The FAQ section answers all your questions, whether they are related to the Digital Certificates, their usage, applications, Certifying Authorities or any technical question you may have. If this section doesn't answer your questions please feel free to contact our Helpdesk 6356 - 894 - 444, Email : dscsales[at]ncode[dot]in

  • What is a Certifying Authority?
    1. A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew and provide directories of Digital Certificates. In real meaning, the function of a Certifying Authority is equivalent to that of the passport issuing office in the Government. A passport is a citizen's secure document (a "paper identity"), issued by an appropriate authority, certifying that the citizen is who he or she claims to be. Any other country trusting the authority of that country's Government passport Office will trust the citizen's passport.

      Similar to a passport, a user's certificate is issued and signed by a Certifying Authority and acts as a proof . Anyone trusting the Certifying Authority can also trust the user's certificate.

      According to section 24 under Information Technology Act 2000 "Certifying Authority" means a person who has been granted a licence to issue Digital Signature Certificates.

    2. Who can be a Certifying Authority (CA)?

      The IT Act 2000 gives details of who can act as a CA. Accordingly a prospective CA has to establish the required infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities, and only based on complete compliance of the requirements, a license to operate as a Certifying Authority can be obtained. The license is issued by the Controller of Certifying Authority, Ministry of Information Technology, Government of India.

    3. What is a Subordinate CA (Sub CA)?

      A Sub CA (Subordinate CA) means a Certifying Authority falling under the (n)Code Solution CA trust hierarchy. The private key of the (n)Code Solution CA is used to sign the Public Key of such Sub CA. Sub CA, though not specifically part of the IT act, can be an entity working under the CCA trust chain with all the responsibilities mandated by the IT Act being taken care of by the CA.

    4. What is a Registration Authority (RA)?

      A Registration Authority (RA) is responsible for initiating the certificate issuance process after receiving approved application request from the Local Registration Authority. Revocation requests for Digital Certificates from subscribers/ authorized representative of the subscriber are also handled by the RA.

    5. What is a Local Registration Authority (LRA)?

      An LRA (Local Registration Authority) is an agent of the Certifying Authority who collects the application forms for Digital Signature Certificates and related documents, does the verification and approves or rejects the application based on the results of the verification process.

    6. Where can I locate the (n)Code Solutions LRA nearest to my place?

      For getting contact details of LRA close to you, please visit https://www.ncodesolutions.com/contact.asp

    7. What are Certificate Policies (CP)?

      Certifying Authorities issue Digital Certificates that are appropriate to specific purposes or applications. Certificate Policies describe the different classes of certificates issued by the CA, the procedures governing their issuance and revocation and terms of usage of such certificates and among other things the rules governing the different uses of these certificates.

    8. What is a Certification Practice Statement (CPS) ?

      A statement of the practices, which a certification authority employs in issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its trustworthy system and the practices it employs in its operations and in support of issuance of a certificate. General CPS framework is given in the guidelines.

  • Digital Signatures and Digital Certificates
    1. What is a Digital Signature?

      Digital signatures are electronically generated and can be used to ensure the integrity and authenticity of some data, such as an e-mail message and protect against non-repudiation.

    2. Are Digital Signatures legally valid in India?

      Yes, after the enactment of Information Technology Act 2000 in India, Digital Signatures are legally valid in India.

    3. What is a Digital Certificate?

      A Digital certificate is a form of an electronic credential for the Internet. Similar to a driver's license, employee ID card, a Digital certificate is issued by a trusted third party to establish the identity of the certificate holder. The third party who issues the Digital Certificate is known as the Certifying Authority (CA).

    4. What is the relationship between public keys and Digital Certificates?

      A certificate is an electronic document that binds a public key to a particular individual or organization. A trusted third party, called a Certifying Authority (CA), issues certificates. Before issuing a certificate, a CA will go though a series of authentication procedures to make sure that you are what you claim to be, and that the public key in the certificate really belongs to you.

      The certificate is then encrypted (signed) with the CA's private key. Thus, if the end users trust the CA, and have the CAs public key, he can be sure of the certificate's legitimacy.

    5. Is there any difference between Digital Certificate and Digital Signature?

      Digital Signatures provide Authentication, Privacy, Non repudiation and Integrity in the virtual world . IT Act 2000 in India gives legal validity to electronic transactions that are digitally signed. Therefore we need digital signatures for secure messaging, online banking applications, online workflow applications, e-tendering, supply chain management etc.

      Digital Certificates are digital documents attesting to the binding of a public key to an individual or specific entity. They allow verification of the claim that a specific public key does in fact belong to a specific individual. Digital Certificates help prevent someone from using a phony key to impersonate someone else.

      In their simplest form, certificates contain a public key and a name. As commonly used, a certificate also contains an expiration date, the name of the Certifying Authority that issued the certificate, a serial number etc. Most importantly, it contains the digital signature of the certificate issuer.


      A digital signature is an electronic method of signing an electronic document whereas a Digital Certificate is a computer based record which.

      • Identifies the Certifying Authority issuing it.
      • Has the name or I the identity of its subscriber.
      • Contains the subscriber's public key.
      • Is digitally signed by the Certifying Authority issuing it.
  1. What are the different types/ classes of Digital Certificates provided by (n)Code Solutions?

    (n)Code Solutions CA provides seven different classes of Digital Certificate for different applications and types of users.

