Public Key Infrastructure Certificate Authorities (PKI-CA’s) such IdenTrust must follow a strict process validated via the PKI-CA’s audited Certificate Policy (CP) and Certification Practices Statement (CPS). After initial validation of compliance with Adobe’s AATL technical requirements, the CA is added to Adobe’s AATL. Once in the AATL, any signatures applied with certificates that trace back to their root will be automatically trusted in Adobe products.
AATL, short for Adobe Approved Trusted List, is a program that allows users to create digital signatures that are trusted instantly whenever the signed document is opened in Adobe® Acrobat® or Reader® software. IdenTrust is a member of AATL via the commercial public trust root.
After ‘http://timestamp.identrust.com’ is configured, any new signatures on PDF files will get automatically time-stamped by IdenTrust TSA.
http://timestamp.identrust.com
To use it, post an RFC 3161 compliant message or configure it within applications supporting it.
Yes - Microsoft® does not have a built-in user interface for a Timestamping Authority, but the IdenTrust TSA can be manually configured. You may view our PDF document How Do I Apply IdenTrust Timestamping Authority (TSA) to Microsoft® Office (MS-Office) Digitally Signed Documents to learn more.
Yes, you may submit forms for your IGC certificate request by email. Follow these steps:
To avoid delays or rejection of the submission, confirm the following prior to electronic submission:
The standard method of submitting original signature forms is also accepted. Originals may be mailed to:
IdenTrust Registration
5225 W. Wiley Post Way
Suite 450
Salt Lake City, UT 84116
The original Federal Bridge cross certified version of the IdenTrust Global Common Root CA certificate utilized by IdenTrust to participate in the Federal Bridge Program expired on August 21, 2021. IdenTrust has obtained a re-signed certificate from the Federal PKI and has replaced the expiring certificate with the re-signed certificate.
This change should not impact your operation or certificate validations; however, if you would like to download the new root chains for both IGC human certificates and IGC device certificates at https://www.identrust.com/support/downloads, IdenTrust Global Common (IGC), for your availability and distribution as needed.
IdenTrust does undergo an SSAE-18 SOC 2 Type II audit every year. However, since the detailed information in the audit report is company-confidential, we require an NDA to be in place.
An alternative that does not require an NDA:
As a Certificate Authority, IdenTrust undergoes a WebTrust for Certificate Authorities audit, and the attestation letter for this audit is publicly available without the need for an NDA. The WebTrust for CA audit examines not only the same general information security practices as the SOC 2 criteria does, but also certificate life cycle practices including proper handling of applicant information. The link for the WebTrust for CA audit is at the bottom of our home page. You may also be interested in examining our Privacy Policy.
IdenTrust as a Certificate Authority issues Digital Certificates to digitally sign electronic documents. eNotary individuals can customize the appearance of the Digital Signature with their own Electronic Seal and /or facsimile of a wet signature, while keeping data integrity and non-repudiation of the signed document.
Please use our helpful “How do I” pages to learn more:
Customize the appearance of a Digital Signature in Adobe®
Use Digital Certificate to Sign & Seal Documents
IdenTrust does not assist with the creation of the Electronic Seal but there are multiple companies online who provide this type service of service; here are some samples:
https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/appearances.html
https://www.designfreelogoonline.com/logoshop/free-logo-maker-notary-logo-templates/
IGC certificates are valid for a period of one, two, or three years. They can then be renewed as early as 90 days prior to expiration. Renewal notifications are sent to account owner's email address at 90, 60, 30, 15, 7 and 1 day intervals.
NOTE: Digital certificates are non-transferable to another person or business.
Yes you can purchase a FATCA certificate without having a GIIN. If you do have a GIIN number, IdenTrust may use it to facilitate the approval process for your certificate.
Yes - the "IdenTrust DST Root CA X3" root is expiring on 9/30/2021 has been replaced with the "IdenTrust Commercial Root CA 1" self-signed root which is also trusted by the major browsers and root stores since 1/16/2014. You may download the IdenTrust Commercial Root CA 1 at this link: Root Certificate Download.
If you have appliances that are not dynamically updating the root trust chain, they need to be manually updated with the self-signed "IdenTrust Commercial Root CA 1" which can be downloaded at this link: Root Certificate Download.
