Skip to main content

Learn

What browsers are compatible with my certificate?

Browser compatibility will depend on the type of certificate you are using. 

 

Browser Compatibility Matrix by Digital Certificate Type

 

 

What is the difference between an account password and a certificate password?

Account Password

 

The Account Password is created by you when the application is filled out online. This password is required to download your certificate and to access your account via the Certificate Management Center (CMC).

 

Within the CMC you can:

 

  • Revoke your certificate
  • Replace your certificate
  • Renew your certificate
  • Update your account information
  • Update Account Password & security questions

 

The rules for creating your Account Password are:

 

  • Account Password must be between 8-30 characters in length
  • It can consist of letters, numbers and some special characters
  • Cannot contain ( ) \ / " *.
  • The Account Password is case sensitive (UPPER & lower case)


Certificate Password

 

The Certificate Password is created to protect the use of the certificate. Depending on the assurance level of your certificate, when your certificate is downloaded to your machine you may be prompted to create the private key password. This is referred to as the Certificate Password

 

The Certificate Password is used each time the certificate is accessed:

 

  • Signing emails
  • Signing documents (Adobe, Word, Excel, etc..)
  • Accessing a secure website

 

When creating your Certificate Password we recommend you use the following guidelines:

 

  • Between 8-30 characters
  • At least 1 lower case letter
  • At least 1 upper case letter
  • At least 1 special characters
  • Create a Certificate Password that is not easily guessed, but something that you will not forget

Who can use or have access to my digital certificate?

Your private key (which is sometimes password protected in your web browser) is literally the key that opens your digital certificate.  It allows you to digitally sign documents and decrypt information that was only meant for you.  You should safeguard your private key just as you would any other form of identification. Just as you would not allow someone else to sign your name to something, or to use your social security number, you would not allow others to use your digital certificate.

Will my personal information be shared or sold to a third party?

IdenTrust holds applicants' personal information in the strictest confidence. In compliance with the Gramm-Leach-Bliley Act of 1999 (GLBA), we do not share personal information with outside third parties. 

What do I need to know about the discontinuance of the ACES program?

The General Services Administration (GSA) has announced the discontinuation of the Access Certificates for Electronic Services program. Based on this announcement, IdenTrust can no longer issue ACES certificates; however, we will continue to support all outstanding ACES certificates until they expire between now and 2020. If needed, you will be allowed to replace your existing ACES certificate via our Certificate Management Center, but you will not be able to renew your ACES certificate prior to expiration.

IdenTrust has worked with the GSA to gain approval to issue Federal Bridge Certified IdenTrust Global Common (IGC) certificates and DoD ECA certificates to replace your expiring ACES certificate. Use the following guidelines to choose your new IdenTrust certificate:

For Digital Signing and Sealing:

If you are using your certificate to digitally sign and/or seal documents that are submitted to state and/or local government agencies (such as Departments of Transportation or eNotary services), use our Digital Signing & Sealing Certificate Selection Wizard to assist you in choosing an IGC certificate.

For State and Local Government Agencies:

If you are affiliated with a State or Local government agency that is using for digital signing, sealing or access to secure government websites, use our State and Local Government Agencies Certificate Selection Wizard to assist you in choosing an IGC certificate.

For Federal Agencies:

If you are using your certificate to access federal government websites, you can use either DoD ECA or IdenTrust IGC certificates. Use our DoD ECA Certificate Selection Wizard or our State and Local Government Agencies Certificate Selection Wizard where you can select the agency/agencies that you interact with and our wizard will offer you the DoD and IGC certificate(s) that are accepted by the agency/agencies you have chosen. If you have further questions about the ACES transition, please feel free to Contact Us for assistance.

Apply

Why can't I apply for an ACES certificate?

The General Services Administration (GSA) has announced the discontinuation of the Access Certificates for Electronic Services program. Based on this announcement, IdenTrust can no longer issue ACES certificates; however, we will continue to support all outstanding ACES certificates until they expire between now and 2020. If needed, you will be allowed to replace your existing ACES certificate via our Certificate Management Center, but you will not be able to renew your ACES certificate prior to expiration.

 

IdenTrust has worked with the GSA to gain approval to issue Federal Bridge Certified IdenTrust Global Common (IGC) certificates and DoD ECA certificates to replace your expiring ACES certificate.  Use the following guidelines to choose your new IdenTrust certificate:

 

For Digital Signing and Sealing:

If you are using your certificate to digitally sign and/or seal documents that are submitted to state and/or local government agencies (such as Departments of Transportation or eNotary services), use our Digital Signing & Sealing Certificate Selection Wizard to assist you in choosing an IGC certificate.

