Certificate Policy (CP)
Last updated on August 18, 2025
This Certificate Policy (“CP”) sets forth the principles and requirements under which Tabiri Trust Services (“Tabiri Trust”, “we”, “our”, or “us”) issues and manages digital certificates. This CP is designed to establish the degree of trust placed in certificates issued by Tabiri Trust and to inform subscribers and relying parties of their respective rights, duties, and obligations. This CP should be read together with our Privacy Policy and our Certification Practice Statement (CPS).
1. Scope
This CP applies to all certificates issued by Tabiri Trust, including those for organizational authentication, secure communications, and other trust-related services. The CP defines the intended uses, assurance levels, and responsibilities of subscribers and relying parties.
2. Identification and Authentication
Prior to issuance, Tabiri Trust verifies the identity of requesting organizations using validated business information, domain control checks, and other appropriate verification methods. Only duly authorized representatives of an organization may request and receive certificates.
3. Certificate Lifecycle Management
Certificates are managed according to the following principles:
- Requests must include accurate and complete organizational data.
- Certificates are issued only after successful validation.
- Certificates have defined validity periods and expiration dates.
- Renewal requires revalidation of organizational details.
- Revocation requires explicit request from the subscribing organization, except in cases of CA compromise or critical security risks.
4. Subscriber Obligations
Subscribers are required to:
- Safeguard private keys and prevent unauthorized access.
- Use certificates only for lawful, authorized purposes.
- Notify Tabiri Trust immediately if a private key is compromised or suspected to be at risk.
- Request revocation promptly when a certificate should no longer be trusted.
- Cease using expired, revoked, or invalid certificates.
5. Relying Party Obligations
Relying parties must validate the status of a certificate through Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) before use. Reliance on a certificate is at the relying party’s own risk, and relying parties should consider the subscriber’s responsibility for timely revocation.
6. Certificate Revocation
Tabiri Trust does not revoke certificates unilaterally except in extraordinary circumstances such as compromise of the CA’s signing keys, proven mis-issuance, or critical threats to the integrity of the trust infrastructure. In all other cases, revocation occurs only upon explicit request by the subscribing organization. Subscribers are responsible for requesting revocation promptly if their private keys are compromised, or if the certificate should no longer be valid.
Revoked certificates are published through Certificate Revocation Lists (CRLs) and/or made available via Online Certificate Status Protocol (OCSP) to inform relying parties of their status.
7. Information Security
Tabiri Trust maintains administrative, organizational, and technical safeguards to protect certificate issuance and management processes. While industry-recognized standards are applied, no security system is infallible, and residual risks may remain.
8. Liability and Limitations
Tabiri Trust’s liability in connection with certificates is limited to the extent permitted by applicable law and as specified in the CPS. Tabiri Trust shall not be liable for indirect, consequential, or incidental damages arising from reliance on a certificate.
9. Compliance and Audit
Tabiri Trust commits to maintaining compliance with applicable standards, including industry best practices for PKI operations, and may be subject to independent audits to demonstrate compliance.
10. Governing Law
This CP is governed by and construed in accordance with the laws of Kenya. Any disputes shall be subject to the exclusive jurisdiction of the courts of Nairobi, Kenya.
11. Amendments
Tabiri Trust may update this CP from time to time. Updated versions will be published on our website. Continued use of certificates after publication of changes constitutes acceptance of the revised CP.
Contact Information
Questions regarding this Certificate Policy should be directed to: