Skip to main content

Can I get a refund?

IdenTrust begins processing the application for a certificate as soon as the form of payment (credit card or voucher number) is provided. As soon as your application has been approved, IdenTrust will process the credit card or voucher number charge. Once processed, no refunds will be provided by IdenTrust.  If your application has not been approved, you may cancel it without the credit card or voucher number being billed.

FAQ-MTN-016

Learn

What browsers are compatible with my certificate?

Browser compatibility will depend on the type of certificate you are using. 

 

Browser Compatibility Matrix by Digital Certificate Type

 

 

FAQ-LRN-005

What is the difference between an account password and a certificate password?

Account Password

 

The Account Password is created by you when the application is filled out online. This password is required to download your certificate and to access your account via the Certificate Management Center (CMC).

 

Within the CMC you can:

 

  • Revoke your certificate
  • Replace your certificate
  • Renew your certificate
  • Update your account information
  • Update Account Password & security questions

 

The rules for creating your Account Password are:

 

  • Account Password must be between 8-30 characters in length
  • It can consist of letters, numbers and some special characters
  • Cannot contain ( ) \ / " *.
  • The Account Password is case sensitive (UPPER & lower case)


Certificate Password

 

The Certificate Password is created to protect the use of the certificate. Depending on the assurance level of your certificate, when your certificate is downloaded to your machine you may be prompted to create the private key password. This is referred to as the Certificate Password

 

The Certificate Password is used each time the certificate is accessed:

 

  • Signing emails
  • Signing documents (Adobe, Word, Excel, etc..)
  • Accessing a secure website

 

When creating your Certificate Password we recommend you use the following guidelines:

 

  • Between 8-30 characters
  • At least 1 lower case letter
  • At least 1 upper case letter
  • At least 1 special characters
  • Create a Certificate Password that is not easily guessed, but something that you will not forget
FAQ-LRN-013

Who can use or have access to my digital certificate?

Your private key (which is sometimes password protected in your web browser) is literally the key that opens your digital certificate.  It allows you to digitally sign documents and decrypt information that was only meant for you.  You should safeguard your private key just as you would any other form of identification. Just as you would not allow someone else to sign your name to something, or to use your social security number, you would not allow others to use your digital certificate.

FAQ-LRN-023

Will my personal information be shared or sold to a third party?

IdenTrust holds applicants' personal information in the strictest confidence. In compliance with the Gramm-Leach-Bliley Act of 1999 (GLBA), we do not share personal information with outside third parties. 

FAQ-LRN-019
What do I need to know about the discontinuance of the ACES program?

The General Services Administration (GSA) has announced the discontinuation of the Access Certificates for Electronic Services program. Based on this announcement, IdenTrust can no longer issue ACES certificates; however, we will continue to support all outstanding ACES certificates until they expire between now and 2020. If needed, you will be allowed to replace your existing ACES certificate via our Certificate Management Center, but you will not be able to renew your ACES certificate prior to expiration.

IdenTrust has worked with the GSA to gain approval to issue Federal Bridge Certified IdenTrust Global Common (IGC) certificates and DoD ECA certificates to replace your expiring ACES certificate. Use the following guidelines to choose your new IdenTrust certificate:

For Digital Signing and Sealing:

If you are using your certificate to digitally sign and/or seal documents that are submitted to state and/or local government agencies (such as Departments of Transportation or eNotary services), use our Digital Signing & Sealing Certificate Selection Wizard to assist you in choosing an IGC certificate.

For State and Local Government Agencies:

If you are affiliated with a State or Local government agency that is using for digital signing, sealing or access to secure government websites, use our State and Local Government Agencies Certificate Selection Wizard to assist you in choosing an IGC certificate.

