1. Registration

Use the standardised form to send us your application for a digital certificate. We assure you that we receive your data and we keep it in the safest conditions.

2. Digital certificate application

Once you have filled in all the information fields, you can review your application, change your options, and confirm your final application.

3. Acceptance of the digital certificate

The certificate you applied for is issued by certSIGN. You can accept the certificate, or you can request the modification of certain data, if the data you provided do not match the data in the certificate.

4. Upload to a cryptographic device or in a software format as a PKCS #12 file

Once you verified and accepted the certificate, it must be uploaded to the cryptographic device or in software format as a PKCS #12 file.

Afterwards, upload it to the operating system. You can read more about these operations in the technical guides. You can choose to upload the issued certificate yourself or request assistance from certSIGN.

5. Publication of the digital certificate

Once you have accepted the digital certificate and uploaded it to the operating system, your public key becomes accessible by publishing it on the Internet.

Any of the partners with whom you will exchange electronically signed or encrypted documents can use this key to send you messages that can only be opened using the private key in your possession. Your partners can also check the status of the certificate you are using.

A digital certificate can be used in a number of applications aimed at implementing the following security principles:

Identification and Authentication

• Identifies and authenticates people or objects (machines, software applications);
• Authenticates e-mails, files, computer programs or software components.

Integrity

• Ensures that the data has not been altered without authorization.

Non-repudiation

• Provides the indisputable proof of the origin of some data, of the receipt of some data, or of the moment an action is performed.

Confidentiality

• Stored or in transit data is encrypted, to guarantee that unauthorized users will not have access to it.

According to EIDAS 910/2014, a qualified certificate means a certificate for electronic signatures that is issued by a qualified trusted service provider and meets the following requirements:

Qualified certificates for electronic signatures contain:

1. an indication, at least in a form suitable for automatic processing, that the certificate has been issued as a qualified certificate for electronic signatures;
2. a data set which unambiguously represents the qualified trusted service provider issuing the qualified certificates, which shall include at least the Member State in which that provider is established; and
3. at least the name of the signatory or a pseudonym; if a pseudonym is used, it is clearly indicated;
4. validation data of the electronic signatures corresponding to the electronic signature creation data;
5. details on the beginning and end of the certificate period of validity;
6. the identity code of the certificate which must be unique to the qualified trusted service provider;
7. the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;
8. location of where the certificate that supports the advanced electronic signature or seal referred to in letter (g) is available free of charge;
9. locating the services that can be used to find the validity status of the qualified certificate;
10. an indication, preferably in automated processing form, of where the electronic signature creation data associated to the electronic signature validation data is located in the qualified electronic signature creation device.

To obtain a qualified digital certificate, follow the two steps below:

1. Contact a certSIGN consultant in order to establish the right solutions for you.
2. Prepare the official documents between you and certSIGN that are necessary for the issuance of the qualified digital certificate.

For more details on the issuance of a qualified certificate, refer to the Qualified digital certificate issuance procedure

Verification of electronically signed documents is an important issue and involves two aspects:

• Checking that the documents have not been modified;
• Checking the validity of the certificates by which the electronic signature was created.

For this purpose, certSIGN offers the shellSAFEVerify application free of charge. From here, you can learn more about shellSAFEVerify and download it.

After installing the application, you will be able to check any electronically signed document by double-clicking on the electronically signed document.

For more information or for technical support, click here.

A cryptographic device is a device that has cryptographic algorithms (symmetric and asymmetric) embedded in its structure, which allow it to safely perform cryptographic operations.

Cryptographic devices used by certSIGN meet all the requirements of a secure electronic signature creation device (DSCS) under the law 455/2001 on electronic signatures:

1. The confidentiality of the electronic signature creation data used for electronic signature creation is reasonably assured;
2. Signature creation data used for signature generation cannot be deducted;
3. The signature must be protected against forgery by the technical means available at the time of its creation;
4. The signature-creation data must be reliably protected by the signatory against use by unauthorized persons;
5. Shall not alter the data to be signed, or to prevent such data from being presented to the signatory prior to the completion of the signing process.

A qualified certificate for website authentication means a certificate for website authentication that is issued by a qualified trust service provider and that contains:

1. an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for website authentication;
2. a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and:
   • for a legal person: the name and, where applicable, registration number as stated in the official records,
   • for a natural person: the person’s name;
3.  for natural persons: at least the name of the person to whom the certificate has been issued, or a pseudonym. If a pseudonym is used, it shall be clearly indicated; for legal persons: at least the name of the legal person to whom the certificate is issued and, where applicable, registration number as stated in the official records;
4. elements of the address, including at least city and State, of the natural or legal person to whom the certificate is issued and, where applicable, as stated in the official records;
5. the domain name(s) operated by the natural or legal person to whom the certificate is issued;
6. details of the beginning and end of the certificate’s period of validity;
7. the certificate identity code, which must be unique for the qualified trust service provider;
8. the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;
9. the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point 8 is available free of charge;
10. the location of the certificate validity status services that can be used to enquire as to the validity status of the qualified certificate.

Email security is based on 4 fundamental principles: authenticity, integrity, non-repudiation and confidentiality.

Electronic signatures ensure observance of the first 3 principles. The content of electronically signed documents is always visible. The electronic signature ensures that any change to the document is detectable. You also have the guarantee of its origin and authenticity.

Encryption only provides data confidentiality. Encrypted data can only be viewed by authorized persons.

1. it binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably
2. it is based on an accurate time source linked to Coordinated Universal Time; and
3. it is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider, or by some equivalent method.

Timestamping an electronic document involves sending a unique identifier of that document (for example: a cryptographic summary of it) to a timestamping server.

The time stamp server adds to that identifier time-related information, a serial number, and then all that information is digitally signed.

The architecture, techniques, practices and procedures that collectively contribute to the implementation and operation of public key cryptographic systems, based on digital certificates.

PKI consists of hardware and software, databases, network resources, security procedures and legal obligations linked together and collaborating to provide and implement both certification services and other infrastructure-related services (e.g. time stamping).

When verifying an electronic signature, one of the most important things is to verify the digital certificate of the user who created that electronic signature.

To do this, you will need all the certificates of the certification authorities under which the digital certificate was issued. For example, when verifying a qualified certificate issued by certSIGN, you will need the certSIGN root certificate under which all certSIGN certificates are issued as well as the Certificate Authority certificate that issues qualified certificates.

A code signing certificate allows users of that code to establish its authenticity and to securely identity its author or source.