Frequently Asked Question

Digital Signature Usage

What is a Digital Signature?

A digital signature is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable and cannot be imitated by someone else. The ability to ensure that the original signed message arrived means that the sender cannot easily disclaim it later.

What is a Digital Signature Certificate (DSC)?

Digital Signature Certificates (DSC) is the electronic format of physical or paper certificate like a driving License, passport etc. Certificates serve as proof of identity of an individual for a certain purpose; for example, a Passport identifies someone as a citizen of that country; who can legally travel to any country. Likewise, a Digital Signature Certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally.

Where can I purchase a Digital Signature Certificate?

Legally valid Digital Signature Certificates are issued only through a Controller of Certifying Authorities (CCA), Govt. of India, licensed Certifying Authorities (CA), such as eMudhra.

eMudhra, a Certifying Authority (CA) licensed by CCA, offers secure digital signatures through various options tailored to suit individual as well as organizational needs.

Where can I use Digital Signature Certificates?

You can use Digital Signature Certificates for the following:

  • For sending and receiving digitally signed and encrypted emails .
  • For carrying out secure web-based transactions, or to identify other participants of web-based transactions.
  • In eTendering, eProcurement, MCA [for Registrar of Companies efiling], Income Tax [for efiling income tax returns] Applications and also in many other applications.
  • For signing documents like MSWord, MSExcel and PDFs.
  • Plays a pivotal role in creating a paperless office.
How does a Digital Signature Certificate work?

A Digital Signature Certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, pincode, country, email address, the date the certificate was issued and the name of the Certifying Authority that issued it).

These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a token. The user retains control of the private key; it can only be used with the issued password.

The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Are Digital Signatures Certificate legally valid in India?

Yes, subsequent to the enactment of Information Technology Act 2000 in India, Digital Signature Certificates are legally valid in India.

Digital Signature Certificates are issued by licensed Certifying Authorities under the Ministry of Information Technology, Government of India as per the Information Technology Act.

What is the difference between a Digital Signature and a Digital Signature Certificate?

A digital signature is an electronic method of signing an electronic document whereas a Digital Signature Certificate is a computer based record that

  • Identifies the Certifying Authority issuing it.
  • Has the name and other details that can identify the subscriber.
  • Contains the subscriber's public key.
  • Is digitally signed by the Certifying Authority issuing it.
  • Is valid for either one year or two years.

Digital Signature Usage

Can I use one Digital Signature Certificate for multiple e-mail addresses?

No, you cannot. A digital signature certificate can have only one email address.

Can I use digital signature certificate in e-tendering systems?

Digital signature certificates in e-tendering systems are allowed, but based on the service provider.

Can digital signature certificates be used in wireless networks?

Yes, digital signature certificates can be employed in wireless networks.

Am I allowed to use one web server certificate (SSL) for more than one website?

No. You will not be able to use one SSL certificate on different websites with different domain names because the certificate is explicitly associated with the exact host and domain name.

A wild card SSL certificate can be issued that can support different sub domains like abc.emudhra.com, def.emudhra.com etc.

Regulatory

What is a Certifying Authority (CA)?

A Certifying Authority is a trusted agency whose central responsibility is to issue, revoke, renew and provide directories for Digital Signature Certificates. According to Section 24 of the Information Technology Act 2000, "Certifying Authority" means a person who has been granted a license to issue Digital Signature Certificates.

Who can be a Certifying Authority (CA)?

The IT Act 2000 details the prerequisites of a CA. Accordingly, a prospective CA has to establish the required infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities. Subsequent to complete compliance of all requirements, a license to operate as a Certifying Authority can be obtained. The license is issued by the Controller of Certifying Authorities, Ministry of Information Technology, Government of India.

What is a Registration Authority (RA)?

A RA (Registration Authority) is an agent of the Certifying Authority who collects the application forms and related documents for Digital Signature Certificates, verifies the information submitted and approves or rejects the application based on the results of the verification process.

What is the role of CCA?

The Controller of Certifying Authorities (CCA) is a Government of India undertaking that license and regulate the working of Certifying Authorities.

The CCA certifies the public keys of CAs, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose, CCA operates, the Root Certifying Authority of India (RCAI).

