The Basics

On this page you find frequently asked questions relating to the the basics of the IGC certificates. If your question is not answered below, feel free to contact your IdenTrust support team.

IdenTrust Global Common (IGC) Certificates are cross-certified with the U.S. Federal Bridge Certification Authority, enabling trust by U.S. Federal, State, and local governments, along with commercial entities or applications wishing to rely only on Certificates proven to be issued in a standards-compliant manner. IGC Certificates are available in Basic, Medium Software, and Medium Hardware Assurances.

Use cases for IGC Certificates include authentication to networks and applications, digital signing of email, transactions and documents, and encryption of email.
There are many uses for the IGC certificate. These include logging into a specific application, signing or encrypting emails, and digitally signing documents.

The government or commercial entity participating in the IGC program defines who is required to have a certificate and the assurance level needed.
IGC certificates are valid for a period of one, two, or three years. They can then be renewed as early as 90 days prior to expiration. Renewal notifications are sent to account owner email addresses.

NOTE: Digital certificates are non-transferable to another person or business.
• IGC Basic Unaffiliated Browser
• IGC Basic Unaffiliated Hardware
• IGC Basic Affiliated Browser
• IGC Basic Affiliated Hardware
• IGC Medium Affiliated Browser
• IGC Medium Affiliated Hardware
• IGC Medium Device Browser
• IGC Medium Device SSL
• IGC PIV-I Affiliated

Answer:

Your IdenTrust IGC Certificate can be retrieved only in Internet Explorer.

IGC browsers compatibility

Article number: I2908
Last Modified: June 21, 2017

How do I get started with IGC certificates?

IGC certificates are used for a variety of different applications, such as login into a system, signing or encrypting emails, and digitally signing documents. Use the same certificate for all your needs as your unique digital identity.

A digital certificate is a form of ID, just like a Driver’s License or Passport. We need to verify your identity before we can approve your application and issue your IGC certificate.

Here is a list of what you’ll need:
• An official Photo ID: Driver’s license or State ID Card
• A Credit Card in your name for address verification (not necessarily for payment)
• Personal information like your FULL name (no nicknames or abbreviations), home address, and Social Security Number
• Payment Information: Credit Card number or Payment Voucher number
1. Begin your online application from the IGC home page at:
https://www.identrust.com/igc/index.html

2. Click on the required certificate in the ‘Buy Now’ section

3. Provide your information
  • Choose your preferred hardware
  • Enter personal information (name, mailing address, Social Security #)
  • Create a password that you can remember and use when it’s time to download your certificate
  • Provide a form of payment. There are 3 ways to pay:
    1. Credit Card
    2. Voucher Number: To prepay for your certificate, you can obtain a Voucher Number that can be used during the online application as a form of payment. For information on obtaining Payment Vouchers, visit the FAQs at the IdenTrust website.
    3. Order Number System: IdenTrust will create an order number specifically for your organization and provide you with a registration URL that can be distributed to applicants where they will begin the online digital certificate application process. If you provide a purchase order, IdenTrust will send an invoice to the billing contact provided below.
  • Provide information on how you would like us to mail the instructions for downloading your certificate.
After all documents have been received by IdenTrust, applications should allow 3-5 days for the application to be approved. Once approved, a welcome letter is mailed to the applicant’s address of record and will allow for immediate certificate retrieval.
To protect the identity of IGC certificate holders, only the certificate holder should be using the digital certificate. Allowing others to use your certificate through sharing your password, password, or private key weakens the security of the system and presents a security danger to the certificate holder.

Those certificate holders found to have shared this confidential information will be notified that their certificates can be revoked.
Browsers that support x.509 certificates can use the IGC certificates. Because each browser can store the certificate differently, it may affect how the certificate is imported.

Use our “How to” section for help with browsers.
Hardware Certificates are not currently supported on MAC.

Software Certificates are supported in Safari on the Apple Mac computer.