 

For State and Local Government Agencies

If you are affiliated with a State or Local government agency that is using for digital signing, sealing or access to secure government websites, use our State and Local Government Agencies Certificate Selection Wizard to assist you in choosing an IGC certificate.

 

For Federal Agencies

If you are using your certificate to access federal government websites, you can use either DoD ECA or IdenTrust IGC certificates.  Use our DoD ECA Certificate Selection Wizard where you can select the agency/agencies that you interact with and our wizard will offer you the DoD and IGC certificate(s) that are accepted by the agency/agencies you have chosen.

 

If you have further questions about the ACES transition, please feel free to Contact Us for assistance.

What type of certificate should I purchase to replace my ACES certificate?

IdenTrust has worked with the GSA to gain approval to issue Federal Bridge Certified IdenTrust Global Common (IGC) certificates and DoD ECA certificates to replace your expiring ACES certificate.  Use the following guidelines to choose your new IdenTrust certificate:

 

For Digital Signing and Sealing

If you are using your certificate to digitally sign and/or seal documents that are submitted to state and/or local government agencies (such as Departments of Transportation or eNotary services), use our Digital Signing & Sealing Certificate Selection Wizard to assist you in choosing an IGC certificate.

 

For State and Local Government Agencies

If you are affiliated with a State or Local government agency that is using for digital signing, sealing or access to secure government websites, use our State and Local Government Agencies Certificate Selection Wizard to assist you in choosing an IGC certificate.

 

For Federal Agencies

If you are using your certificate to access federal government websites, you can use either DoD ECA or IdenTrust IGC certificates.  Use our DoD ECA Certificate Selection Wizard where you can select the agency/agencies that you interact with and our wizard will offer you the DoD and IGC certificate(s) that are accepted by the agency/agencies you have chosen.

 

If you have further questions about the ACES transition, please feel free to Contact Us for assistance.

Use

Can I use my certificate on any computer?

You create the certificate in a browser on your computer when you retrieved it. It can only be used on that computer (in that browser) unless you export it to another computer (or browser).  If you have retrieved your certificate on one computer and would like to use it on another computer (or browser) as well, you will need to export the certificate and then import it to the other computer or browser.

 

Visit our How Do I library to learn more about how to import and export your certificate.

How do I protect my identity as a certificate holder? 

The best way to protect your identity, as a certificate holder, is to ensure that only you are using your digital certificate. Allowing others to use your certificate through sharing your password, Smart card or USB token password, or your private key weakens the security of the system and presents a security danger to you. A digital certificate is a credential, just like a driver's license or passport, which you would not allow others to share. Certificate holders found to have shared this confidential information will be notified that their certificates are subject to revocation.

How do I move my digital certificate to a new computer?

If your certificate is stored on a Smart Card or Token, install the software you received with your hardware on the new computer, reboot your machine, and insert the Smart Card or Token. Your certificate is now ready for use on the new machine.

 

If your certificate is stored in your browser, then depending on the browser that you use, the process of importing and exporting your certificate may vary.  Please see our How Do I section to view the instructions that apply to your situation.

 

If you no longer have access to your digital certificate, please visit our Certificate Management Center, where you can request a replacement for your certificate.  If you need further instructions for replacement, see our How Do I library, where you can find additional information.

 

How do I reach the IdenTrust Help Desk? 

The IdenTrust Customer Support team is available to assist certificate subscribers in applying, retrieving and managing their certificates. Visit our Contact Us page for more details about how to reach us and the hours that our team is available.

How do I sign a digital document?

Most PDF documents that you will receive will come pre-made with a signing box. If this is the case, follow these directions:

 

1.  Complete any required fields that are in the PDF document.

 

2.  When you are ready to digitally sign, simply click on the signing box.

 

3.  This will open the signing documents window where you can select the certificate you wish to use to sign the PDF document.

 

     Note:  If you have more than one certificate, you can select the one you wish to use by clicking on the Sign As dropdown box. 

 

4.  Once you have selected the certificate you will use to sign the PDF document, select Sign.

 

5.  The Save As dialogue box will appear.

 

6.  Select the location you would like to save the signed PDF document, then click Save. 

 

7.  Your digital signature has now been applied.  

 

Visit our How Do I pages to learn more about digital signing and how to create a signing box in a pdf document.