  2. Class Category Supported Applications
    I Individual Secure E-mail
    IIa Individual
    • Web form signing
    • Client Authentication
    • Secure E-Mail
    • Other low Risk Transactions
    IIb Enterprises / Government Organizations or Agencies
    • Web form signing
    • Client Authentication
    • Secure E-Mail
    • Other low Risk Transactions
    IIIa Individual
    • VPN User
    • Code Signing
    • Web Form Signing
    • Client Authentication
    • Secure E-Mail
    IIIb Enterprises / Government Organizations or Agencies
    • VPN User
    • Code Signing
    • Web Form Signing
    • Client Authentication
    • Secured E- mail
    IIIc Individual / Enterprises / Government Organizations or Agencies SSL Server Authentication
    IIId Individual / Enterprises / Government Organizations or Agencies VPN Device Authentication
  3. What is the validity period of the (n)Code Solutions' Digital Certificates?

    (n)Code Solutions' Digital Certificates are valid for one year or two years from the date of issuance.

  4. What payment mechanisms does (n)Code Solutions accept?

    (n)CodeSolutions accepts payment through demand draft/cheque only.

  5. Can some one else purchase and utilize a Digital Certificate for me or on my behalf?

    An organization can purchase Digital Certificates for its employees with the objective of secure and authenticated web communication. But no one can utilize your Digital Certificate because (only one) your email address is attached to the Digital Certificate purchased for you and your Digital Certificate with private key is stored under your control. Please take care and avoid giving direct physical access to your important private key.

  6. How can I apply for a Digital Certificate?

    (n)Code Solutions provides the easiest and most reliable way to obtain your Digital Certificates . You can obtain them through our online registration wizard or you can submit your application request to our nearest LRA (Local Registration Authority).

    You will be able to apply for a Digital Certificate by accessing our website at https://www.ncodesolutions.com If you have any queries or need assistance, we are available to answer your questions and provide any assistance that you need to complete your Digital Certificate registration. Contact (n)Code Solutions' Help Desk at 91-79-26857315. Our service desk hours are Monday-Saturday, 10:00 AM - 6:00 PM (Indian Standard Time).

  7. What are the different steps in processing an application for a Digital Certificate?

    There are three different phases for obtaining a Digital Certificate.

    • Application Phase

      In the application phase, the applicant will access the (n)Code Solutions CA website at www.ncodesolutions.com to select customer type and class of certificate needed and also accept Subscriber Agreement. After that, the applicant will be taken to online registration form complying with IT Act 2000, and he will have to fill the online registration form and choose a pass phrase for later authentication.

      After due verification of mandatory fields, the applicant will be given an opportunity to confirm the given details. The applicant will also print the displayed form to hand sign and send it across the (n)Code Solutions CA.

      The applicant will be shown the list of documents required with reference to category and the class of certificate chosen with payment details and also time period for physical presence, if the class of certificate chosen by subscriber requires physical presence.

    • Authentication Phase

      In authentication phase, (n)Code Solutions verifies and validates the information you provide in the online application and identification form. Upon approval of your application, (n)Code Solutions will send you an email on the email address provided in the application form with a link for email id verification.

    • Retrieval Phase

      After email verification, receipt of documents /physical appearance and payment of stipulated fees, Reference Number will be sent through email whereas Authorization Code will be sent through registered A.D. on the postal address provided in the application form, except for class 1where Authorization Code will be communicated via email. Once you have received your retrieval email or kit, you will be able to access your Digital Certificate.

  8. Can I use an accent, circumflex or any other international character in my enrollment information?

    No, (n)Code Solutions enrollment software currently accepts only standard ASCII characters.

  9. Can I send my application request for Digital Certificate through mail?

    Yes, you can submit your Digital Certificate application request by duly filling up our Registration Form available at our website to our local registration authority with necessary documents as mentioned in the registration form for verification purpose.

    For contact information of our LRA (Local Registration Authority), Please visit https://www.ncodesolutions.com/contact-us.php

  10. Can I be sure that my confidential information will not be misused during enrollment for obtaining a Digital Certificate?

    (n)Code Solutions has a strict policy on the use of applicant and customer information. (n)Code Solutions will not disclose such information, except as required under the law.

  11. I have submitted my application for Digital Certificate, but now I have decided to cancel my request. Will I get a refund?

    Sorry, The (n)Code Solutions CA does not provide any refund of the fees paid for the digital signature certificates.

  12. What is the reason for refusal of my request for a Digital Certificate?

    Refusal to issue a Digital Certificate is a result of stringent verification procedure. Incomplete application, information or wrong information are the common causes for such refusal.

  13. What does "Relying Party" mean?

    Relying party is an entity that relies on the information provided in a valid digital signature certificate.

  14. What is Subscriber Agreement?

    A Subscriber Agreement is an agreement between Subscriber and (n)Code Solutions CA stating that, subscriber will use Digital Certificate for the assigned use or objective and he is solely responsible for the protection of the private key and ensuring functionality of his/her key pair. Subscriber also agrees through Subscriber Agreement that all the information provided to (n)Code Solutions CA at the time of registration are not misrepresented, in the event of any change in information, subscriber will immediately inform (n)Code Solutions CA. (n)Code Solutions CA will not be responsible for any legal disputes arising due to misrepresentation on the part of subscriber.

  15. What is Certificate Issuance?

    Certificate issuance process involves verification and validation checks to establish identity and other information acquired through the application form for the applicant. (n)Code Solutions CA has varied requirements for documents as well as other checks for different classes of certificates.

