If you are a corporate customer, you can request Blackberry service through your Etisalat account manager.If you do not have an account manager, you can collect a Blackberry Application Form at any Etisalat Business Center or call 8005800 or 101. If you are not a corporate consumer, you can visit any Etisalat Business Center near you or you can send an SMS to 1010. You can subscribe to one of the available plans and start using the service.
A Certificate contains your name, a serial number, expiration date, public key (used for encrypting messag es), digital signature and the digital signature of the Certificate-Issuing Authority so that a recipient can verify that the certificate is real

A Digital Certificate facilitates secure transactions. Contracts, images, letters, etc, may be digitally signed, encrypted and sent electronically in seconds.s

Digital signatures present a convenient, time saving, and secure way of signing electronic documents. A digital signature (not to be confused with a digital certificate) is an electronic rather than a written signature that can be used by someone to authenticate the identity of the sender of a message or of the signer of a document. It can also be used to ensure that the original contents of the message or document are unchanged. Additional benefits of the use of a digital signature are that it cannot be easily repudiated, cannot be imitated by someone else, and can be automatically time-stamped A digital certificate contains digital signature of the certificate-issuing authority (CA) so that anyone relying on the identity of an individual or organization can verify that the certificate is real.

A digital signature looks like the following:
-------BEGIN SIGNATURE------
I QB 1 Aw UB MVSiA5QYCuMfgNYjAQFAKgL/ZkBfbeNEsbthba4Blrcn jaqbcKgNv+a5kr4537y8RCd+RHm75yYh5xxA1ojELwNhhb7cltrp2V7LlOn Aelws4S87UX80cLBtBcN6AACf11qymC2h+Rb2j5SU+rmXWru+=QFMx
------END SIGNATURE------

To encrypt a file means to scramble a stream of data so that its original contents cannot be read.Restoring the data to its original form is known as decryption. Both encryption and decryption require a key, a digital message, and an encryption algorithm. There are several types of encryption, all requiring the use of secret informa tion, usually referred to as a key.In traditional encryption, called secret (symmetric)-key encryption, the sender uses the secret key to scramble (encrypt) the message and the receiver uses the same key to unscramble (decrypt) it. But this method has a problem. The sender and receiver must agree on the secret key without anyone else finding it out. Often, they must trust a courier or a phone system to communicate the secret code. Anyone who overhears or intercepts the key in transit can read, modify or forge encrypted messages.Therefore, what is more commonly used today is a method called public (asymmetric)-key encryption. Introduced in 1976, this method gives each user a pair of keys: a public key and a private key. Each person's public key is made a vailable in a public directory; while the private key is kept secret.

Short form for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Na viga tor and Internet Explorer support SSL. Many Websites use this protocol to obtain confidential user information, such as credit card numbers. By convention,Web pages that require an SSL connection start with https:

A trusted third-party organization issues digital certificates that are used to create digital signatures and public-private key pairs . The role of the CA in this process is to validate that the individual granted the unique certificate is, in fact, who he or she claims to be. CAs are a critical component in data security and electronic commerce because they confirm identities of parties exchanging information.

Certificates have a specified lifetime, but CAs can reduce this lifetime by the process known as certificate revocation. The CA publishes a certificate revocation list (CRL) that lists certificates it considers no longer valid. The CA may also include in the CRL the reason why the certificate has been revoked. It also includes a date from which this change of status is understood to apply.

The term public key infra structure (PKI) is us ed to describe the policies , standards, a nd software that regulate or manipulate certificates and public and private keys. In practice, PKI refers to a system of digital certificates, certification authorities (CAs), and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction

Two keys—a public key and a private key, which are mathematically related—are used in public-key encryption. To contrast it with symmetric-key encryption, public-key encryption is also sometimes called asymmetric-key encryption. In public-key encryption, the public key can be passed freely between the parties or published in a public repository, but the related private key remains private. Data encrypted with the public key can be decrypted only using the private key. Data encrypted with the private key can be decrypted only using the public key.