 
  

What happens if I forget my CryptoAPI Private Key (certificate) password?

IdenTrust never has access to your CryptoAPI Private Key (certificate) password, so we are unable to help you retrieve it if it is lost or forgotten. If you forget this password, you will not be able to use your current certificate and will need to replace it. This process will take approximately 3-5 business days, and will be done without charge to you.

 

For more information about replacing a certificate, please see our How Do I library for instructions to replace your certificate.

What happens if I forget my Master Password?

 

The Master Password or certificate password is the password that protects your certificate. IdenTrust never has access to your master/certificate password, so we are unable to help you retrieve this password if it is lost or forgotten. If you forget this password, you will not be able to use your current certificate (if it is password protected) and will need to replace your certificate. This process will take approximately 3-5 business days, and will be done without charge to you.

For more information about replacing a certificate, please see our How Do I library.

What if I bought the wrong type of certificate? 

If you have used the IdenTrust Certificate Selection to make your buying decision, it is unlikely that you have purchased the wrong type of certificate; however, if you have concerns about this, please feel free to contact our Customer Support team and they can help to assess the product you have selected. Please have your IdenTrust Account Number readily available when you call. View our Contact Us page to see our Customer Support hours and phone numbers.

I can’t access my certificate. What should I do?

If you have an ACES, IGC or TrustID certificate that you cannot use, you may need to replace the certificate. Visit our How Do I library for instructions to replace your certificate.

 

If you cannot access your account with us because you have forgotten your IdenTrust Account passphrase, you can reset your password thru the Certificate Management Center. You do not need to replace the certificate in this case. 

 

If you have a DOD ECA s-Certificate or t-Certificate, a key recovery will need to be done. These certificates cannot be replaced.   Visit our How Do I library for instructions to request a Key Recovery.

What are the rules for creating an IdenTrust account password?

You will create your account password when you register for an IdenTrust certificate.  You will also use your account password when you retrieve your approved certificate.  When selecting your account password, be aware that it:

 

  • Must be between 8 – 30 characters in length
  • Can consist of letters, numbers, and any special characters except ( ) \ / “ *
  • Is case-sensitive (UPPER CASE and lower case letters are not the same thing)
  • Should be something that you will be able to remember, but that others will find difficult to guess 

 

Please note that your account password is different than your certificate password (although you may wish to choose a password that is the same for both).  Your certificate password is used only when you use your certificate for signing or to access a secure site. 

 

What happens if I forget my account password?

For reasons of security and non-repudiation, no person or equipment has access to your unencrypted account password, so there is no mechanism for IdenTrust to look up your account password if you forget it. However, you do have the option to reset you account password through our Certificate Management Center.  You will need to have your IdenTrust account number in order to complete these instructions.  Your account number was provided to you when you were approved for your certificate.

 

1.  Access the Certificate Management Center (CMC).

 

2.  Click LOGIN to launch the CMC session. 

 

3.  When presented with the Choose a digital certificate dialog screen, click Cancel. This will allow you proceed by using your account information.

 

4.  On the Certificate Management Center Login screen, enter your account number, and then choose the I forgot my password link.

 

5.  You will receive a confirmation screen, indicating that the password assistance instructions have been sent to you email address.

 

6. Follow the instructions provided in the email to allow you to reset your account password. Please note that if you cannot remember the answers to your secret questions, you will need to apply for a new certificate.

What is a passcode or passphrase?

This is the security code that you create when you retrieve your hardware-based certificate. We recommend that the passcode or passphrase be at least 6 characters in length, and it may be as long as 20 characters. It can consist of letters, numbers, and/or special characters.

 

The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing). You will use this passcode or passphrase each time you access the certificate on your smart card or USB token.

What is the difference between an Account Password and a Certificate Password?

Account Password

 

The Account Password is created by you when the application is filled out online. This password is required to download your certificate and to access your account via the Certificate Management Center (CMC).

 

Within the CMC you can:

 

  • Revoke your certificate
  • Replace your certificate
  • Renew your certificate
  • Update your account information
  • Update Account Password & security questions

 

The rules for creating your Account Password are:

 

  • Account Password must be between 8-30 characters in length
  • It can consist of letters, numbers and some special characters
  • Cannot contain ( ) \ / " *.
  • The Account Password is case sensitive (UPPER & lower case)


Certificate Password

 

The Certificate Password is created to protect the use of the certificate. Depending on the assurance level of your certificate, when your certificate is downloaded to your machine you may be prompted to create the private key password.   This is referred to as the Certificate Password

 

The Certificate Password is used each time the certificate is accessed:

 

  • Signing emails
  • Signing documents (Adobe, Word, Excel, etc..)
  • Accessing a secure website

 

When creating your Certificate Password we recommend you use the following guidelines:

 

  • Between 8-30 characters
  • At least 1 lower case letter
  • At least 1 upper case letter
  • At least 1 special characters
  • Create a Certificate Password that is not easily guessed, but something that you will not forget

What is the Master Password?