    1. Can a person have two Digital Certificates; say one for office and other for personal use?

      Yes, you can possess two different Digital Certificates for different purposes but at the same time you should have two different email addresses for two different Digital Certificates.

    2. What actually happens when I digitally sign any transaction?

      When you sign any transaction, you are using your private key. When the recipient receives the information with your certificate, he can verify the information using the public key on your certificate.

      Signing a transaction:

      • Verifies the user's identity;
      • Establishes his / her credentials to perform the transaction;
      • Protects the integrity of the information itself (it cannot be changed once the user has signed it).

      Once the user has digitally signed a transaction he cannot deny that he has sent the information. This is referred to as non-repudiation.

    3. What is the difference between signing and encrypting e-mail?

      Signing an e-mail message means you attach your Digital Certificate to it so that the recipient knows it came from you and was not tampered within route. Signing authenticates a message, but it does not provide protection against third party monitoring.

      Encrypting a message means you "scramble" it in a way that only the intended recipient can "unscramble" it, which safeguards against monitoring. In order to send a signed message, you must have a Digital Certificate. Encrypting a message requires that you have the recipient's Digital Certificate.

    4. Can I send secure e-mail to someone who does not have a Digital Certificate?

      You can digitally sign any e-mail as long as the recipient has an e-mail application, which supports S/MIME. You cannot encrypt a message, however, unless you have the recipient's Digital Certificate.

    5. How do I know if the e-mail I receive is signed or encrypted?

      Netscape Communicator Users: Any signed e-mail you receive will have a prominent icon in the upper-right corner of the message saying "signed" or "encrypted" or both. If you want more information about the security of a message, click on the Security button (the one that looks like a padlock) above the message.

      Microsoft Internet Explorer Users: Signed messages will be shown in the inbox (or any other folder) with a red ribbon on the envelope icon. Encrypted messages will show a padlock on the envelope icon.

    6. I have a new e-mail address. Can I update my Digital Certificate?

      Once a Digital Certificate has been issued it cannot be changed. Your Digital Certificate specifically verifies that your public key is bound to your stated e-mail address, so when you change addresses you need to request a new Digital Certificate. If you would like to enroll at this time, please visit the https://www.ncodesolutions.com/

    7. I have a new e-mail address. Can I update my Digital Certificate?

      height="16">Once a Digital Certificate has been issued it cannot be changed. Your Digital Certificate specifically verifies that your public key is bound to your stated e-mail address, so when you change addresses you need to request a new Digital Certificate. If you would like to enroll at this time, please visit the https://www.ncodesolutions.com/

    8. I want to attach my digital signature for my email account at yahoo.com, how can I?

      Unfortunately Web-based mail like Yahoo, Hotmail, Incredimail, MSN or AOL is not S/MIME compatible and so cannot be used with a Personal Email Certificate.

      In order to secure your mail you must setup your mail and install the personal certificate in a mail client that can support S/MIME like Outlook 2000, Outlook Express or Netscape Messenger.

      Alternatively you would have to configure your email client on your PC (i.e. Outlook Express) to access your Web based account with the correct username, password and POP settings.

    9. Can I use one Digital Certificate for multiple email addresses?

      No you cannot. At this stage, we can issue them, but they will not be recognized by most email software. So you should request a certificate for each email address separately. You can have multiple E-mail addresses attached to an account, but when you request each certificate you will be asked which E-mail address you want the certificate attached to.

    10. I have downloaded Digital Certificate . Will it get automatically connected to Outlook?

      After downloading and importing Digital Certificate in your web browser, you are ready to use your Digital Certificate with web browser but for using with your email client software you will have to configure necessary settings. To get descriptive help for configuring email client software for using digital signatures, please visit following.

    11. I have taken Digital Certificate, but when my client opened my email in yahoo.com he was not able to verify my Digital Certificate but he got smime.p7m file with it, what is it?

      Unfortunately Web-based mail like Yahoo, Hotmail are not S/MIME compatible and so cannot be used with a Personal Email Certificate. Email is secured by using a combination of two functions: signing and/or encrypting the original mail. Each is represented at the recipient end in the form of attachments.

      A signed mail has an attachment called smime.p7s (containing the sender's signature).

      An encrypted mail has an attachment called smime.p7m (containing the encrypted message).

      Therefore, to verify a signed and/or read an encrypted message, your client need a mail reader compatible with S/MIME which will interpret the attachments, otherwise your client will see the message with all these attachments described above.

    12. How can one digitally sign email using Outlook Web Access service provided by Microsoft Exchange Server, when that person is in remote places?

      For this Assure Messaging Solution has to be integrated with the mail server to provide digital signature based access control.

    13. My name has changed. Can I keep using the same Digital Certificate issued by (n)Code Solutions?

      Sorry, but you cannot. Your Digital Certificate needs to be revoked when your name changes. You can inform about this to our helpdesk at revocation of your Digital Certificate to prevent any misuse

    14. What is the scope of using digital signatures in the e-tendering system?

      Yes, you can digital signatures for e-tendering. Only following transactions/instruments are not recognized as per the IT Act

      • Negotiable Instrument as defined in section 13 of 26 of 1881. The Negotiable Instrument Act, 1881.
      • A power-of-attorney.
      • Succession Act/Will.
      • Transfer of Immovable property.
      • Trust
    15. Can digital signature be employed in a wireless network?

      Yes, Digital Signature can be employed in wireless network.

