IdenTrust: State of Washington: Roaming Certificate General information

Roaming Certificate General information

1. Why are Roaming Certificates no longer available after March 31, 2012?
IdenTrust licenses and utilizes a third party appliance for the roaming solution. The organization that developed the roaming appliance (TriCipher) was purchased by another company (VMware) and the new company has given notice to IdenTrust of their intent to discontinue this product line and to end support for this service effective March 31, 2012. Since licensing and support is not available after that date, all roaming certificates will be revoked by close of business on March 31, 2012.

<Back to top

2. Who should I contact to get a Standard Browser Certificate?
Standard Assurance Browser certificates can be used in place of a Roaming Certificate and will allow you to access and use the online services in much the same way. The Standard Assurance Browser certificiate can be applied for by going to this link: http://www.identrust.com/wa/swa-level.html

To begin the process, simply complete the online application. If approved, IdenTrust will mail you a letter with instructions to retrieve the new Standard Assurance Browser certificate.

The entire process takes 3-5 business days depending on mailing times and certificate approval.

<Back to top

3. How do I uninstall the Roaming Certificate Client and disable my Roaming Certificate?
IdenTrust will revoke all Roaming Certificates on March 31, 2012 (if they have not already expired before this date). After this point, all Roaming Certificates will no longer work. The Roaming Certificate Client can be uninstalled from your computer by following these instructions.

Please note - to complete the following removal you will need to have administrative privleges on your machine.

Uninstall the IdenTrust Roaming client:

Windows XP

Windows 7

Remove the roaming certificate from your browser:

Internet Explore 6+

<Back to top

4. How does the change affect my previous use of the Roaming Certificate?
The Roaming Certificate will not be usable after March 31, 2012. IdenTrust offers other solutions for the State of Washington comparable to the Roaming Certificate. Below is a list of available solutions.

Please note that you may need to check with your specific agency about certificate requirements.

Requirements and Specifications
Digital Certificate Type	Registration and Application	Private Key Generation and Storage Options	Recommended Reliance Limit
2-year High Assurance Digital Certificate	Notary Form Online Application	Select One: SmartCard USB Token	$50,000
2-year Intermediate Assurance Digital Certificate	Online Application	Select One: SmartCard USB Token	$10,000
2-year Standard Assurance Digital Certificate	Online Application	Web Browser	$1,000

<Back to top

5. How do I get a refund on my Roaming Certificate?
For Roaming Certificates purchased before July 31, 2011 IdenTrust will provide a pro-rated refund for any unused time of the two year certificate. IdenTrust will mail out a check to you no later than April 30, 2012. No action is needed on the part of certificate holders.

IdenTrust will break the price paid for the certificate into 24 equal months (approximately $0.83 per month) and to refund any remaining full or partial months to the Roaming Certificate holders.

For example, a certificate that would have expired on May 14, 2012 will be unusable as of March 31, 2012 so the refund would include the full month of April and the partial month of May so two months will be refunded or $1.67.

<Back to top

6. How do I download the Roaming Client software for use on other computers?
As part of the certificate retrieval process, you will download the Roaming Client. However, if you uninstall the client from your computer, or if you want to access your certificate from a different computer, you can download and install the client software again. To download the client, go to the Download Roaming Client page and follow the instructions on the screen.

<Back to top

7. How do I remove my Roaming Certificate from a computer when I log out of the Roaming Client software?
To remove your certificate from the browser certificate store when you log out of the Roaming Client, right click on the Roaming Client icon in your system tray. Select "Advanced" then "Logout, delete certificate". Your certificate will automatically be removed. From a security perspective, it is not necessary to remove Roaming Certificates from the computer after each use. However, if a computer is used by multiple people with different digital certificates, it may be confusing because browser selection boxes will show all the certificates stored on the computer.

<Back to top

8. Can someone else use my Roaming Certificate if I don't remove it from the computer where I last used it?
No. Your Roaming Certificate, like any other digital certificate, does not need to be kept secret. Only your private key needs to be kept secret. The copy of your Roaming Certificate that is stored on a computer does not include a copy of your private key. The certificate, by itself, cannot be used to digitally sign or log in to a web site that requires user authentication. The private key associated with your Roaming Certificate can only be used by entering your Username and Roaming Password into the Roaming Client software. It is very important to keep your Roaming Password secret, because it activates your private key.

<Back to top

9. How do I change my Roaming Password?
To change your Roaming Password, click the "Change Password" button in the client. You will need to provide your current password and a new password.

<Back to top

10. If I use my Roaming Certificate on a different computer, is a copy of my certificate left there?
When you log in to the Roaming Client, a copy of your certificate is immediately downloaded into the browser. Depending on how you log out of the roaming client, this certificate may be removed from the certificate database in the browser. To ensure the certificate is removed, use the "Logout, delete certificate" option described above.

<Back to top

11. Should I use my Roaming Certificate to encrypt documents or e-mail?
The use of roaming digital certificates for encryption is not recommended. If you attempt to perform encryption with a Roaming Certificate, the encrypted information will become permanently unreadable if you ever lose or change your password, or if your certificate expires or is renewed.
There is a high likelihood that your data will be permanently destroyed if you ever perform encryption with a Roaming Certificate. Standard Assurance Certificates, including Roaming Certificates, are designed solely for use for digital signatures and user authentication.

<Back to top

12. Do I need to log out of the Roaming Client?
Yes, if you are leaving your computer unattended. When you are logged into the Roaming Client, your Roaming Certificate and private key are accessible to anyone using your computer. If you leave your computer while still logged into the Roaming Client, it is possible someone could digitally sign or authenticate into a secure website using your identity. The Roaming Client will automatically log out after ten minutes of inactivity, but it is highly recommended that you log out whenever you leave your computer unattended.

<Back to top

13. How do I log out of the Roaming Client?
Whenever you are logged into the Roaming Client, the "Logout" button will appear in the Roaming Client window. Clicking the "Logout" button will log you out, thereby requiring re-entry of your password before using the Roaming Certificate again. When you are logged out, the Roaming Client window will display the "Login" button, which will prompt for your password when you need to use the certificate again.

<Back to top