For Federal Agencies:

If you are using your certificate to access U.S. federal government websites, you can use either DoD ECA or IdenTrust IGC certificates. Use our DoD ECA Certificate Selection Wizard or our State and Local Government Agencies Certificate Selection Wizard where you can select the agency/agencies that you interact with and our wizard will offer you the DoD and IGC certificate(s) that are accepted by the agency/agencies you have chosen. If you have further questions about the ACES transition, please feel free to Contact Us for assistance.

FAQ-LRN-020

Why can't I apply for an ACES digital certificate?

The General Services Administration (GSA) has announced that the ACES program will be discontinued and ACES certificates will no longer be offered by IdenTrust after July 12, 2018.

D-Trade system users will be able to apply for a 1-year ACES Business Representative certificate until August 1, 2019, at which time the IdenTrust will cease all issuance of the ACES digital certificates. 

For an equivalent certificate offering to the ACES Business Representative certificate for Federal, State, and Local Agencies: 

Browser Based (Most common)

1 Year IGC digital certificate, buy HERE

2 Year IGC digital certificate, buy HERE

3 Year IGC digital certificate, buy HERE

Hardware Based (Token or Smart Card)

1 Year IGC digital certificate, buy HERE

3 Year IGC digital certificate, buy HERE

FAQ-LRN-029

Why can't I renew my ACES digital certificate?

The General Services Administration (GSA) has announced that the ACES program will be discontinued and ACES certificates will no longer be offered by IdenTrust after July 12, 2018.

D-Trade system users will be able to apply for a new 1-year ACES Business Representative certificate until August 1, 2019, at which time the IdenTrust will cease all issuance of the ACES digital certificates. 

For an equivalent certificate offering to the ACES Business Representative certificate for Federal, State, and Local Agencies: 

Browser Based (Most common)

1 Year IGC digital certificate, buy HERE

2 Year IGC digital certificate, buy HERE

3 Year IGC digital certificate, buy HERE

Hardware Based (Token or Smart Card)

1 Year IGC digital certificate, buy HERE

3 Year IGC digital certificate, buy HERE

FAQ-REN-013

Apply

Why can't I apply for an ACES certificate?

The General Services Administration (GSA) has announced the discontinuation of the Access Certificates for Electronic Services program. Based on this announcement, IdenTrust can no longer issue ACES certificates; however, we will continue to support all outstanding ACES certificates until they expire between now and 2020. If needed, you will be allowed to replace your existing ACES certificate via our Certificate Management Center, but you will not be able to renew your ACES certificate prior to expiration.

 

IdenTrust has worked with the GSA to gain approval to issue Federal Bridge Certified IdenTrust Global Common (IGC) certificates and DoD ECA certificates to replace your expiring ACES certificate.  Use the following guidelines to choose your new IdenTrust certificate:

 

For Digital Signing and Sealing:

If you are using your certificate to digitally sign and/or seal documents that are submitted to state and/or local government agencies (such as Departments of Transportation or eNotary services), use our Digital Signing & Sealing Certificate Selection Wizard to assist you in choosing an IGC certificate.

 

For State and Local Government Agencies

If you are affiliated with a State or Local government agency that is using for digital signing, sealing or access to secure government websites, use our State and Local Government Agencies Certificate Selection Wizard to assist you in choosing an IGC certificate.

 

For Federal Agencies

If you are using your certificate to access U.S. federal government websites, you can use either DoD ECA or IdenTrust IGC certificates.  Use our DoD ECA Certificate Selection Wizard where you can select the agency/agencies that you interact with and our wizard will offer you the DoD and IGC certificate(s) that are accepted by the agency/agencies you have chosen.

 

If you have further questions about the ACES transition, please feel free to Contact Us for assistance.

FAQ-APP-030
How long will it take to process my application?
Most applications are completed within 3-5 business days after receiving any required paperwork. If paperwork is not required, then allow 3-5 business days from application submission for processing.
FAQ-APP-047

How do I check my application status?

You may check the status of your order by logging into your account with your application ID and account password. 
To check your status, click here: Application Status

FAQ-APP-049

Can I expedite the application and approval process?