    16. I have purchased a Digital Certificate as individual. Can I use it for my website?

      Sorry, you cannot use Digital Certificate which you have purchased as an individual for your website. For authenticating your website you will be in need of a different Digital Certificate which is called as SSL (secure socket layer) certificate.

      A Digital Certificate, which you have purchased as an individual will be used for sending and receiving secure email and web-based transactions through web browsers. While if you want to use Digital Certificate for your website, you will have to purchase Digital Certificate specially based for the functionality of web based transactions.

    17. Is the information contained in my Digital Certificate automatically sent to the websites I visit?

      No, you control the presentation of your Digital Certificates to websites through the settings in your web browser.

      Netscape Communication Users: You can choose whether or not your Digital Certificate is automatically sent to the web sites you access, and which Digital Certificate (if you have more than one installed) are used. To change your Digital Certificate usage settings:

      • Click on the Security Preferences button (the one that looks like a padlock) on the Main toolbar.
      • Click Navigator from the menu on the left.
      • From the Default Certificate to present to websites pop-up list, select the Digital Certificate to use automatically, or choose one of the other options: Ask every time (the default setting) or Let Navigator choose.

      Microsoft Internet Explorer Users: Internet Explorer always asks you whether to send Digital Certificate information to any website requesting it, and allows you to choose which Digital Certificate to use (if you have more than one installed)

    18. Which Cryptographic Service Provider (CSP) I have to select while downloading a Digital Certificate?

      During registration process, if you are using Internet Explorer it will display a list of different cryptographic service providers, but the first highlighted cryptographic service provider will be the default one, which is present in your computer. So when you reach at this stage, please select the highlighted one.

      If you are using Netscape Navigator, 0nline registration wizard will not ask you for cryptographic service provider but for the key length. Please select key length of 1024.

    19. Why do I need to validate a Digital Certificate?

      When a document or transaction is signed using a Digital Certificate, it serves as a means of identifying the person who signed since a certificate and vouches for the owner's identity or association with a particular organization. It is important to validate a certificate to ensure that it has not been changed, revoked or has not expired.

    20. What are the various validation mechanisms available?

      You can validate a certificate using CRL, OCSP or CAM.

    21. What is a CRL?

      A list of certificates that have been revoked by the Certifying Authority. The CRL contains the certificates, which are no longer valid.

    22. What is CRL Validation?

      Certificate Authorities publish Certificate Revocation Lists (CRLs), which as the name suggests are lists of revoked or cancelled certificates. These CRLs are published at regular intervals and contain periodic updates to the status of certificates. Through Certificate Revocation List, the (n)Code Solutions CA notifies users that a particular certificate is no longer valid.

      In CRL based validation, the application downloads the latest CRL (or refers to a cached CRL) and checks for certificate validity against this list.

  1. What is Certificate Revocation?

    A Digital Certificate can be revoked under circumstances like:

    • Users suspect compromise of certificate private key.
    • Change of personal data.
    • Change of relationship with the organization.
  2. How do I revoke my current Digital Certificate, and how long does it take?

    In order to eliminate the malicious act of the third parties, we ask you to contact us for revocation. (n)Code Solutions' Customer Support will process the revocation within two working days after receipt of notice from your representative.

  3. What is the procedure to initiate revocation request?

    Through Fax/Hand Delivery/Courier

    Download revocation request form from our website at https://www.ncodesolutions.com. Forward that revocation request form to us after duly filling and hand signing it. We will verify the information contained in the revocation request with the issued certificate and application form. Later, we will proceed with the revocation request.

    Through E-mail

    Send us an email with the revocation form in an attachment to the (n)Code Solutions CA helpdesk at ra[at]ncodesolutions[dot]com with the subject line "Revocation Request". You should encrypt this transaction by using the public key of the (n)Code Solutions CA. The subscriber must digitally sign the transaction even though the private key may have already been compromised. After receiving your email we will verify the information and will proceed for revocation as per the revocation grace period.

    In case of any mismatch of information, you will be intimated accordingly through an email and revocation request will not be processed.

  4. Can some one else revoke my certificate?

    No, because the revocation request can only be made by-

    • The Subscriber in whose name the certificate has been issued.
    • The duly authorized representative of the subscriber.
    • Authorized personnel of the (n)Code Solutions CA or RA when the subscriber has breached the agreement, regulation, or law that may be in force.
  5. Whom should I inform if my private key is compromised? What charges do I have to pay for revocation of my Digital Certificate?

    If you have a reason to believe that your private key is compromised, immediately inform about this through email to (n)Code Solutions CA's help desk at support[at]ncodesolutions[dot]com. Requests for revocation of the Digital Certificate can also be sent to ra[at]ncodesolutions[dot]com with the request digitally signed by you if the compromised private key is still under your possession. The certificate revocation form is also available on the (n)Code Solutions CA website at https://www.ncodesolutions.com which can be filled in and sent to (n)Code Solutions office for processing of the revocation request.

    No fee is charged for certificate revocation and the serial number of your Digital Certificate will be immediately displayed in the certificate revocation list on successful revocation of your Digital Certificate.

  6. Where can I check whether the (n)Code Solutions Digital Certificate is revoked or not?

    Through https://www.ncodesolutions.com/repository/ncodecrl.crl you will be able to access Certificate Revocation List (CRL). It provide serial number of (n)Code Solutions's Digital Certificate which you intend to verify whether it is revoked or not. After providing serial number press 'submit' button, within seconds you will get the exact status whether Digital Certificate is valid or it is revoked by (n)Code Solutions CA.