Digital certificates retrieved into a browser, also known as software storage certificates, are intended to be used mainly from a single computer. As no additional device is required, software storage certificates are relatively inexpensive.
Digital certificates retrieved into a portable hardware device such as USB token or Smart card, not only can be used from multiple computers, but also offer additional security via the built-in second factor authentication feature. Certificates stored in hardware devices can also be configured for Client Authentication for faster secure login sessions.
The decision to opt for a software storage or a hardware storage certificate is mainly predefined by the sponsoring organization (business); at an individual level, the applicant should weigh-in if the additional security and portability benefits are worth the hardware expense.
Note: Be sure to check with your relying party or program to determine if it requires a specific type of storage:
Browser compatibility will depend on the type of certificate and the operating system you are using.
Software Certficates | Microsoft® Edge | Google® Chrome | Mozilla® Firefox | Android® OS |
---|---|---|---|---|
Certificates can be retrieved using these browsers | X | X | X | |
Certificates can be imported to these browsers | X | X | X | X |
Hardware Certificates | Microsoft® Edge | Google® Chrome | Mozilla® Firefox | Android® OS |
---|---|---|---|---|
Certificates can be retrieved using these browsers | X | X | X | |
Certificates can be imported using these browsers | X | X | X |
Software Certificates | Google® Chrome | Mozilla® Firefox | Apple® Safari | iOS (iPhone/iPad) |
---|---|---|---|---|
Certificates can be retrieved using these browsers | X | X | X | |
Certificates can be imported using these browsers | Accessible Via Keychain | X | Accessible Via Keychain | X |
Hardware Certificates | Google® Chrome | Mozilla® Firefox | Apple® Safari | iOS (iPhone/iPad) |
---|---|---|---|---|
Certificates can be retrieved using these browsers | X | X | X | |
Certificates can be imported using these browsers | Accessible Via Keychain | X | Accessible Via Keychain |
TLS/SSL Certificates Are Interoperable With: |
---|
|
A digital certificate is a form of ID, just like a Driver’s License or Passport. We need to verify your identity before we can approve your application and issue your certificate.
Here is a list of what you will need to provide:
• An official Photo ID: Driver’s license or State ID Card
• A Credit Card: In your name for address verification (not necessarily for payment)
• Personal Information: Your FULL name (no nicknames or abbreviations), home address, and Social Security Number
• Payment Information: Credit Card number or Payment Voucher number
If you are requesting a certificate that asserts affiliation with an organization, you will also need to submit forms that demonstrate that your organization is authorizing you to obtain a certificate that includes the organization name.
Your digital certificate will display several pieces of information:
Different certificate types may also normally contain items such as:
Please note that the certificate will NEVER contain or display your personal information. The information that we collect during the application process is only used to validate your identity.
You can also view your certificate in your browser. The following is an example of what your certificate looks like in Microsoft® Edge:
IdenTrust Global Common (IGC) Certificates are cross-certified with the U.S. Federal Bridge Certification Authority, enabling trust by U.S. Federal, State and local governments, along with commercial entities or applications wishing to rely only Certificates proven to be issued in a standards-compliant manner.
IGC Certificates available:
Use cases for IGC Certificates include authentication to networks and applications, digital signing of email, transactions and documents, and encryption of email. Our Certificate Selection Wizard will help you to determine the best certificate to suit your business or personal needs. Learn more about IGC Federal Bridge Certified certificates.
Account Password
The Account Password is created by you when the application is filled out online. This password is required to download your certificate and to access your account via the Certificate Management Center (CMC).
Within the CMC you can:
The rules for creating your Account Password are:
Certificate Password
The Certificate Password is created to protect the use of the certificate. Depending on the assurance level of your certificate, when your certificate is downloaded to your machine you may be prompted to create the private key password. This is referred to as the Certificate Password.
The Certificate Password is used each time the certificate is accessed:
When creating your Certificate Password we recommend you use the following guidelines:
Both IGC and TrustID have AATL certificates available. Learn more about AATL Enabled Digital Certificates.