Users can apply online at the Etisalat web site www.etisalat.ae/pki or at by using the enrollment links below:
A) Demo Certificate
https ://comtrust.etisalat.ae/enrollment/app/general/Demo
B) User Certificate
https ://comtrust.etisalat.ae/enrollment/app/general/User
C) Business User Certificate
(Login for existing customers only):
https ://comtrust.etisalat.ae/enrollment/app/Customer/Login
D) SSL Server Certificate
https://comtrust.etisalat.ae/enrollment/app/general/Server

Yes, except for DEMO user certificates

Yes, except for DEMO user certificates

If you donot have any specific requirements, just leave it to the default selection. The Cryptographic method provided is simply a set of libraries that are used to generate the key-pairs. (e.g., you can use the smart card libraries to create your keys on a smart card)

In general you should get an email describing the steps that should follow your enrollment. If a reference number is communicated to you, please note it down. You will be able to check status of your certificate using this reference number. Depending on the type of certificate you have applied for, the processing time will differ.If the specified period has elapsed then you can contact our Registration Authority (RA) team by sending an email to pkira@etisalat.ae for an update.

Microsoft Internet Explorer (7.0 or later):
1. From the Tools menu, click Internet Options.
2. From the Content tab, click Certificates.
3. From the Personal tab, double-click the desired certificate.
4. Click the Details tab. Scroll to view the desired information.
The fields to note are:
- Valid To - certificate expiration date.
- Subject Alternative Name - email address used when the certificate was purchased.
- Key Usage - indicates whether this is a Signature certificate or an Encipherment certificate.
5.Click OK.
6. To exit the Tools windows, click Close and then click OK.

1. From Windows, click on Start - Run - then type in MMC. 2. From File menu, click Add/Remove Snap-in. 3. Click on Add from the popup window that appears. 4. Select Certificates from the Snap-in list and click Add. 5. Select My User Account and click on the Finish button. 6. Press Close and then OK. 7. Expand the Certificates – Current User by clicking on the + symbol. - If there are any certificates issued under Certificate Enrollment Requests, this means that the PC in use is the same PC that was used to apply for digital certificates and hence you can download that certificate, otherwise, got to the Personal. - If there are any certificates in Personal that means a certificate is already installed on that PC. Note: All certificate details will appear on the right side of the window.

If you delete your Web browser you also delete the Digital Certificate. You will need to apply for a new one. If the Microsoft Internet Explorer copies were removed by deleting the application and its directory, the file containing the private key associated with the digital certificates got deleted. Without the private key the Certificate cannot be installed. In general you should export your certificate (back it up) before upgrading or uninstalling your browser/email client.

It is important to save a backup copy of your Digital Certificate on an external disk drive, in case your hard drive crashes or your digital certificate files are accidently delete. If you store a backup copy of your certificate on an external disk drive in a secure place, you will always be able to reinstall your certificate. If you lose your digital certificate and it is not backed-up, then you will lose any messages that have been encrypted for you.

Microsoft Internet Explorer (7.0 or later):

1. Start Internet Explorer, select Tools - Internet Options - Content -Certificates.

2. From the Personal tab, select the desired certificate and click on Export

3. Follow the Certificate Manager Import Wizard
a. Select the Yes, export with private key option
i. Note: Default is set to No, which will need to be changed.

b. Click on include all certificates in the certification path if possible

Type a password (that you can remember later) to encrypt the private key.

4. Select the drive and give the file a name.

5. Click Next then Finish.

Microsoft Internet Explorer (7.0 or later):
1. From the Tools menu, click Internet Options.
2. From the Content tab, click Certificates
3. From the Personal tab, select the desired certificate.
4. Click the Import button.
5. Follow the Certificate Manager Import Wizard and
a. Browse and choose the certificate to be imported
b. Enter the password to access the file when prompted
c. Check both the Enable strong private key protection and Mark the private key as exportable options
6. Upon finishing the Import Wizard, you will be prompted for the Security level of the Private Key Container, it is highly recommended to set it to HIGH
a. Choose Create a new password for this item
b. Enter Password for (example: Bob) and set your Password
c. Enter the Password that you have just assigned
d. Please note that the Remember password option is NOT recommend
7. Click finish and then click OK.

To remove your Digital ID and key files from your machine, please do the following:
Microsoft Internet Explorer (7.0 or later):
1. From the Tools menu, click Internet Options.
2. From the Content tab, click Certificates.
3. From the Personal tab, select the desired certificate.
4. Click the Remove button.
5. Click finish and then click OK.