  7. I did not renew the certificate within the expiry date, what should I do now?

    You cannot renew the certificate by accessing URL stated in the e-mail.

    Please ask our representatives for the renewal of your (n)Code Solutions certificate.

  8. How do I renew my certificate?

    If you have selected the [Auto renewal] option on the application form, you will receive a [Request to renew certificate] e-mail 30 days before the expiration of validity date. As you access the URL stated in the e-mail, you will be able to get renewal certificate. You will need an old certificate registered in your browser to renew it.

  1. Why should I save a backup copy of my Digital Certificate?

    In case yours hard drive crashes or your Digital Certificate gets accidentally deleted. If you store a backup copy of your Digital Certificate on a floppy disk in a secure place, then you will always be able to re-install your Digital Certificate. If you lose your Digital Certificate and it is not backed-up, then you will lose any messages that have been encrypted for you.

  2. Will unplugging my computer disrupt my Digital Certificate?

    No. Your key pair and your Digital Certificate are stored on your hard drive and are not disrupted by removing the power source to your computer.

  3. How do I protect my Digital Certificate/Private key?

    Protect your computer from unauthorized access by keeping it physically secure. Use access control products or operating system protection features (such as a system password). Take measures to protect your computer from viruses, because a virus may be able to attack a private key. Always chose to protect your private key with a good password.

  4. What if some one copies my Digital Certificate?

    Your Digital Certificate cannot be used without your private key, which is never transmitted to us. To maintain security, your private key should be protected by a password and never sent across any network. You want your Digital Certificate (which contains your public key) to be available to other users so that they can verify your right to use the Digital Certificate, decrypt messages that you have encrypted with your private key, and verify your digital signatures.

  5. What does my Private Key look like?

    Private Keys are not easily viewed simply because they need to remain secure. They exist for the most part in an encrypted state within the registry of the Operating System. However, if specified at the time of key pair generation, it is possible to export a Private Key as a data file for backup purposes. Like any cryptographic key, Private Keys are simply long, random numbers.

  6. How is my Digital Certificate's private key protected?

    Your private key is protected in two ways:

    • It is stored on your computer's hard drive so you can control access to it.
    • When you generate your Digital Certificate's private key at collection time, the software you use (such as your browser) will probably ask you for a password. This password protects access to your private key. For Internet Explorer users, your private key is normally protected by your Windows password.

    A third party can access your private key only by:

    • having access to the file your key is stored in (which is usually part of your system's configuration information) and
    • Knowing your private password. Some software permits you to choose to not have a password protect your private key. If you use this option, then you are trusting that no one, presently or in the future, will have unauthorized access to your computer. In general, it is far easier to use a password than to completely safeguard your computer physically. Not using a password is a bit like pre-signing all of the cheques in your chequebook and then leaving it open on your desk.
  7. I forgot my private key password. Can someone change it for me?

    Unfortunately not. If you have forgotten your private key password, no one can help you, and you will have to apply for a new (n)Code Digital Certificate. In addition, any secure E-mail messages encrypted using your public key will be effectively lost. In some cases you might also have to reinstall your E-mail software and Web browser as well.

  8. I accidentally deleted my Digital Certificate from my PC's hard disk drive. What should I do now?

    Once your Digital Certificate and key files have been deleted, damaged or overwritten, there is no way to reactivate your Digital Certificate. You will first need to revoke your Digital Certificate, and then enroll for a new one.

  9. My PC's hard disk drive crashed. Is there any way to recover my Digital Certificate?

    A hard drive crash usually deletes all key pair and Digital Certificate files in your computer. Once these files have been lost, there is no way to reactivate the Digital Certificate. You will first need to revoke your Digital Certificate, and then enroll for a new one.

  10. My computer was stolen. What should I do to protect my Digital Certificate?

    If your key files were protected with a password, then it is unlikely that the thief will be able to use your Digital Certificate to impersonate you. In Microsoft Internet Explorer, your key files are protected by your Windows password, and in Netscape they are protected by your Navigator or Communicator password. If you want another Digital Certificate You should immediately revoke your Digital Certificate, then enroll for a new one.

  11. Can more than one person store their Digital Certificate on a computer?

    Yes. Netscape Communicator is set up to allow multiple people to use Netscape on the same computer using profiles. Each person uses their profile to keep their settings, preferences, bookmarks, mail messages and certificates separate from other users of Netscape on the same computer.

  12. How do I transfer my Digital Certificate to a new computer?

    (Microsoft Internet Explorer) The first step for transporting your Digital Certificate is to save ("export") it from the hard drive of the computer where it is currently held onto a floppy disk or other transport medium.

    When your Digital certificate has been successfully exported, you can then import it into the new location. To import your Digital Certificate into Internet Explorer:

    • From the View menu of Explorer, choose Internet Options
    • Select the Content tab.
    • Select Personal from the Certificates list.
    • Click the Import button.
    • Locate your Digital Certificate from the disk and folder in which it is saved (it should have a .pfx or .p12 extension). Once you have found it, highlight it and click Open.
    • If prompted, enter the security password used to protect your Digital Certificate (this is NOT the transport password, but the security password you use each time you present your Digital Certificate). You may be prompted to enter this password multiple times (possibly as many as 20) before it takes.
    • Enter your transport password and click OK.
  1. I deleted Microsoft Internet Explorer and installed the latest version. How do I reinstall my Digital Certificate?