The application requires that multiple verification steps be completed before it can be approved. Because of this, the approval process cannot be expedited. 
You do have the option to request expedited shipping of the activation kit once the application has been approved. You may select expedited shipping during the application process, or you may contact our Support team at (888) 339-8904 to request and pay for expedited shipping with either a FedEx account number, or your credit card. 

Please note: Once your application is approved, it will take up to 24 business hours for the activation kit to ship. 

FAQ-APP-058

What type of certificate should I purchase to replace my ACES certificate?

IdenTrust has worked with the GSA to gain approval to issue Federal Bridge Certified IdenTrust Global Common (IGC) certificates and DoD ECA certificates to replace your expiring ACES certificate.  Use the following guidelines to choose your new IdenTrust certificate:

 

For Digital Signing and Sealing

If you are using your certificate to digitally sign and/or seal documents that are submitted to state and/or local government agencies (such as Departments of Transportation or eNotary services), use our Digital Signing & Sealing Certificate Selection Wizard to assist you in choosing an IGC certificate.

 

For State and Local Government Agencies

If you are affiliated with a State or Local government agency that is using for digital signing, sealing or access to secure government websites, use our State and Local Government Agencies Certificate Selection Wizard to assist you in choosing an IGC certificate.

 

For Federal Agencies

If you are using your certificate to access U.S. federal government websites, you can use either DoD ECA or IdenTrust IGC certificates. Use our DoD ECA Certificate Selection Wizard where you can select the agency/agencies that you interact with and our wizard will offer you the DoD and IGC certificate(s) that are accepted by the agency/agencies you have chosen.

 

If you have further questions about the ACES transition, please feel free to Contact Us for assistance.

FAQ-ACE-002

Retrieve

Can I retrieve my certificate a second time?

As a security measure, your activation code is valid for only one use.  If your computer has had hardware or software problems and your certificate has been lost or corrupted, you will need to replace your certificate. If you wish to use your certificate on another computer, you will need to export your existing certificate to that computer.

 

Visit our How Do I library for information about how to replace or export your certificate.

FAQ-RET-001

After I am approved for my digital certificate, how do I retrieve it?

You will be provided with a retrieval kit and instructions for using our online website to retrieve your certificate, found here. You will need to provide the Account Password that you chose when you applied for your certificate. 

FAQ-RET-004

Use

Can I use my certificate on any computer?

You create the certificate in a browser on your computer when you retrieved it. It can only be used on that computer (in that browser) unless you export it to another computer (or browser).  If you have retrieved your certificate on one computer and would like to use it on another computer (or browser) as well, you will need to export the certificate and then import it to the other computer or browser.

 

Visit our How Do I library to learn more about how to import and export your certificate.

FAQ-USE-001

How do I protect my identity as a certificate holder? 

The best way to protect your identity, as a certificate holder, is to ensure that only you are using your digital certificate. Allowing others to use your certificate through sharing your password, Smart card or USB token password, or your private key weakens the security of the system and presents a security danger to you. A digital certificate is a credential, just like a driver's license or passport, which you would not allow others to share. Certificate holders found to have shared this confidential information will be notified that their certificates are subject to revocation.

FAQ-USE-004

How do I move my digital certificate to a new computer?

If your certificate is stored on a Smart Card or Token, install the software you received with your hardware on the new computer, reboot your machine, and insert the Smart Card or Token. Your certificate is now ready for use on the new machine.

 

If your certificate is stored in your browser, then depending on the browser that you use, the process of importing and exporting your certificate may vary.  Please see our How Do I section to view the instructions that apply to your situation.

 

If you no longer have access to your digital certificate, please visit our Certificate Management Center, where you can request a replacement for your certificate.  If you need further instructions for replacement, see our How Do I library, where you can find additional information.

 

FAQ-USE-003

How do I reach the IdenTrust Help Desk? 

