The following questions apply to situations in which a Provider is nominated by multiple Principals.
In the case of a Collection Arrangement, the Provider has one certificate of its own.
Can a Provider's certificate be used, by all the Principals, for making API calls to Data Holders requiring TLS?
Each Principal must have a client certificate issued to it, which the Provider uses to request CDR data on the Principal's behalf.
The ACCC and the ADRs are able to revoke a certificate, based on security hygiene processes or suspected or proven unauthorised disclosure of the private key.
To ensure only one Principal is affected by a revocation, the client certificate used to collect CDR data MUST be used exclusively for the Principal to which it belongs.