Please contact the IdenTrust customer support team if you need assistance retrieving a certificate on this platform.

Registration Frequently Asked Questions

Answer:

Part 1 forms sent to IdenTrust are sometimes missing required information such as the organization officer’s signature, title, email and/or phone number, as well as the date it was signed. It’s also possible the form does not show the organization name and/or address that was listed on the online application.
  • You will receive an email outlining what was missing on the form, as well as a copy of a blank Part 1 form.

Part 2 forms require a number of fields to be filled out, some of which sometimes get missed. Most common fields are the signatures of the applicant and/or notary, specific details about the IDs presented for verification, and the email address either missing or not matching that listed on the application. There can be other errors with the form as well.
  • You will receive an email outlining what was missing on the form, as well as a copy of a blank Part 2 form.

Please send the complete, original form(s) to:

IdenTrust Registration
5225 Wiley Post Way, Ste 450
Salt Lake City, UT 84116


Related Content:
  1. IGC forms packets
  2. IGC packet instructions
  3. IGC accepted IDs
  4. Why can’t I email or fax the forms packet (Article # G2508)


Article number: I2901
Last Modified: August 30, 2016
Answer:

The certificate policy requires certain forms of ID be provided at the time of in-person identification with the notary.

Related Content:
  1. IGC forms packets
  2. IGC packet instructions
  3. IGC accepted IDs
  4. Do you really need my marriage certificate or other name change documentation (Article # G2502)


Article number: I2902
Last Modified: August 30, 2016
Answer:

Once you hit ‘submit’, there are a few things that you need to do before IdenTrust can process the application.
  • Please verify your email. An email from Helpdesk@IdenTrust.com will be sent to the email address you listed in your application asking you to verify your email address. This email contains a unique verification code which you will use in addition to your account password to verify the email address. This verification is only done electronically. Please check your inbox, junk and spam folders to locate the email.
  • Complete your forms packet. You were directed to print a copy of the forms packet at the end of your online registration. Complete both the Part 1 and Part 2 forms, following the instructions listed on the 2nd page of the packet. Send the completed form to:

    IdenTrust Registration
    5225 Wiley Post Way, Ste 450
    Salt Lake City, UT 84116

    If you no longer have that packet available, you can find the appropriate packet here.

    *Make sure you select the correct forms packet. If you are unsure, please contact our Helpdesk at Helpdesk@IdenTrust.com.
  • Once IdenTrust receives the forms packet, it will be reviewed and authenticated for accuracy. IdenTrust will validate your association with the organization listed on your application, and will verify the details included on the application as well as on the forms. You have applied for a legal form of ID, so this process may take 3-5 business days.
  • After these steps have been completed, your certificate request will be approved. An activation kit will be sent to you, including the approval letter and any applicable hardware ordered. Unless you requested expediting shipping during the online registration, the kit will be sent via standard mail for letters, and FedEx Ground for hardware orders. Please allow 5-7 days for delivery.
  • Upon receiving the activation kit. Please follow the steps outlined in the approval letter to retrieve the certificate.



Article number: I2903
Last Modified: August 30, 2016
Answer:

Your initial application will remain open for 45 days which will give you time to complete your forms packet and send the original, valid forms to IdenTrust for processing. After 45 days has elapsed without usable paperwork being submitted, the application will close and you will need to complete a new application.

Basic Assurance Certificates:
  • Upon receiving the activation kit. Please follow the steps outlined in the approval letter to retrieve the certificate.
Medium Assurance Certificates:
  • As soon as the notary signs the Part 2 form verifying your ID documents, a 30-day countdown begins.
  • You have 30 days from that date to send in your forms, be approved for the certificate, and retrieve the certificate.
  • This is a requirement of the certificate policy and as such, one the 30 day window has passed, a new application and forms packet will need to be completed.
Once an application has closed, it cannot be reopened.