    If you removed your old copy of Internet Explorer by deleting the application and its directory, you also deleted your Digital Certificate. You need to request for a new Digital Certificate.

  2. I deleted Netscape Navigator and installed the latest version. How do I reinstall my Digital Certificate?

    If you removed your old copy of Netscape Navigator by deleting your Netscape directory, you also deleted the file that contained the private key associated with your Digital Certificate. Without that private key, you cannot reinstall your Digital Certificate. You need to request a new Digital Certificate. Upgrading Navigator with the Netscape installer preserves your personal information, including your Digital Certificate and private key. In the future, you should use this installer when upgrading Navigator

    You can request a Digital Certificate when you register your copy of Navigator, or you can go directly to the Digital Certificate Center.

  3. Can I use my Digital Certificate with more than one browser or e-mail application (for example, with Netscape Navigator and Microsoft Internet Explorer)?

    Exporting From Netscape Navigator:

    • Click on the Security icon (the one that looks like a padlock) from the main toolbar.
    • Select Certificates: Personal from the menu on the left.
    • Select the Digital Certificate you want to move and click the Export button.
    • Choose a transport password, which you will be required to present when importing, and then click OK.
    • Select a disk drive and file name in which to save your Digital Certificate, then click Save.

    Importing Into Microsoft Internet Explorer:

    • From the View menu of Explorer, choose Internet Options
    • Select the Content tab.
    • Select Personal from the Certificates list.
    • Click the Import button.
    • Insert the disk with your Digital Certificate into your floppy drive and choose the file name in which your Digital Certificate is stored (it should end with .pfx), then click Save.
    • Enter your transport password and click OK.

    Exporting Into Microsoft Internet Explorer:

    • From the View menu of Explorer, choose Internet Options.
    • Select the Content tab.
    • Select Personal from the Certificates list.
    • Highlight the Digital Certificate you wish to save, and then click the Export button.
    • Choose a password and a file name for your Digital Certificate. This new password protects this specific copy of your Digital Certificate--you will be required to present it when you want to import or open this copy of your Digital Certificate. Be sure to include a disk and folder location in the file name, such as a: if you want to save to a floppy disk. Click OK.
    • If prompted, enter the security password you have always used to protect your Digital Certificate. There is a bug in some versions of Internet Explorer 4.0 you may be prompted to enter this password multiple times (possibly as many as 20) before it takes. Microsoft is aware of this and is working towards a solution.

    Import Into Netscape Navigator

    NOTE: Only the later versions of Navigator 4.0 and up support importing Digital Certificates

    • Click on the Security icon (the one that looks like a padlock) from the main toolbar.
    • Click on Yours under Certificates from the menu on the left.
    • Click the Import Certificate button located near the bottom of the page.
    • If prompted, enter the password used to protect your Digital Certificate (this is NOT the transport password, but the security password you use each time you present your Digital Certificate). You may be prompted to enter this password multiple times before it takes.
    • Enter your transport password and click OK. (If your Digital Certificate shows up as a long series or numbers or letters, it should still work correctly.).
  4. I deleted my old Microsoft Internet Explorer or Netscape Navigator and installed the latest version. How do I reinstall my Digital Certificate?

    If you removed your copy of Microsoft Internet Explorer or Netscape Navigator by deleting the application and its directory, you also deleted the file that contained the private key associated with your Digital Certificate. Without that private key, you cannot reinstall your Digital Certificate.

  5. [Master Password] is asked when I am proceeding in the certificate acquisition for Netscape. Is Challenge Code and Master Password the same?

    No, it is not the same. In Netscape, there is an independent database for administering the certificates. Master Password is a password for accessing its database. Please DO NOT forget the password. Otherwise, you won't be able to backup the certificates in the database.

    In Internet Explorer, OS administer the certificate database, and the password is the same as your login password.

  6. I checked my Digital Certificate, and the following message appeared : This certificate is not trusted.. What does this mean?

    Most of the time, the root certificate which is installed improperly, causes this to happen. Please follow the instruction below for the resolution

    If you are using Netscape:

      1. Open up your browser, and on the [Security] menu, click [Signers]. 2. Select [(n)Code Solutions CA] from [Certificate Signers Certificates], and then click [Edit]. 3. Check both [Accept this Certificate Authority for Certifying network sites] and [Accept this Certificate Authority for Certifying e-mail users], then click [OK].

    If you are using Internet Explorer:

    • Open up your browser, and on the [Tools] menu, click [Internet Options].
    • Select [Content] tab, press [Certificates] button, and click [Trusted Root Certification Authorities] tab.
    • Select [(n)Code Solutions CA] in the list of root certificate, and click [Advanced...] button.
    • Make sure [Server Authentication] and [Client Authentication] is checked. (It is recommended that other option boxes are also checked.)
  1. What is SSL (secure socket layer) and how does it work?

    Secure Socket Layer (SSL) is a technology developed by Netscape and adopted by all vendors producing related Web software. It negotiates and employs the essential functions of mutual authentication, data encryption, and data integrity for secure transactions.

    This exchange between the client and server is performed using the Secure Sockets Layer (SSL). SSL 2.0 supports server authentication only; SSL 3.0 supports both client and server authentication.

