
  4. A member of the SSL.com sales team will reach out to confirm order details and schedule the next steps in the validation process.
If you need additional guidance, please contact the sales team at sales@ssl.com.
Twitter
Facebook
LinkedIn
Reddit
Email

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.