The IdenTrust Customer Support team is available to assist certificate subscribers in applying, retrieving and managing their certificates. Visit our Contact Us page for more details about how to reach us and the hours that our team is available.

FAQ-USE-005

How do I sign a digital document?

Most PDF documents that you will receive will come pre-made with a signing box. If this is the case, follow these directions:

 

1.  Complete any required fields that are in the PDF document.

 

2.  When you are ready to digitally sign, simply click on the signing box.

 

3.  This will open the signing documents window where you can select the certificate you wish to use to sign the PDF document.

 

     Note:  If you have more than one certificate, you can select the one you wish to use by clicking on the Sign As dropdown box. 

 

4.  Once you have selected the certificate you will use to sign the PDF document, select Sign.

 

5.  The Save As dialogue box will appear.

 

6.  Select the location you would like to save the signed PDF document, then click Save. 

 

7.  Your digital signature has now been applied.  

 

Visit our How Do I pages to learn more about digital signing and how to create a signing box in a pdf document.

 
  

FAQ-USE-007

What happens if I forget my CryptoAPI Private Key (certificate) password?

IdenTrust never has access to your CryptoAPI Private Key (certificate) password, so we are unable to help you retrieve it if it is lost or forgotten. If you forget this password, you will not be able to use your current certificate and will need to replace it. This process will take approximately 3-5 business days, and will be done without charge to you.

 

For more information about replacing a certificate, please see our How Do I library for instructions to replace your certificate.

FAQ-USE-012

What happens if I forget my Master Password?

 

The Master Password or certificate password is the password that protects your certificate. IdenTrust never has access to your master/certificate password, so we are unable to help you retrieve this password if it is lost or forgotten. If you forget this password, you will not be able to use your current certificate (if it is password protected) and will need to replace your certificate. This process will take approximately 3-5 business days, and will be done without charge to you.

For more information about replacing a certificate, please see our How Do I library.

FAQ-USE-013

What if I bought the wrong type of certificate? 

If you have used the IdenTrust Certificate Selection to make your buying decision, it is unlikely that you have purchased the wrong type of certificate; however, if you have concerns about this, please feel free to contact our Customer Support team and they can help to assess the product you have selected. Please have your IdenTrust Account Number readily available when you call. View our Contact Us page to see our Customer Support hours and phone numbers.

FAQ-USE-015

I can’t access my certificate. What should I do?

If you have an ACES, IGC or TrustID certificate that you cannot use, you may need to replace the certificate. Visit our How Do I library for instructions to replace your certificate.

 

If you cannot access your account with us because you have forgotten your IdenTrust Account passphrase, you can reset your password thru the Certificate Management Center. You do not need to replace the certificate in this case. 

 

If you have a DOD ECA s-Certificate or t-Certificate, a key recovery will need to be done. These certificates cannot be replaced.   Visit our How Do I library for instructions to request a Key Recovery.

FAQ-USE-008

What are the rules for creating an IdenTrust account password?

You will create your account password when you register for an IdenTrust certificate.  You will also use your account password when you retrieve your approved certificate.  When selecting your account password, be aware that it:

 

  • Must be between 8 – 30 characters in length
  • May consist of letters, numbers, and any special characters except ( ) \ / “ *
  • Is case-sensitive (UPPER CASE and lower case letters are not the same thing)
  • Should be something that you will be able to remember, but that others will find difficult to guess 

 

Please note that your account password is different than your certificate password (although you may wish to choose a password that is the same for both).  Your certificate password is used only when you use your certificate for signing or to access a secure site. 

 

FAQ-USE-010

What happens if I forget my account password?

For reasons of security and non-repudiation, no person or equipment has access to your unencrypted account password, so there is no mechanism for IdenTrust to look up your account password if you forget it. However, you do have the option to reset you account password through our Certificate Management Center.  You will need to have your IdenTrust account number in order to complete these instructions.  Your account number was provided to you when you were approved for your certificate.