  2. I want to utilize one web server (SSL) certificate for more than one website, can I?

    You will not be able to use one certificate on different websites as the certificate is tied to the exact host and domain name. If you have a certificate for https://www.ncodesolutions.com/, you can only use the certificate for https://www.ncodesolutions.com/ and NOT https://ncodesolutions.com/

    If you do use a certificate on a different website, you will get a Certificate/Site mismatch error.

  3. What should users verify before trusting an SSL certified website?

    Before trusting any SSL certificate provided website, visitors should verify given below points: -

    • The SSL certificate must have a chain of trust back to a root CA the client trusts.
    • The server certificate, and all the CA certificates in the certificate chain of trust, must have valid signatures. Every certificate is signed by the next-higher CA, except for a root CA, which signs its own certificate.
    • The current date and time must be within the validity period of the server certificate, and of all the CA certificates in the certificate chain of trust. Every certificate has a validity period (a starting date and time and an ending date and time when the certificate is valid for use).
    • The client must retrieve the CRLs from every CA in the certificate chain of trust and check to see if the server certificate or one of the subordinate CAs has been revoked by its next-higher CA.
  1. What is PKI?

    The PKI is a framework of policies, services, and encryption software that provides the assurances, users need before they can confidently transmit sensitive information over the Internet and other networks. At the heart of a PKI is a "Certifying Authority" which issues to each individual a Digital Certificate linking that particular person to a known public key.

  2. What is cryptography?

    Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient. In short, cryptography is science of securing data.

  3. What is secret key cryptography?

    Secret-key cryptography is sometimes referred to as symmetric cryptography. It is the more traditional form of cryptography, in which a single key can be used to encrypt and decrypt a message. Secret-key cryptography not only deals with encryption, but it also deals with authentication.

  4. What is Public Key Cryptography?

    Public Key Cryptography is a method for securely exchanging messages, based on assigning two complimentary keys (one public, one private) to the individuals involved in a transaction. Public Key Cryptography is based on the science of encryption, the mathematical scrambling and unscrambling of messages.

  5. What is authentication?

    Authentication is the process of verifying a claimed identity. This includes:

    • Establishing that a given identity actually exists;
    • Establishing that a person or organization is the true holder of that identity;
    • Enabling identity holders to identify themselves for the purposes of carrying out a transaction via an electronic medium.
  6. What is encryption?

    Encryption is the process of using a mathematical formula and an encryption key to scramble information so that is unintelligible to unauthorized persons. Since electronic information is in the form of a series of ones and zeroes, an encryption process can transform a particular electronic message into another sequence of ones and zeros that is uniquely related to the original message.

  7. What is decryption?

    Decryption is the process of converting the scrambled information back to its original, plain text form using the same mathematical formula and a decryption key related to the encryption key so an authorized person can understand it.

  8. What is non-repudiation?

    Non-repudiation provides proof of the origin or delivery of data in order to protect the sender against a false denial by the recipient that the data has been received or to protect the recipient against false denial by the sender that the data has been sent.

  9. What is Private Key?

    "Private Key" means one of the key of a key pair used to create a Digital Signature.

  10. What is Smart Card?

    A plastic card like credit card with a built-in microprocessor and memory used for identification or financial transactions. When inserted into a reader, it transfers data to and from a central computer. It is more secure than a magnetic stripe card and can be programmed to self-destruct if the wrong password is entered too many times.

  11. What is an e-token?

    An e-token is a powerful and secure hardware device that enhances he security of data on public and private networks. The size of a normal house key, e-token can be used to generate and provide secure storage for passwords and Digital certificates, for secure authentication, digital signing and encryption. E-tokens are based on smart card technology but require no special readers.

  12. What is key agreement protocol?

    A key agreement protocol, also called a key exchange protocol, is a series of steps used when two or more parties need to agree upon a key to use for a secret-key crypto system. These protocols allow people to share keys freely and securely over any insecure medium, without the need for a previously established shared secret.

  13. What is a digital envelope?

    The digital envelope consists of a message encrypted using secret-key cryptography and an encrypted secret key.

  14. What is a hash algorithm?

    An algorithm that transforms a string of characters into a usually shorter value of a fixed length or a key that represents the original value. This is called the hash value. Hash functions are employed in symmetric and asymmetric encryption systems and are used to calculate a fingerprint/imprint of a message or document. When hashing a message, the message is converted into a short bit string - a hash value - and it impossible to re-establish the original message from the hash value. A hash value is unique in the sense that two messages cannot result in the same bit string, and any attempt to make changes to the message will negate the value and thus the signature.

  15. What is digital time stamping?

    A digital time-stamping service issues time-stamps, which associate a date and time with a digital document in a cryptographically strong way. The digital time-stamp can be used at a later date to prove that an electronic document existed at the time stated on its time-stamp. For example, a physicist who has a brilliant idea can write about it with a word processor and have the document time-stamped. The time-stamp and document together can later prove that the scientist deserves the Nobel Prize, even though an archrival may have been the first to publish.

  16. What are Public Key Cryptography Standards?

    Public Key Cryptography Standards are a set of standard protocols for the development of a public key infrastructure (PKI). These standards include RSA encryption, password-based encryption, extended certificate syntax, and cryptographic message syntax for the S/MIME secure e-mail standard. Developed in 1991 by RSA Laboratories with representatives from various computer vendors, PKCS is today widely deployed in public key cryptography systems.