The CCA also maintains the National Repository of Digital Signature Certificate (NRDC), which contains all the certificates issued by all the CAs in the country.

What is NRDC?

In accordance with Section 20 of the IT Act, NRDC is a national repository maintained by the CCA that contains all Digital Signature Certificates and CRLs issued by all the licensed CAs. It also contains all the Digital Signature Certificates and CRLs issued by the CCA through its RCAI. All Relying Parties are allowed to verify the authenticity of a CA's public keys from this repository

What is RCAI?

RCAI is the Root Certifying Authority of India. It was established by the CCA under Section 18(b) of the IT Act and is responsible for digitally signing the public keys of all the licensed CAs in the country. The RCAI root certificate is the highest level of certification in the country. The RCAI root certificate is a self-signed certificate.
The key activities of the RCAI include:
Digitally signing licenses issued by CCA to CA.
Digitally signing public keys corresponding to private keys of a CA.
Ensuring availability of these signed certificates for verification by a Relying Party through the CCA or CA website.

Digital Signature Usage

What is a CRL?

The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA, and are therefore no longer valid.

What is a CPS?

The Certificate Practice Statement (CPS) is a statement of the practices that a Certification Authority (CA) employs for issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its system's trustworthiness and the practices that it employs both in its operations and in its support of issuance of a certificate.

What is a CP?

Certifying Authorities issue Digital Signature Certificates that are appropriate to specific purposes or applications. A Certificate Policy (CP) describes the different classes of certificates issued by the CA, the procedures governing their issuance and revocation and terms of usage of such certificates, besides information regarding the rules governing the different uses of these certificates.

What is Subscriber Agreement?

A Subscriber Agreement is an agreement between Subscriber and eMudhra CA stating that the subscriber will use the Digital Signature Certificate for the assigned use or objective and that the subscriber is solely responsible for the protection of the private key and ensuring functionality of the unique key pair. The subscriber also agrees through the Subscriber Agreement that all the information provided to eMudhra CA at the time of registration is accurate. In the event of any change in information, the subscriber is obliged to immediately inform eMudhra CA.

eMudhra CA is not responsible for any legal disputes arising due to misrepresentation on the part of the subscriber.

Apply and Download

How long will it take for the application to be processed?

DSC issuance would require 5 business days from the date of applying/application.

How do I apply for a digital signature certificate through eMudhra?

eMudhra provides the easiest and most reliable way to obtain your Digital Signature Certificates. You can obtain them in one of the following ways:

Directly through our retail portal i.e. https://www.e-Mudhra.com

  • Apply using our online registration wizard
  • Make payment online
  • Pickup of application form by eMudhra [Subject to availability of pickup facility in the specified city/town]

Please note that applications for Class 2 Gold and Class 3 Platinum require verification and clearance for certificate issuance by concerned authority.

For queries and assistance in completing your registration/application, contact our Help Desk or send us an e-mail.

What are the different steps involved in processing an application for a Digital Signature Certificate?

Application processing for Digital Signature Certificates comprises of three phases:

  • Phase 1 - Filling up of application
  • Phase 2 - Payment/Document Submission
  • Phase 3 - Download of the certificate

Phase 1 - Filling up of application
If you are applying for the Digital Signature Certificate online through the eMudhra portal, you need to fill out an online Digital Signature Certificate application specifying the User Type, Certificate class etc.

Phase 2 - Payment/Document Submission
This phase requires you to make the payment for the application and submit the necessary documents.

If you are applying online, then after filing up of online application, the user is redirected to payment gateway for making payment. Pickup of application form & supporting documents will be done by eMudhra [Subject to availability of pickup facility in the specified city/town]

Phase 3 - Download of the certificate
After successful verification of the documents, eMudhra shall be sending an email containing certificate download credentials. Using the credentials provided by eMudhra, you can logon to eMudhra portal and download digital signature certificate on to the token or browser.

I'm trying to apply for a new Digital Signature Certificate. What 'User Type' should I select?

You can select the 'User Type' based on your requirement of Digital Signature Certificate. It can be for personal, company or government use. If you choose user type as 'Company' or 'Government', you need to submit company or government organization related documents for verification as part of the Digital Signature Certificate issue process.