Related Content:
  1. IGC certificates
  2. IGC forms packets
  3. IGC packet instructions
  4. IGC accepted IDs
  5. Why can’t I email or fax the forms packet (Article # G2508)



Article number: I2904
Last Modified: August 30, 2016
Answer:

You may select the appropriate required forms packet here.

*Make sure you select the correct forms packet. If you are unsure, please contact our Helpdesk at Helpdesk@IdenTrust.com.

As allowed by the certificate policy, you may be asked to provide additional documentation needed to process the application. This additional document request will be sent via email. Please read the full email to identify what document is being requested and follow the steps outlined to provide that document.


Related Content:
  1. IGC packet instructions
  2. IGC accepted IDs
  3. Why can’t I email or fax the forms packet (Article # G2508)



Article number: I2905
Last Modified: August 30, 2016

Can I get help with IGC certificates?

See whether the answers listed below address your questions, or contact the IdenTrust support team.

If you have forgotten your password, and know your account number, you can request automated password assistance by following these simple steps.
  1. In your web browser, browse to www.IdenTrust.com
  2. Click on the Certificate Management Center
  3. Click on the orange Login prompt on the left-hand portion of your screen
  4. When the Choose a digital certificate windows prompt appears, click Cancel
  5. Enter in your account number, then click on the I forgot my password link
  6. You will receive an email from us with instructions on how to reset your password.
Please note: IdenTrust does not have access to any password and does not have the ability to reset for you. If you forgot your password, and you are unable to reset your password through the instructions above, it is like losing a driver’s license or passport. You will need to apply for and purchase a new digital certificate.
  • Log into our online Certificate Management Center: If it asks you to choose a certificate to log in with, click ‘Cancel’. Enter in your account number, and IdenTrust password (which is the password you entered when first applying for the certificate).

  • Follow the onscreen instructions to retrieve the new certificate. Note: it will give you a new activation code to use during the retrieval. You should write that down.

  • At the end of the retrieval, it will tell you to “Verify” the installation. Be aware that if using Internet Explorer, this will fail the first time (because you had to click ‘Cancel’ on step #1), but it will give instructions to follow to successfully verify it.
The IdenTrust customer support team is available to assist certificate account owners Monday through Friday, 6 a.m. - 6 p.m. Mountain Time (8 a.m. - 8 p.m. Eastern Time) and via e-mail at helpdesk@IdenTrust.com and via a toll-free phone: 888-339-8904.

After normal business hours, IdenTrust utilizes an answering service who will take a message for next business day call back and to report IdenTrust system down emergencies.
Please contact the IdenTrust customer support team at: 888-339-8904. Please have your existing account number available and our team will be able to identify what you purchased vs. what you need.

As different certificates have different governing policies and practices, we cannot modify or change the account type. You will need to apply for the correct certificate type.
Answer:
  1. Log into the Certificate Management Center: Go to: www.identrust.com/login
  2. If prompted for your certificate click> Cancel and log in with your account number and account password

    Note for EPCS customers: If you have already logged into the CMC with your certificate you must logout and login with account number and password in order to test the OTP function.
  3. From the drop down menu select For My Account, I Would Like To” (Test My OTP Authentication) and click > Continue
OTP Authentication


You will be asked for 3 pieces of information:
  1. OPT Username – This is predetermined and is usually your email address.
  2. Your OTP Password
  3. Your OTP Token Code
Hybrid PKI/OTP Authentication

If the Authentication is a success you will receive confirmation

Congratulations Page Hybrid PKI/OTP Authentication

Congratulations! Your Hybrid PKI/OTP Token access has been tested successfully.

Article number: I2907
Last Modified: March 29, 2016
Answer:

Please note IdenTrust does not have access to view, confirm or reset any passwords.

IGC Certificates

There a multiple passwords associated with your account and hardware.

Account Password – This password is created during the online application and is tied to the three security questions. This password can be updated by answering all three security questions. Every account has an account password.

