 Back to top
|
| 1. What is an ACES certificate? |
| a. |
Just as a driver's license or passport identifies a person in a face-to-face
transaction, an ACES certificate identifies a person in an online transaction.
An ACES digital certificate ensures authenticity and accountability in
citizen-to-government, business-to-government and government-to-government
electronic transactions.
|
| 2. Who needs to obtain an ACES certificate? |
| a. |
The governmental agency participating in the ACES program designates what forms
require ACES digital signatures and whose digital signature needs to be applied
to the form. The same individuals required to digitally sign the form are the
same individuals that need to obtain an ACES digital certificate.
|
| 3. What types of ACES certificates are available and what are their different uses? |
| a. |
There are two certificate types in the ACES program. Please reference (outside link to agency
requiring digital certificate use) to identify what certificate type is required for your
application/use.
| i. |
ACES individual certificate: for an individual, representing him- or herself as a citizen -- used for identity authentication and digital signing |
| ii. |
ACES business representative certificate: for an individual, representing him or herself as an agent for a business or organization -- used for identity authentication and digital signing. |
|
| 4. How long is an ACES certificate valid? |
| a. |
ACES certificates are valid for two years from the date of certificate
issuance. They can then be renewed as early as 90 days prior to expiration.
Renewal notifications are sent to account owner email addresses.
NOTE: Digital certificates are non-transferable.
|
| 5. Which Web browsers are able to support the use of digital certificates? |
| a. |
Microsoft Internet Explorer 3.x and above, Firefox (Mozilla) 1.5 and above and
older legacy Netscape Navigator 3.0 and higher Netscape Communicator 4.0.
Currently the only web browser supported on the Apple Mac OS platform is Firefox.
Safari is not supported.
|
| 6. How long does it take to get an ACES certificate? |
| a. |
Applicants should allow 3-5 days for the welcome letter to arrive in the mail.
An ACES unaffiliated individual certificate takes approximately one complete
business day to approve. Once approved, a welcome letter is mailed to the
applicant’s address of record and will allow for immediate certificate retrieval.
An ACES business representative certificate takes approximately 3-5 days to
approve. Once IdenTrust receives the completed, notarized authorization form,
we can normally approve the certificate request same day we receive all required
forms. Once approved, a welcome letter will be mailed to the applicants address
of record and allow for immediate certificate retrieval. Applicants should allow
3-5 days for the welcome kit to arrive in the mail.
|
| 7. How do I protect my identity as a certificate holder? |
| a. |
To protect the identity of ACES certificate holders, only the certificate holder should be using the
digital certificate. Allowing others to use your certificate through sharing your password,
passphrase or private key weakens the security of the system and presents a security danger
to the certificate holder. Those certificate holders found to have shared this confidential
information will be notified that their certificates can be revoked.
|
Back to top
|
| 8. What do I do if I forget my passphrase? |
| a. |
If you have forgotten your passphrase, and know your account number, you can
request automated passphrase assistance by following these simple steps.
| 1. |
In you web browser, browse to www.IdenTrust.com |
| 2. |
Click on the Certificate Management Center |
| 3. |
Click on the orange Login prompt on the left hand portion of your screen |
| 4. |
When the Choose a digital certificate windows prompt appears, click Cancel |
| 5. |
Enter in your account number, then click on the I forgot my passphrase link |
| 6. |
You will receive an email from us with instructions on how to reset your passphrase |
Please note: IdenTrust does not have access to any passphrase and does not have
the ability to reset for you. If you forgot your passphrase, and you are unable
to reset your passphrase through the instructions above, it is like loosing a
drivers license or passport. You will need to apply for and purchase a new
digital certificate.
|
| 9. Reasons that IdenTrust must revoke your certificate? |
| a. |
If at any time the IdenTrust customer support staff has a belief that the private
key (passphrase) is/was compromised by anyone other than the certificate account
owner, they are required by IdenTrust company policy, ACES Certificate Policy
(CP) and ACES Certificate Practice Statement (CPS) to protect (revoke) the
certificate.