I'm trying to apply for a new Digital Signature Certificate. What 'Certificate Class' should I select?

Selection of certificate class depends completely on your usage and security requirements. A rough guideline is provided below on the applicability of various levels of certification:

Class 2 Gold - if you need to use the certificate for signing documents, encryption and electronic access control in transactions where proof of identity based on information in the Validating Database is sufficient class.

Class 3 Platinum - for transactions that require a high degree of security and privacy due to exchange of extremely sensitive information that requires unequivocal authentication of the subscriber's identity. Some of the common transactions requiring Class 3 certificates are e-commerce, electronic data interchange by banks, etc.

I'm trying to apply for a new Digital Signature Certificate. What 'Certificate Type' should I select?

Selection of a certificate type depends completely on your requirement. The options available to you are:

  • Signature - Certificate with this key usage, can be used for only digitally signing documents, emails and online transactions.
  • Encryption – Certificate with this key usage, can be used for only encrypting documents, emails and online transactions.
I'm trying to apply for a new Digital Signature Certificate. What 'Type of Token' should I select?

Selection of a token type depends completely on your requirement. The options available to you are:

  • Soft Token - If you would like to download the Digital Signature Certificate to your local machine and use it from that specific machine only
  • USB Token - If you would like to download the Digital Signature Certificate to a USB Token or a Smart card and use it from multiple machines
Why do I need to submit documents for a Digital Signature Certificate?

A Digital Signature Certificate has almost the same importance in the digital world as your Passport or PAN card does in the physical world. Therefore, all information displayed on your Digital Signature Certificate needs to be verified before the certificate can be issued.

What are the documents I need to submit to get a Digital Signature Certificate?

The following documents are required for all classes 2 and 3 and Server Certificates For an individual

  • Attested copy of any one of the following as identity proof (attestation may be by any Gazetted Officer/Bank Manager)
    • Passport
    • Driving License
    • PAN card
    • Post Office ID Card
    • Bank Account Passbook containing the Photograph and signed by an individual with attestation by the concerned Bank official
    • Any Government issued photo ID Card bearing the signature of the individual
    • Photo ID Card issued by the Ministry of Home Affairs of Centre/State Government
  • Attested copy of any one of the following as Address Proof (attestation may be by any Gazetted Officer/Bank Manager)
    • Telephone Bill
    • Electricity Bill
    • Water Bill
    • Gas Connection
    • Bank Statements signed by the Bank
    • Service Tax /VAT/Sales Tax registration certificate
    • Property Tax/Corporation/Municipal corporation receipt
    • Driving Licence
    • Voter ID Card
    • Passport
    • Certificate of Registration for owned Vehicle

For an Organization

  • Attested copy of any one of the following as Identity Proof (attestation may be by any Gazetted Officer/Bank Manager)
    • Passport
    • Driving License
    • PAN card
    • Post Office ID Card
    • Bank Account Passbook containing the Photograph and signed by an individual with attestation by the concerned Bank official
    • Any Government issued photo ID Card bearing the signature of the individual
    • Photo ID Card issued by the Ministry of Home Affairs of Centre/State Government
  • True copy of any one(from the Company Secretary/Director/Partner of the organization)
    • Certificate of Incorporation
    • Memorandum of Association/Articles of Association
    • Partnership Deed
    • Valid Business License
  • True copy of any one (attested by Company Secretary/Director/Partner of the organization)
    • Annual Report
    • Latest Income Tax Return
    • Latest Bank Details of the organization from the Bank
    • Statement of Income issued by Chartered Accountant
  • Authorization letter in favor of the certificate applicant from the organization
  • Domain Name registration proof from the registrar of Domains (if applying for Server Certificate)
Do I have to be physically present for verification of identity when my application is being processed?

Physical presence is mandatory only for verification of applicants seeking Class 3 Platinum type Digital Signature Certificates.

What is the reason for refusal of my request for a Digital Signature Certificate?

eMudhra follows stringent verification procedures as laid down by Govt. of India. Refusal to issue a Digital Signature Certificate is a result of Incomplete application, information or wrong information is the common causes for such refusal.

Can I be sure that my confidential information will not be misused during enrolment for obtaining a Digital Signature Certificate?

eMudhra has a strict policy on the use of applicant and customer information. eMudhra will not disclose such information, except as required by the law.

