FAQ

General

Digital Signatures and Certificates

A digital signature is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable and cannot be imitated by someone else. The ability to ensure that the original signed message arrived means that the sender cannot easily disclaim it later.

Digital Signature Certificates (DSC) is the electronic format of physical or paper certificate like a driving License, passport etc. Certificates serve as proof of identity of an individual for a certain purpose; for example, a Passport identifies someone as a citizen of that country; who can legally travel to any country. Likewise, a Digital Signature Certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally.

A Digital Signature Certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a Digital Signature Certificate. You can use certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message.

Legally valid Digital Signature Certificates are issued only through a Controller of Certifying Authorities (CCA), Govt. of India,licensed Certifying Authorities (CA), such as eMudhra. eMudhra, a Certifying Authority (CA) licensed by CCA, offers secure digital signatures through various options tailored to suit individual as well as organizational needs.

You can use Digital Signature Certificates for the following:

  • For sending and receiving digitally signed and encrypted emails.
  • For carrying out secure web-based transactions, or to identify other participants of web-based transactions.
  • In eTendering, eProcurement, MCA [for Registrar of Companies efiling], Income Tax [for efiling income tax returns] Applications and also in many other applications.
  • For signing documents like MSWord, MSExcel and PDFs.
  • Plays a pivotal role in creating a paperless office.

A Digital Signature Certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, pincode, country, email address, the date the certificate was issued and the name of the Certifying Authority that issued it).
These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a token. The user retains control of the private key; it can only be used with the issued password.
The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Yes, subsequent to the enactment of Information Technology Act 2000 in India, Digital Signature Certificates are legally valid in India.
Digital Signature Certificates are issued by licensed Certifying Authorities under the Ministry of Information Technology, Government of India as per the Information Technology Act.

A digital signature is an electronic method of signing an electronic document whereas a Digital Signature Certificate is a computer based record that

  • Identifies the Certifying Authority issuing it.
  • Has the name and other details that can identify the subscriber.
  • Contains the subscriber's public key.
  • Is digitally signed by the Certifying Authority issuing it.
  • Is valid for either one year or two years.

Digital Signature Usage

No, you cannot. A digital signature certificate can have only one email address.

Digital signature certificates in e-tendering systems are allowed, but based on the service provider.

Yes, digital signature certificates can be employed in wireless networks.

No. You will not be able to use one SSL certificate on different websites with different domain names because the certificate is explicitly associated with the exact host and domain name.
A wild card SSL certificate can be issued that can support different sub domains like abc.emudhra.com, def.emudhra.com etc.

Regulatory

A Certifying Authority is a trusted agency whose central responsibility is to issue, revoke, renew and provide directories for Digital Signature Certificates. According to Section 24 of the Information Technology Act 2000, "Certifying Authority" means a person who has been granted a license to issue Digital Signature Certificates.

The IT Act 2000 details the prerequisites of a CA. Accordingly, a prospective CA has to establish the required infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities. Subsequent to complete compliance of all requirements, a license to operate as a Certifying Authority can be obtained. The license is issued by the Controller of Certifying Authorities, Ministry of Information Technology, Government of India.

A RA (Registration Authority) is an agent of the Certifying Authority who collects the application forms and related documents for Digital Signature Certificates, verifies the information submitted and approves or rejects the application based on the results of the verification process.

The Controller of Certifying Authorities (CCA) is a Government of India undertaking that license and regulate the working of Certifying Authorities. The CCA certifies the public keys of CAs, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose, CCA operates, the Root Certifying Authority of India (RCAI).
The CCA also maintains the National Repository of Digital Signature Certificate (NRDC), which contains all the certificates issued by all the CAs in the country.

In accordance with Section 20 of the IT Act, NRDC is a national repository maintained by the CCA that contains all Digital Signature Certificates and CRLs issued by all the licensed CAs. It also contains all the Digital Signature Certificates and CRLs issued by the CCA through its RCAI. All Relying Parties are allowed to verify the authenticity of a CA's public keys from this repository.

RCAI is the Root Certifying Authority of India. It was established by the CCA under Section 18(b) of the IT Act and is responsible for digitally signing the public keys of all the licensed CAs in the country.
The RCAI root certificate is the highest level of certification in the country. The RCAI root certificate is a self-signed certificate.

The key activities of the RCAI include:

  • Digitally signing licenses issued by CCA to CA
  • Digitally signing public keys corresponding to private keys of a CA
  • Ensuring availability of these signed certificates for verification by a Relying Party through the CCA or CA website

Repository

The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA, and are therefore no longer valid.

The Certificate Practice Statement (CPS) is a statement of the practices that a Certification Authority (CA) employs for issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its system's trustworthiness and the practices that it employs both in its operations and in its support of issuance of a certificate.