Typical examples encountered by the customer support team:
| i. |
Certificate owner is not the one who filled out the application, but is calling in for support. Although they are account owner, they typically cannot answer questions about information contained in the application |
| ii. |
Certificate owners CPAs has full custody and access to the certificate and the passphrase |
| iii. |
Certificate owners delegating use of the digital certificate to peers, assistance, office managers, etc for form signing |
|
| 10. How do I replace my certificate if I get a new computer? |
| a. |
Visit our support site: www.IdenTrust.com/support. Click on How To (middle of
page), then click on the Replacing an existing certificate link.
Also shown below:
| 1. |
Log into our online Certificate Management Center:
|
If it asks you to choose a certificate to log in with, click 'Cancel'. |
|
Enter in your account number, and DST Passphrase. (the passphrase you entered when first applying for the certificate) |
|
| 2. |
Look for the drop-down box under the listing for your "Valid Certificates". Select "I would like to replace my certificate", and click the 'Continue' button. |
| 3. |
Select to "Generate a Replacement Certificate", and click 'Next'. |
| 4. |
Follow the onscreen instructions to retrieve the new certificate. Note: it will give you a new activation code to use during the retrieval. You should write that down. |
| 5. |
At the end of the retrieval, it will tell you to "Verify" the installation. Be aware that if using Internet Explorer, this will fail the first time (because you had to click 'Cancel' on step #1), but it will give instructions to follow to successfully verify it. |
|
| 11. How do I back up my certificate to an external device? |
| a. |
Visit our support site: www.IdenTrust.com/support. Click on How To
(middle of page), then click on the Backup / Export a certificate link. Also shown below:
Internet Explorer 5+
| 1. |
Click on 'Tools' menu; on 'Internet Options'; 'Content' tab; 'Certificates' button. |
| 2. |
Click once on the certificate you wish to export. |
| 3. |
Click the 'Export' button, and click 'Next' on the first screen. |
| 4. |
Make sure that "Yes, export the private key" is chosen, then click 'Next'. |
| 5. |
Leave the box of "Enable strong protection" checked. Although not necessary, we also recommend putting a check in the "Include all certificates in the certification path if possible" box. Click 'Next'. |
| 6. |
It will now ask for a new password to be created. Type in any password of your choosing. (and re-type it in the appropriate box). Keep in mind that it is case-sensitive. Any capital letters you use will also need to be used later. Click 'Next'. |
| 7. |
Click the 'Browse' button. Choose a drive and folder you would like to store the file. Then type in a name you would like the file to have. Click 'Save'. Click 'Next'. |
| 8. |
Click 'Finish'. If it asks you to click OK, do so. If it is asking for a password, then this would be the same password it asks for when you normally use the certificate online.
NOTE: the saved file will look like an open envelope with a key in front.
|
Mozilla Firefox
| 1. |
Click the 'Tools' menu at the top of Firefox. |
| 2. |
Click 'Options'.
|
Depending on your version of Firefox, you will either have icons on the left side or on the top of the options window. |
|
| 3. |
Click the 'Advanced' icon. |
| 4. |
Open the 'Certificate Manager' window:
|
If your icons are on the top of the Options window, click the 'Security' tab, then click 'View Certificates'. |
|
If your icons are on the left side, look for 'Certificates' in the main part of the Options window. Under the 'Certificates' heading, click 'Manage Certificates'. |
|
| 5. |
Select the certificate you want to export, and click the 'Backup' button. |
| 6. |
Choose the location to save the certificate file being created, and give it a name, then click 'Save'. |
| 7. |
If prompted, enter the master password for the "Software Security Device" and click OK. |
| 8. |
Create and confirm a backup password to protect the file being created, then click OK. |
| 9. |
You should see an Alert saying 'Successfully backed up your security certificate(s) and private key(s)'. |
|
Back to top
|
| 12. What if I bought the wrong type certificate? |
| a. |
Please contact the IdenTrust customer support team at: 888-339-8904. Please have
your existing account number available and our team will be able to identify what
you purchased vs. what you need. As different certificates have different
governing policies and practices, we cannot modify or change the account type.