 

1.  Access the Certificate Management Center (CMC).

 

2.  Click LOGIN to launch the CMC session. 

 

3.  When presented with the Choose a digital certificate dialog screen, click Cancel. This will allow you proceed by using your account information.

 

4.  On the Certificate Management Center Login screen, enter your account number, and then choose the I forgot my password link.

 

5.  You will receive a confirmation screen, indicating that the password assistance instructions have been sent to you email address.

 

6. Follow the instructions provided in the email to allow you to reset your account password. Please note that if you cannot remember the answers to your secret questions, you will need to apply for a new certificate.

FAQ-USE-011

What is a passcode or passphrase?

This is the security code that you create when you retrieve your hardware-based certificate. We recommend that the passcode or passphrase be at least 6 characters in length, and it may be as long as 20 characters. It can consist of letters, numbers, and/or special characters.

 

The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing). You will use this passcode or passphrase each time you access the certificate on your smart card or USB token.

FAQ-USE-017

What is the difference between an Account Password and a Certificate Password?

Account Password

 

The Account Password is created by you when the application is filled out online. This password is required to download your certificate and to access your account via the Certificate Management Center (CMC).

 

Within the CMC you can:

 

  • Revoke your certificate
  • Replace your certificate
  • Renew your certificate
  • Update your account information
  • Update Account Password & security questions

 

The rules for creating your Account Password are:

 

  • Account Password must be between 8-30 characters in length
  • It can consist of letters, numbers and some special characters
  • Cannot contain ( ) \ / " *.
  • The Account Password is case sensitive (UPPER & lower case)


Certificate Password

 

The Certificate Password is created to protect the use of the certificate. Depending on the assurance level of your certificate, when your certificate is downloaded to your machine you may be prompted to create the private key password.   This is referred to as the Certificate Password

 

The Certificate Password is used each time the certificate is accessed:

 

  • Signing emails
  • Signing documents (Adobe, Word, Excel, etc..)
  • Accessing a secure website

 

When creating your Certificate Password we recommend you use the following guidelines:

 

  • Between 8-30 characters
  • At least 1 lower case letter
  • At least 1 upper case letter
  • At least 1 special characters
  • Create a Certificate Password that is not easily guessed, but something that you will not forget
FAQ-USE-020

What is the Master Password?

The master or certificate password is the password that you created during the retrieval process.  The certificate password is used to protect your certificate and is requested when you use or back up your certificate.  This password should be at least 6 characters in length, and can be as long as 20 characters. It can consist of letters, numbers, and special characters. The certificate password is case-sensitive (be aware that UPPER CASE and lower case letters are not the same thing).  The certificate password is created and stored in the browser on your computer, so IdenTrust does not store or have access to it.

FAQ-USE-022

What are the differences between the various types of passwords?

There are multiple passwords associated with your account and hardware. Please note IdenTrust does not have access to view, confirm or reset your passwords. 

 

Account Password

This password is created during the online application.  You do have the ability to update your password if you can correctly answer the three security questions you chose when you applied for your certificate.  Every account has an account password, but your account can be associated with multiple certificates.


USB Token and Smart Card Password

This password is created when you initially setup your token. Before the retrieval of your certificate, you are prompted by the token software to create password that will protect your token. This password can only be changed if you know the current passcode. Both the USB and the OTP tokens have a token passcode. 


One-Time Use (OTP) Password

This password is only used with an OTP token and is created at the end of the certificate retrieval process. This password can be changed at any time by logging into the CMC and following the prompts to change it. The OTP password is used in conjunction with an OTP Token Code.

 

OTP Token Code:

This is the number generated on the OTP token and displayed in the OTP token window. The OTP token code is used in conjunction with an OTP Password.
 

FAQ-USE-021

Which Web browsers are able to support the use of digital certificates? 