    • PKCS #1: RSA Cryptography Standard describes a method for encrypting data by using the RSA public key crypto system. Used in the construction of digital signatures and digital envelopes.
    • PKCS #2: Has been incorporated into PKCS #1.
    • PKCS #3: Diffie-Hellman Key Agreement Standard describes a method for implementing the Diffie-Hellman key agreement. PKCS#3 is used in protocols for establishing secure communications.
    • PKCS #4: Has been incorporated into PKCS #1.
    • PKCS #5: Password-based Cryptography Standard Password-based security standard.
    • PKCS #6: Extended Certificate Syntax Standard describes a syntax for extended certificates, consisting of a certificate and a set of attributes, collectively signed by the issuer of the certificate. This extends the certification to allow for verification of other information concerning the entity.
    • PKCS #7: Cryptographic Message Syntax Standard specifies a general format for cryptographic messages.
    • PKCS #8: Private Key Information Syntax Standard describes syntax for private key information. Private Key information includes a private key for a public key algorithm and a set of attributes. The standard also describes syntax for encrypted private keys.
    • PKCS #9: Selected Attribute Types defines selected attribute types for use in some of the PKCS standards.
    • PKCS #10: Certification Request Syntax Standard specifies a standard syntax for certificate requests.
    • PKCS #11: Cryptographic Token Interface Standard defines a technology-independent programming interface for cryptographic devices such as smart cards.
    • PKCS #12: Personal Information Exchange Syntax Standard specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets etc. PKCS #13: Elliptic Curve Cryptography Standard under development. The standard will include many aspects of elliptic key cryptography, including parameter and key generation/validation, digital signatures, public key encryption, key agreement, and ASN.1 syntax.
    • PKCS #14: Pseudorandom Number Generation Standard under development. The standard will address many aspects of pseudorandom number generation.
    • PKCS #15: Cryptographic Token Information Format Standard for cryptographic tokens used for identification purposes.
  17. What is Cryptographic Service Provider?

    A Cryptographic service provider is responsible for creating keys, destroying them, and using them to perform a variety of cryptographic operations. Each cryptographic service provider provide a different implementation of the crypto API, some provide stronger cryptographic algorithms, while others contain hardware components, such as smart cards.

  18. What is a Distinguished Name (DNs)?

    A unique identifier of a person or thing having the structure required by the relevant certificate profile. A distinguished name is assigned to each key holder, organization or other entity.

    In the (n)CodeSolutions's Certificate Server, DNs is to identify the owner of a certificate and the authority that issued a certificate.

  19. What is SSL (secure socket layer)?

    Secured Sockets Layer is a protocol that transmits your communications over the Internet in an encrypted form. It is designed by Netscape Communications to enable encrypted, authenticated communications across the Internet. SSL ensures that the information is sent, unchanged, only to the server you intended to send it to. Online shopping sites frequently use SSL technology to safeguard your credit card information.

    When SSL is employed to secure your transaction, the information contained in your transaction is secretly encoded as it is sent between your computer and the computer (web server) you have linked to. Note, for an SSL transaction to work, your browser must be SSL compatible, and the web server you have linked to must be able to perform the necessary "key exchange" with your SSL compatible browser.

  20. What is MIME?

    MIME (Multipurpose Internet Mail Extensions) is a set of specifications for the interchange of text in languages with different character sets. MIME is also used to attach multimedia and rich text elements to e-mail that may be transmitted among different computer systems using Internet mail standards. The specifications define Content-Types and other conventions for the formatting of e-mail messages. S/MIME is a later standard that adds security to e-mail communication by allowing signing and encryption of messages.

  21. What is S/MIME?

    A standard that extends the MIME (Multipurpose Internet Mail Extensions) specifications to support the signing and encryption of e-mail transmitted across the Internet.

  22. What do X.509 and X.500 mean?

    X.509: - A widely used standard for defining Digital Certificates. X.509 is actually an ITU Recommendation, which means that it has not yet been officially defined or approved for standardized usage. As a result, companies have implemented the standard in different ways. For example, both Netscape and Microsoft use X.509 certificates to implement SSL in their Web servers and browsers. But an X.509 Certificate generated by Netscape may not be readable by Microsoft products, and vice versa.

    X.500: - An ISO and ITU standard that define how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information, such as country, state, and city. X.500 supports X.400 systems.

  23. What is Certificate Validation Mechanism?

    A certificate validation mechanism is a mechanism, which is used when a document or transaction is signed using a Digital Certificate, and which serves as a means of identifying the person who signed since a certificate vouches for the owner's identity or association with a particular organization. Hence a certificate validation mechanism is important to implement to ensure that it has not been revoked or has not expired.

  24. What is Certificate Validation?

    Validation refers to determining the status of a certificate - whether valid, expired or revoked. All Certificates have a fixed life (say one year), but there are various reasons for which a certificate may be invalidated before its due expiry.

  25. What is OCSP Validation?

    OCSP refers to certificate validation that occurs through the Online Certificate Status Protocol mechanism, this type of validation occurs only when the signer certificate is stamped with an AIA (Authority Information Access) extension.

    OCSP can be either a replacement or a supplement to checking the validity of a certificate against a Certificate Revocation List (CRL). Using OCSP, when a user attempts to access a server, OCSP sends a request for certificate status information. The server sends back a response of "current", "expired," or "unknown."

  26. What is CAM?

    The Certificate Arbitrator Module (CAM) was created to provide validation services across different vendors of the ACES program. It is an application level router that efficiently and consistently routes certificates from relying party programs to the issuing certificate authorities for validation. By interfacing directly with the CAM, a relying party application can interact seamlessly with multiple CAs.