Certifying Authorities issue Digital Signature Certificates that are appropriate to specific purposes or applications. A Certificate Policy (CP) describes the different classes of certificates issued by the CA, the procedures governing their issuance and revocation and terms of usage of such certificates, besides information regarding the rules governing the different uses of these certificates.

A Subscriber Agreement is an agreement between Subscriber and e-Mudhra CA stating that the subscriber will use the Digital Signature Certificate for the assigned use or objective and that the subscriber is solely responsible for the protection of the private key and ensuring functionality of the unique key pair. The subscriber also agrees through the Subscriber Agreement that all the information provided to e-Mudhra CA at the time of registration is accurate. In the event of any change in information, the subscriber is obliged to immediately inform e-Mudhra CA.
e-Mudhra CA is not responsible for any legal disputes arising due to misrepresentation on the part of the subscriber.

Registration and Application

Apply And Download

DSC issuance would require 5 business days from the date of applying/application.

e-Mudhra provides the easiest and most reliable way to obtain your Digital Signature Certificates. You can obtain them in one of the following ways:
Directly through our retail portal i.e. https://www.e-Mudhra.com

  • Apply using our online registration wizard
  • Make payment online
  • Pickup of application form by eMudhra [Subject to availability of pickup facility in the specified city/town]

Please note that applications for Class 2 Gold and Class 3 Platinum require verification and clearance for certificate issuance by concerned authority.
For queries and assistance in completing your registration/application, contact our Help Desk or send us an e-mail.

Application processing for Digital Signature Certificates comprises of three phases:

  • Phase 1 - Filling up of application
  • Phase 2 - Payment/Document Submission
  • Phase 3 - Download of the certificate

Phase 1 - Filling up of application
If you are applying for the Digital Signature Certificate online through the e-Mudhra portal, you need to fill out an online Digital Signature Certificate application specifying the User Type, Certificate class etc.
Phase 2 - Payment/Document Submission
This phase requires you to make the payment for the application and submit the necessary documents. If you are applying online, then after filing up of online application, the user is redirected to payment gateway for making payment. Pickup of application form & supporting documents will be done by eMudhra [Subject to availability of pickup facility in the specified city/town].
Phase 3 - Download of the certificate
After successful verification of the documents, e-Mudhra shall be sending an email containing certificate download credentials. Using the credentials provided by e-Mudhra, you can logon to e-Mudhra portal and download digital signature certificate on to the token or browser.

You can select the 'User Type' based on your requirement of Digital Signature Certificate. It can be for personal, company or government use. If you choose user type as 'Company' or 'Government', you need to submit company or government organization related documents for verification as part of the Digital Signature Certificate issue process.

Selection of certificate class depends completely on your usage and security requirements. A rough guideline is provided below on the applicability of various levels of certification:
Class 2 Gold - if you need to use the certificate for signing documents, encryption and electronic access control in transactions where proof of identity based on information in the Validating Database is sufficient class.
Class 3 Platinum - for transactions that require a high degree of security and privacy due to exchange of extremely sensitive information that requires unequivocal authentication of the subscriber's identity. Some of the common transactions requiring Class 3 certificates are e-commerce, electronic data interchange by banks, etc.

Selection of a certificate type depends completely on your requirement. The options available to you are:

  • Signature - Certificate with this key usage, can be used for only digitally signing documents, emails and online transactions.
  • Encryption ? Certificate with this key usage, can be used for only encrypting documents, emails and online transactions.

Selection of a token type depends completely on your requirement. The options available to you are:

  • Soft Token - If you would like to download the Digital Signature Certificate to your local machine and use it from that specific machine only
  • USB Token - If you would like to download the Digital Signature Certificate to a USB Token or a Smart card and use it from multiple machines

A Digital Signature Certificate has almost the same importance in the digital world as your Passport or PAN card does in the physical world. Therefore, all information displayed on your Digital Signature Certificate needs to be verified before the certificate can be issued.

The following documents are required for all classes 2 and 3 and Server Certificates For an individual

The following documents are required for all classes 2 and 3 and Server Certificates For an individual
  • Attested copy of any one of the following as identity proof (attestation may be by any Gazetted Officer/Bank Manager)
    • Passport
    • Driving License
    • PAN card
    • Post Office ID Card
    • Bank Account Passbook containing the Photograph and signed by an individual with attestation by the concerned Bank official
    • Any Government issued photo ID Card bearing the signature of the individual
    • Photo ID Card issued by the Ministry of Home Affairs of Centre/State Government
  • Attested copy of any one of the following as Address Proof (attestation may be by any Gazetted Officer/Bank Manager)
    • Telephone Bill
    • Electricity Bill
    • Water Bill
    • Gas Connection
    • Bank Statements signed by the Bank
    • Service Tax /VAT/Sales Tax registration certificate
    • Property Tax/Corporation/Municipal corporation receipt
    • Driving Licence
    • Voter ID Card
    • Passport
    • Certificate of Registration for owned Vehicle