IGC certificates may be purchased directly from the IdenTrust website where both credit card and voucher payment is accepted. In some cases a participating agency may cover the costs for people under that agency or for those who are required to obtain an IGC certificate necessary to interact with that agency. If you would like to find out if your certificate costs are covered by a participating agency, please contact that agency directly, as IdenTrust does not directly participate in these certificate cost concessions.
Your private key (which is sometimes password protected in your web browser) is literally the key that opens your digital certificate. It allows you to digitally sign documents and decrypt information that was only meant for you. You should safeguard your private key just as you would any other form of identification. Just as you would not allow someone else to sign your name to something, or to use your social security number, you would not allow others to use your digital certificate.
There are many uses for IGC certificates. Because IGC certificates are certified under the Federal Bridge policy, they are accepted and/or used by:
Visit our Federal Bridge Certified page to learn more about IGC certificates or to purchase an IGC certificate.
A digital certificate provides an electronic means of proving your identity in order to securely conduct business online. You can use certificates to:
Our Certificate Selection Wizard will assist you in choosing the best certificate to meet your needs.
There are three general types of digital certificates--Individual Identity, Business Identity, and TLS/SSL Certificates:
The type of certificate may also dictate whether or not the certificate is stored in software or a hardware device, such as a Smart card or USB token.
See our document using the IdenTrust Certificate Selection Wizard for more information about choosing your certificate.
Certificates are stored on cryptographic hardware devices for additional security and as an option to use them from multiple computers.
For AATL Enabled certificates TrustID Medium Assurance | Business Identity | Hardware Storage | Trusted By Adobe® and TrustID Medium Assurance | Individual Identity | Hardware Storage | Trusted By Adobe®, Adobe®'s technical requirements specify that the issuing Certification Authority must generate them is cryptographic devices with at least FIPS 140-2 Level 2 security. This security feature disable exportation and duplication of the private keys. For this purpose, IdenTrust supports only HID smart cards and HID USB Tokens compliant with the AATL requirement.
IGC certificates are cross-certificated under the Federal Bridge which means that they are accepted for use in government applications such as the Electronic Prescriptions for Controlled Substances (EPCS) program. IGC certificates can also be used by professionals who submit signed and sealed documents to state and local agencies, such as Departments of Transportation (DOTs) and individuals who perform eNotary services.
IGC certificates offer multiple benefits:
Learn more about IGC Federal Bridge Certified certificates and use our Certificate Selection Wizard to assist you in selecting the IGC certificate for your specific application. .
IdenTrust holds applicants' personal information in the strictest confidence. In compliance with the Gramm-Leach-Bliley Act of 1999 (GLBA), we do not share personal information with outside third parties.
IdenTrust hardware-based Digital Certificates (both ECA and IGC) used to encrypt e-mail satisfy the DoD CMMC requirements.
DoD CMMC require use of FIPS-validated cryptography to protect sensitive information in an e-mail. IdenTrust Digital Certificates used to encrypt e-mail are generated and stored in FIPS-validated cryptographic modules.
Browser-based certificates do not meet this requirement.
Yes. All IGC certificates meet the Category II NFI PKI requirements because the IGC Root CA is cross-certified with the Federal Bridge – which is part of the definition of Category II NFI PKI.
“Category II: Non-Federal Agency PKIs cross certified with the Federal Bridge Certification Authority (FBCA) or PKIs from other PKI Bridges that are cross certified with the FBCA”
We are also listed on https://public.cyber.mil/pki-pke/interoperability/ Table in the last section of the page lists us as Category II with PIV-I being the highest assurance level (which means all of the lower assurance levels like Basic and Medium and Medium Hardware are implied to be part of that)
A digital certificate is a form of ID, just like a Driver’s License or Passport. We need to verify your identity before we can approve your application and issue your certificate.
Here is a list of what you will need to provide:
• Two forms of approved, valid (unexpired) ID, one of which must be a photo ID. Examples include a Passport, Certificate of Naturalization, Drivers License or State ID, CAC Card, and U.S. issued Birth Certificate. View our PDF document Identity Verification Requirements DoD ECA Certificate Policy for details.
• The Headquarters' address for your organization.
• The name of the agency or agencies you will use your certificate to interact with.
• Voucher Number: The voucher code you have been provided.