I have submitted my application for Digital Signature Certificate, but now I have decided to cancel my request. Will I get a refund?

No, the eMudhra CA does not provide any refund of fees paid for the digital signature certificates.

Revocation

Some of the details in my Digital Signature Certificate are incorrect. Can these be corrected?

No, details cannot be changed. You need to revoke the current certificate and apply for a new one by following the same process as the one you used for the earlier certificate.

eMudhra provides a facility where in you can check for the correctness of your details just before downloading of the digital signature certificate. If you are not satisfied with your details displayed, you can reject the application

What is Certificate Revocation?

A Digital Signature Certificate can be revoked under circumstances such as the following

  • Users suspect compromise of certificate private key.
  • Change of personal data.
  • Change of relationship with the organization
How do I revoke my current Digital Signature Certificate, and how long does it take?

Revocation of Certificates can be done either online www.eMudhra.com portal or by contacting the nearest RA. The revocation request will be processed within two working days from the receipt date

Can someone other than the subscriber revoke a certificate?

No, revocation is restricted to:

  • The Subscriber in whose name the certificate has been issued.
  • A duly authorized representative of the subscriber
  • Authorized personnel of eMudhra CA or RA when the subscriber has breached the agreement, regulation, or law that may be in force
Where can I check whether my eMudhra Digital Signature Certificate is revoked or not?

Users can check the status of revocation request from the Certificate Revocation List published in www.eMudhra.com.

How can I renew my Digital Signature Certificate?

You can visit emudhra.com portal for renewal of your Digital Signature Certificate.

Protection and Recovery

How do I protect my Digital Signature Certificate/Private key?
  • Protect your computer from unauthorized access by keeping it physically secure
  • Use access control products or operating system protection features (such as a system password)
  • Always protect your private key with a good password
  • It is better download the digital signature certificate on to the crypto token which is more secure and tamper proof
What do I do if someone copies my Digital Signature Certificate?

Your Digital Signature Certificate cannot be used without your private key. To maintain security, your private key should be protected by a password and never sent across any network. However, you do want your Digital Signature Certificate (which contains your public key) to be available to other users so that they can verify your right to use the Digital Signature Certificate, decrypt messages that you have encrypted with your private key, and verify your digital signatures.

Can more than one person store their Digital Signature Certificate on a computer?

Yes. More than one digital signature certificate can be stored on a computer

I have forgotten my private key password. Can someone change it for me?

No. If you have forgotten your private key password, you will have to apply for a new Digital Signature Certificate

I have lost the Smart Card / USB Token containing my certificate and cryptographic keys. What do I do?

Please contact your nearest RA Administrator immediately to get your certificate suspended to avoid unauthorized access to it.

Will I lose my Digital Signature Certificate if my hard drive is formatted or crashed?

If you have a soft token and if the hard drive is formatted or has crashed, the Digital Signature Certificate will be deleted.

I accidentally deleted my Digital Signature Certificate from my PC hard disk drive. What should I do now?

Once your Digital Signature Certificate and key files have been deleted, damaged or overwritten, there is no way to reactivate your Digital Signature Certificate. You need to revoke your Digital Signature Certificate and then enrol for a new one.

Once your Digital Signature Certificate and key files have been deleted, damaged or overwritten, there is no way to reactivate your Digital Signature Certificate. You need to revoke your Digital Signature Certificate and then enrol for a new one.

Certificate Installation

How do I install my Digital Signature Certificate?

Currently, eMudhra handles installation of all certificates (Root, CA and your Digital Signature Certificate) during download of digital signature certificate.

Browser Upgrade

I deleted Microsoft Internet Explorer and installed the latest version. How do I reinstall my Digital Signature Certificate?

Before installation of latest version, if you have not backed up your certificate, you need to request for a new Digital Signature Certificate

I deleted Netscape Navigator and installed the latest version. How do I reinstall my Digital Signature Certificate?

Before installation of latest version, if you have not backed up your certificate, you need to request for a new Digital Signature Certificate

A more suitable alternative is to upgrade Navigator with the Netscape installer so that your personal information, including your Digital Signature Certificate and private key are preserved. In the future, you should use this installer when upgrading Navigator.