For an Organization
  • Attested copy of any one of the following as Identity Proof (attestation may be by any Gazetted Officer/Bank Manager)
    • Passport
    • Driving License
    • PAN card
    • Post Office ID Card
    • Bank Account Passbook containing the Photograph and signed by an individual with attestation by the concerned Bank official
    • Any Government issued photo ID Card bearing the signature of the individual
    • Photo ID Card issued by the Ministry of Home Affairs of Centre/State Government
  • True copy of any one(from the Company Secretary/Director/Partner of the organization)
    • Certificate of Incorporation
    • Memorandum of Association/Articles of Association
    • Partnership Deed
    • Post Office ID Card
    • Valid Business License
  • True copy of any one (attested by Company Secretary/Director/Partner of the organization)
    • Annual Report
    • Latest Income Tax Return
    • Latest Bank Details of the organization from the Bank
    • Statement of Income issued by Chartered Accountant
  • Authorization letter in favor of the certificate applicant from the organization
  • Domain Name registration proof from the registrar of Domains (if applying for Server Certificate)

Physical presence is mandatory only for verification of applicants seeking Class 3 Platinum type Digital Signature Certificates.

eMudhra follows stringent verification procedures as laid down by Govt. of India. Refusal to issue a Digital Signature Certificate is a result of Incomplete application, information or wrong information is the common causes for such refusal.

e-Mudhra has a strict policy on the use of applicant and customer information. e-Mudhra will not disclose such information, except as required by the law.

No, the e-Mudhra CA does not provide any refund of fees paid for the digital signature certificates.

Certificate Management

Revocation

No, details cannot be changed. You need to revoke the current certificate and apply for a new one by following the same process as the one you used for the earlier certificate.
eMudhra provides a facility where in you can check for the correctness of your details just before downloading of the digital signature certificate. If you are not satisfied with your details displayed, you can reject the application.

A Digital Signature Certificate can be revoked under circumstances such as the following

  • Users suspect compromise of certificate private key.
  • Change of personal data.
  • Change of relationship with the organization

Revocation of Certificates can be done either online www.e-Mudhra.com portal or by contacting the nearest RA. The revocation request will be processed within two working days from the receipt date.

No, revocation is restricted to:

  • The Subscriber in whose name the certificate has been issued.
  • A duly authorized representative of the subscriber
  • Authorized personnel of e-Mudhra CA or RA when the subscriber has breached the agreement, regulation, or law that may be in force

Users can check the status of revocation request from the Certificate Revocation List published in https://www.e-Mudhra.com

You can visit e-mudhra.com portal for renewal of your Digital Signature Certificate.

Protection and Recovery

  • Protect your computer from unauthorized access by keeping it physically secure
  • Use access control products or operating system protection features (such as a system password)
  • Always protect your private key with a good password
  • It is better download the digital signature certificate on to the crypto token which is more secure and tamper proof

Your Digital Signature Certificate cannot be used without your private key. To maintain security, your private key should be protected by a password and never sent across any network. However, you do want your Digital Signature Certificate (which contains your public key) to be available to other users so that they can verify your right to use the Digital Signature Certificate, decrypt messages that you have encrypted with your private key, and verify your digital signatures.

Yes. More than one digital signature certificate can be stored on a computer

No. If you have forgotten your private key password, you will have to apply for a new Digital Signature Certificate

Please contact your nearest RA Administrator immediately to get your certificate suspended to avoid unauthorized access to it.

If you have a soft token and if the hard drive is formatted or has crashed, the Digital Signature Certificate will be deleted.

Once your Digital Signature Certificate and key files have been deleted, damaged or overwritten, there is no way to reactivate your Digital Signature Certificate. You need to revoke your Digital Signature Certificate and then enroll for a new one.
Once your Digital Signature Certificate and key files have been deleted, damaged or overwritten, there is no way to reactivate your Digital Signature Certificate. You need to revoke your Digital Signature Certificate and then enroll for a new one.

Certificate Management

Certificate Installation

Currently, e-Mudhra handles installation of all certificates (Root, CA and your Digital Signature Certificate) during download of digital signature certificate.

Browser Upgrade

Before installation of latest version, if you have not backed up your certificate, you need to request for a new Digital Signature Certificate

Before installation of latest version, if you have not backed up your certificate, you need to request for a new Digital Signature Certificate.
A more suitable alternative is to upgrade Navigator with the Netscape installer so that your personal information, including your Digital Signature Certificate and private key are preserved. In the future, you should use this installer when upgrading Navigator.