Terms of Use — SSL Managed

Effective date: 2026-04-29

1. Parties

• Publisher: 3SR, 228 Boulevard de la République, 33510 Andernos-les-Bains, France
• Customer: the entity that deploys SSL Managed from Microsoft Commercial Marketplace

2. License and service grant

3SR grants the Customer a non-exclusive, non-transferable, revocable license to use SSL Managed within their Azure tenant, plus a service commitment to operate the certificate lifecycle of the Common Names registered in the sslcerts container.

3. Pricing and billing

Billing is handled by Microsoft Commercial Marketplace. 3SR does not invoice the Customer directly.

4. Software components

By installing, the Customer authorizes 3SR to deploy:

• Azure Key Vault (SKU standard, RBAC mode)
• Storage Account with container sslcerts (no shared key access)

Resources are tagged devOpsRepo: SSL-Managed.

5. Certificate Authority and issuance flow

3SR uses GlobalSign Managed SSL as the underlying Certificate Authority for all certificates issued via SSL Managed. The Customer does not interact directly with GlobalSign — 3SR operates an internal API relay that authenticates against GlobalSign and triggers issuance / renewal on the Customer's behalf.

All certificates are OV (Organization Validated). Domain Validated (DV) and Extended Validation (EV) are not supported by this product.

6. Pre-requisite vetting

Before any certificate can be issued, two levels of vetting are required by GlobalSign Managed SSL :

• Organization vetting (one-time). The Customer provides 3SR with corporate documents (KBIS / company registration, articles of incorporation, proof of address, authorized signatory information). 3SR submits these to GlobalSign for validation. Lead time: typically 2-5 business days, depending on Customer responsiveness and GlobalSign throughput.
• Domain vetting (per domain, one-time). Each DNS domain that will host certificates must be vetted via GlobalSign domain validation (DNS-based). Once a domain is vetted, all subsequent issuances and renewals on that domain require no new vetting.

The Customer is solely responsible for providing accurate vetting documents. False or incomplete documents lead to GlobalSign rejection — neither 3SR nor GlobalSign can issue OV certificates without successful vetting.

7. 3SR's operational access

The Customer grants 3SR's publisher principal a role on the Managed Resource Group sufficient to operate certificate renewals (write access to Key Vault Certificates, read access to the Storage Account container). 3SR personnel will not access Customer data outside this scope without explicit written request.

8. Customer's obligations

• Ensure the deploying user has Owner or Contributor on the target subscription
• Provide and maintain accurate organization vetting documents (§6)
• Provide and maintain accurate domain vetting (DNS records as requested by GlobalSign during domain validation)
• Maintain the sslcerts container with the up-to-date list of CN to manage. All declared CN must be on a pre-vetted domain.
• Provide a contact email for renewal notifications
• Comply with Microsoft Azure Terms of Service and GlobalSign subscriber agreement (forwarded by 3SR at onboarding)

9. Service Level Agreement (SLA)

• Initial organization vetting: 2-5 business days (dependent on GlobalSign and Customer responsiveness)
• Domain vetting after first declaration: typically < 1 business day if DNS records are correctly set
• Certificate issuance / renewal on a pre-vetted domain: < 1 hour from declaration in sslcerts
• Renewal lead time: ≥ 30 days before expiration (3SR triggers renewal automatically)
• Support response: < 24h ouvrables (FR/EN), 9h-18h CET, lun-ven

10. Limitation of liability

3SR's liability is capped at the lower of total fees paid by the Customer over the 12 months preceding the incident, or 10 000 EUR. 3SR is not liable for delays or refusals attributable to GlobalSign during vetting or issuance.

11. Termination

The Customer may terminate at any time by uninstalling the Managed Application. 3SR may terminate with 60 days notice, except in case of breach by the Customer (immediate termination). Issued certificates remain valid until their expiration date — they are not revoked on termination unless the Customer explicitly requests it.

12. Data

Refer to the Privacy Policy.

13. Governing law

French law. Disputes submitted to the courts of Bordeaux, France.

14. Contact

3SR — support@3sr.fr · https://3sr.fr