You will need to apply for the correct certificate type.
|
| 13. How do I install a certificate on a MAC? |
| a. |
Currently the only browser that is supported in the Apple Mac computer is
Mozilla’s Firefox. Please contact the IdenTrust customer support team if you
need assistance retrieving a certificate on this platform.
|
| 14. How do I reach IdenTrust Help Desk? |
| a. |
The IdenTrust customer support team is available to assist certificate account
owners Monday through Friday, 6 a.m. - 6 p.m. Mountain Time (8 a.m. - 8 p.m.
Eastern Time) and via e-mail at aceshelp@IdenTrust.com and via a toll-free phone:
888-339-8904. After normal business hours, IdenTrust utilizes an answering
service who will take a message for next business day call back and to report
IdenTrust system down emergencies.
|
| 15. What types of ACES certificates are available and what are the differences? |
| a. |
ACES Unaffiliated Individual Certificate -
enables you to authenticate yourself in personal government transactions
to gain access to restricted Web sites, and to send and receive e-mail
communications using your digital certificate to authenticate yourself.
ACES Business Representative Certificate -
enables you to authenticate yourself as an employee of a valid business
in government transactions to gain access to restricted Web sites, and to
send and receive e-mail communications using your digital certificate to
authenticate yourself.
ACES Qualified Relying Party Certificate -
for federal agency applications, including Web servers, to authenticate
the agency's ownership of the application.
|
Back to top
|
| 16. Why should I get an ACES certificate? |
| a. |
Using an ACES certificate for federal government agency transactions
allow individuals access to more information and services electronically.
Using an ACES certificate could also reduce cycle time and increase the
efficiency of transactions with participating federal agencies. This is
accomplished through converting from paper-based to electronic processes.
ACES certificates enable federal agencies to authenticate individuals in
electronic transactions and gain assurance of an individual's identity prior
to granting confidential information access.
ACES certificates can facilitate
digital signing and can be used in place of an ink signature in some instances.
|
| 17. Who bears the cost of an ACES certificate? |
| a. |
ACES certificates may be purchased directly from the IdenTrust website. In some cases, a participating agency may cover the costs for people
under that agency or for those who are required to obtain an ACES certificate to interact with that agency. If you would like to find out if
your certificate costs are covered by a participating agency, please contact that agency directly.
IdenTrust does not directly participate in these certificate cost concessions.
|
| 18. I need multiple certificates. Can I apply and get them all at once? |
| a. |
Unfortunately not.
Because digital certificates are for a specific person or device, and
it is highly unusual to get multiple certificates for the same person or device,
each certificate needed should be applied for individually by the person needing
it.
Although, if purchasing quantities of 5 or more, certain certificate types may offer
a "bulkload" process that is able to submit all applications at once. If you need this
many certificates, please contact us for additional information.
|
| 19. Can I use my ACES certificate for entities other than participating ACES program agencies? |
| a. |
Unfortunately not.
Holders of ACES individual or business representative certificates
may not use their certificates for transactions with entities other
than participating agencies.
|
| 20. I am trying to attach my digital signature to my LM2 form. How do I locate it? |
| a. |
The LM2 form uses Adobe Acrobat, which can read from its own certificate storage area or from Windows/Internet Explorer.
If you retrieved your certificate on this computer using Internet Explorer,
then the LM2 form should be able to locate your certificate when you try to
digitally sign. If it cannot, then your Adobe Acrobat might need to be
reconfigured to "trust" Windows' certificate storage. The Adobe Acrobat help
function is able to provide steps on this for your version of Acrobat.
If you retrieved your certificate using a different web browser, then you
should backup your certificate to a backup-file. This process is different
for each type of web browser. Adobe is able to add backup files into it's
own certificate storage by clicking the "Set up a Digital ID" button when
trying to digitally sign, and choosing to "browse for an existing Digital
ID file".
Related link: I need to use my digital certificate on another
computer. What do I do?
|
| Back to top |