Certificate Management Center


Token Passcode – This password is created at the initial setup of your token. Before the retrieval you are asked to create passcode for your token with the SafeNet program. This password can only be changed if you know the current passcode. Both the USB and the OTP tokens have a token passcode.

SAC Tools


OTP Password – This password is only used with OTP tokens and is created at the end of your retrieval. This password can be changed at any time by logging into the CMC and requesting to change it. The OTP password is used with the OPT token code

OTP Password


OTP Token Code - This is the number generated on the OTP token window. The OTP token code is used with the OTP password.
OTP Token Code

Article number: I2906
Last Modified: March 30, 2016

Other Questions

If at any time the IdenTrust customer support staff has a belief that the private key (password) is/was compromised by anyone other than the certificate account owner, they are required by IdenTrust company policy, IGC Certificate Policy (CP), and IGC Certificate Practice Statement (CPS) to protect (revoke) the certificate.

Typical examples encountered by the customer support team:

  • The Certificate owner is not the one who filled out the application, but is calling in for support. Although they are the account owner, they typically cannot answer questions about information contained in the application.
  • The Certificate owners CPAs has full custody and access to the certificate and the password.
  • The Certificate owners delegating use of the digital certificate to peers.
Visit our support site: www.IdenTrust.com/support.
Click on How To (middle of page), then click on the Backup / Export a certificate link. Also shown below:

Internet Explorer
  1. Click on ‘Tools’ menu; on ‘Internet Options’; ‘Content’ tab; ‘Certificates’ button.
  2. Click once on the certificate you wish to export.
  3. Click the ‘Export’ button, and click ‘Next’ on the first screen.
  4. Make sure that “Yes, export the private key” is chosen, then click ‘Next’.
  5. Leave the box of “Enable strong protection” checked. Although not necessary, we also recommend putting a check in the “Include all certificates in the certification path if possible” box. Click ‘Next’.
  6. It will now ask for a new password to be created. Type in any password of your choosing. (and re-type it in the appropriate box). Keep in mind that it is case-sensitive. Any capital letters you use will also need to be used later. Click ‘Next’.
  7. Click the ‘Browse’ button. Choose a drive and folder you would like to store the file. Then type in a name you would like the file to have. Click ‘Save’. Click ‘Next’.
  8. Click ‘Finish’. If it asks you to click OK, do so. If it is asking for a password, then this would be the same password it asks for when you normally use the certificate online.
    NOTE: the saved file will look like an open envelope with a key in front.

Mozilla Firefox
  1. Click the ‘Tools’ menu at the top of Firefox.
  2. Click ‘Options’. Depending on your version of Firefox, you will either have icons on the left side or on the top of the options window.
  3. Click the ‘Advanced’ icon.
  4. Open the ‘Certificate Manager’ window:
    If your icons are on the top of the Options window, click the ‘Security’ tab, then click ‘View Certificates’.If your icons are on the left side, look for ‘Certificates’ in the main part of the Options window. Under the ‘Certificates’ heading, click ‘Manage Certificates’.
  5. Select the certificate you want to export, and click the ‘Backup’ button.
  6. Choose the location to save the certificate file being created, and give it a name, then click ‘Save’.
  7. If prompted, enter the master password for the “Software Security Device” and click OK.
  8. Create and confirm a backup password to protect the file being created, then click OK.
  9. You should see an Alert saying ‘Successfully backed up your security certificate(s) and private key(s)’.
IGC certificates may be purchased directly from the IdenTrust website. In some cases, a participating agency may cover the costs for people under that agency or for those who are required to obtain an IGC certificate to interact with that agency.

If you would like to find out if your certificate costs are covered by a participating agency, please contact that agency directly. IdenTrust does not directly participate in these certificate cost concessions.

WARNING: To protect the identity of IGC certificate holders, only the certificate holder should be using the digital certificate. Allowing others to use your certificate through sharing your password, password, or private key weakens the security of the system and presents a security danger to the certificate holder. Those certificate holders found to have shared this confidential information will be notified that their certificates can be revoked.