Browser compatibility will depend on the type of certificate you are using:

Browser Compatibility Matrix by Digital Certificate Type

Visit our How Do I pages for specific information about exporting and importing your digital certificate using a particular browser. 

FAQ-USE-024

Can I use my certificate with Office 365?

Your digital signature can be imported to Office 365 easily, following these instructions:

For Office 365 subscriber, and on build 16.19.18110915 and higher,

If you don't see the Sign / Encrypt Message button, you might not have a digital ID configured to digitally sign messages and you need to do the following to install a digital signature.

  • On the File menu, click Options > Trust Center.
  • Under Microsoft Outlook Trust Center, click Trust Center Settings > Email Security
  • Click Import/Export to import a digital ID from a file on your computer,
  • If you have both a signing and an encryption certificate you will import both.

A digital signature on an e-mail message helps the recipient verify that you are the authentic sender and not an impostor. To use digital signatures, both the sender and recipient must have a mail application that supports the S/MIME standard. Outlook supports the S/MIME standard.

 

If you are an Office 365 subscriber, and on build 16.19.18110402 and higher,


In an email message, choose Options, select both the Sign and Encrypt buttons. Pick the encryption option that has the restrictions you'd like to enforce, such as Do Not Forward or Encrypt-Only.

Note: Office 365 Message Encryption is part of the O365 E3 license. Additionally, the Encrypt-Only feature (the option under the Encrypt button) is only enabled for subscribers (Office ProPlus users) that also use Exchange Online.

FAQ-USE-027

Maintain

What are the reasons that IdenTrust must revoke my certificate?

If at any time IdenTrust has been made aware of or has a belief that a certificate/private key has been compromised, we are required by all governing certificate policies to protect the integrity of the certificate by executing a revocation. Once a compromise is identified, IdenTrust must perform a revocation within a specific timeframe as defined by the governing certificate policy. 

 

Examples where revocation is required include:

 

  • Evidence that the certificate owner is not the individual who completed the certificate application, but is calling in for technical support. This situation is typically identified when the caller is the account owner, but they cannot answer questions about information contained in the application.
  • Someone other than the certificate holder is calling in for assistance with installation of the certificate and has access to the password and activation code.
  • You are no longer employed by the organization named in your certificate.
FAQ-MTN-009

What is revocation and how can I do it?

Revocation is the action of making your certificate unusable. This is necessary when you believe that your certificate/private key has been compromised.  Revocation prevents anyone from using your certificate to create digital signatures or from accessing secure sites.  It is your obligation, based on the Subscriber Agreement you accepted, to request that your certificate be revoked in the case that you believe it has been compromised.  You can revoke your certificate via the Certificate Management Center (CMC).  Use the following procedure to revoke your certificate: 

 

Visit our How Do I library for instructions to replace your certificate.

 

Visit our Document Library to view Subscriber Agreements for each certificate policy type.

FAQ-MTN-011

How do I replace my digital certificate?

Please visit our How Do I for detailed instructions to replace your certificate.

FAQ-USE-006

Renew

I can’t login to the Certificate Management Center (CMC).

If you are having trouble logging in to the Certificate Management Center (CMC), make sure that your browser is not blocking pop-ups for this site. If you are unable to login because you have forgotten your Account Password, you have the option to reset your password via the CMC. This option is available by clicking the link I forgot my account password in the CMC login page. Once you have reset your account password you should be able to access the CMC.

FAQ-REN-004

When does my certificate expire?

Depending on the type of certificate you purchased and the validity period you selected, your certificate will expire one, two or three years after it was issued.  You can check the expiration date of your certificate by logging into the Certificate Management Center.  Once you have logged in, locate your certificate listed under the Manage Your Certificates heading. Your certificate, along with the current status and expiration (“valid through”) date is displayed.

 

You will also receive email notifications at 90, 60, 30, 15, 7 and 1 day(s) prior to your certificate expiration. 

FAQ-REN-008