The master or certificate password is the password that you created during the retrieval process.  The certificate password is used to protect your certificate and is requested when you use or back up your certificate.  This password should be at least 6 characters in length, and can be as long as 20 characters. It can consist of letters, numbers, and special characters. The certificate password is case-sensitive (be aware that UPPER CASE and lower case letters are not the same thing).  The certificate password is created and stored in the browser on your computer, so IdenTrust does not store or have access to it.

What are the differences between the various types of passwords?

There are multiple passwords associated with your account and hardware. Please note IdenTrust does not have access to view, confirm or reset your passwords. 

 

Account Password

This password is created during the online application.  You do have the ability to update your password if you can correctly answer the three security questions you chose when you applied for your certificate.  Every account has an account password, but your account can be associated with multiple certificates.


USB Token and Smart Card Password

This password is created when you initially setup your token. Before the retrieval of your certificate, you are prompted by the token software to create password that will protect your token. This password can only be changed if you know the current passcode. Both the USB and the OTP tokens have a token passcode. 


One-Time Use (OTP) Password

This password is only used with an OTP token and is created at the end of the certificate retrieval process. This password can be changed at any time by logging into the CMC and following the prompts to change it. The OTP password is used in conjunction with an OTP Token Code.

 

OTP Token Code:

This is the number generated on the OTP token and displayed in the OTP token window. The OTP token code is used in conjunction with an OTP Password.
 

Which Web browsers are able to support the use of digital certificates? 

Browser compatibility will depend on the type of certificate you are using:

Browser Compatibility Matrix by Digital Certificate Type

Visit our How Do I pages for specific information about exporting and importing your digital certificate using a particular browser. 

Maintain

What are the reasons that IdenTrust must revoke my certificate?

If at any time IdenTrust has been made aware of or has a belief that a certificate/private key has been compromised, we are required by all governing certificate policies to protect the integrity of the certificate by executing a revocation. Once a compromise is identified, IdenTrust must perform a revocation within a specific timeframe as defined by the governing certificate policy. 

 

Examples where revocation is required include:

 

  • Evidence that the certificate owner is not the individual who completed the certificate application, but is calling in for technical support. This situation is typically identified when the caller is the account owner, but they cannot answer questions about information contained in the application.
  • Someone other than the certificate holder is calling in for assistance with installation of the certificate and has access to the password and activation code.
  • You are no longer employed by the organization named in your certificate.

What is revocation and how can I do it?

Revocation is the action of making your certificate unusable. This is necessary when you believe that your certificate/private key has been compromised.  Revocation prevents anyone from using your certificate to create digital signatures or from accessing secure sites.  It is your obligation, based on the Subscriber Agreement you accepted, to request that your certificate be revoked in the case that you believe it has been compromised.  You can revoke your certificate via the Certificate Management Center (CMC).  Use the following procedure to revoke your certificate: 

 

Visit our How Do I library for instructions to replace your certificate.

 

Visit our Document Library to view Subscriber Agreements for each certificate policy type.

How do I replace my digital certificate?

Please visit our How Do I for detailed instructions to replace your certificate.

Renew

I can’t login to the Certificate Management Center (CMC).

If you are having trouble logging in to the Certificate Management Center (CMC), make sure that your browser is not blocking pop-ups for this site. If you are unable to login because you have forgotten your Account Password, you have the option to reset your password via the CMC. This option is available by clicking the link I forgot my account password in the CMC login page. Once you have reset your account password you should be able to access the CMC.

When does my certificate expire?

Depending on the type of certificate you purchased and the validity period you selected, your certificate will expire one, two or three years after it was issued.  You can check the expiration date of your certificate by logging into the Certificate Management Center.  Once you have logged in, locate your certificate listed under the Manage Your Certificates heading. Your certificate, along with the current status and expiration (“valid through”) date is displayed.

 

You will also receive email notifications at 90, 60, 30, 15, 7 and 1 day(s) prior to your certificate expiration.