Before you purchase an SSL Certificate, you need to generate a Certificate Signing Request (CSR) for the server where the certificate will be installed. Select CSR generation instructions for your server software. If your server is not listed or you need additional information, refer to your server documentation or contact your server vendor. If you do not know what software your server uses, contact your technical support. A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process:
- Select Administrative Tools
- Start Internet Services Manager

- Open the properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting Properties from the menu .Open Directory Security by right clicking on the Directory Security tab

- Click Server Certificate. The following Wizard will appear:

- Click Create a new certificate and click Next.

- Select Prepare the request and click Next.

- Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records only. If your server is 40 bit enabled, you will generate a 512 bit key. If your server is 128 bit you can generate up to 1024 bit keys. We recommend you stay with the default of 1024 bit key if the option is available. Click Next

- Enter Organization and Organization Unit, these are your company name and department respectively. Click Next

- The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, a Basic SSL Certificate issued for Networking4allgroup.com will not be valid for secure Networking4allgroup.com. If the web address to be used for SSL is secure.Networking4allgroup.com, ensure that the common name submitted in the CSR is secure.Networking4allgroup.com. Click Next

- Enter your country, state and city. Click Next.

- Enter a filename and location to save your CSR. You will need this CSR to enroll for your IIS SSL Certificate. Click Next

- Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be "Issued To". Your IIS SSL Certificate will only work on this domain. Click Next when you are happy the details are absolutely correct.
When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form including
-----BEGIN CERTIFICATE REQUEST-----
to
-----END CERTIFICATE REQUEST-----
- Click Next
- Confirm your details in the enrollment form
- Finish

Requests will only be processed from Sunday to Thursday between the times of 7:00 am till 3:00 pm.
PKI Support is available 24hrs a day / 7 days a week and can be reached by email at pkihelp@eim.ae or by telephone at 8002900.

Currently only Internet Explorer (IE 3.0+) and Netscape are supported.

If you have not backed up your Digital Certificate, then it is lost and you will have to re-apply for a new one.

You can download your digital certificate from the link below using your reference number:
Demo Certificate link:
https://comtrust.etisalat.ae/enrollment/app/general/Cert?codeId=XYZ&type=Demo
User Certificate link:
https://comtrust.etisalat.ae/enrollment/app/general/User
Business User Certificate link:
https://comtrust.etisalat.ae/enrollment/app/general/Cert?codeId=YYZ&type=Business%20User
SSL Server Certificate link:
https://comtrust.etisalat.ae/enrollment/app/general/Cert?codeId=YYY&save=1&type=Server
**Please make sure that you initiate the download from the same web browser running on the same computer that was used when the request was made.

Requests will only be processed from Sunday to Thursday between the times of 7:00 am till 3:00 pm.
PKI Support is available 24hrs a day / 7 days a week and can be reached by email at pkihelp@eim.ae or by telephone at 8002900.

Kindly use the same password that has been entered while exporting the certificate private key if it doesn't works then you have to apply for new certificate.

Kindly allow the add-on that is appearing on top of the page

Please follow the procedure given below for Internet Explorer settings
1- Open Internet Explorer, click Tools then click the Security Tab, select the Trusted Sites option in the text area. Kindly add the Comtrust site to the list of Trusted Sites

2- Click Custom Level Button & enable all ActiveX settings listed

3- Close all opened Internet Explorer windows and re-open Internet Explorer & fill up the application form and submit your application.

This product is an SSL Web Server certificate that conveniently allows you to secure multiple sub domains on one domain on the same server using *.domain.com pattern for the common name.

'No'. Etisalat is keen to provide this feature as soon as possible.

https://comtrust.etisalat.ae/enrollment/app/general/Seal

Yes

No. Etisalat is keen to provide this feature as soon as possible.

Etisalat provide standard SSL certificates. These certificates must be compatible with all vendors who have X.509 certificates implementation. Customer should consult with exchange vendor or online documentation for certificate installation.

Key length '1024' and higher is supported only.

A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process:
Generate keys and Certificate Signing Request:
- Select Administrative Tools
- Start Internet Services Manager

- Open the properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting Properties from the menu
- Open Directory Security by right clicking on the Directory Security tab

- Click Server Certificate. The following Wizard will appear:

- Click Create a new certificate and click Next

- Select Prepare the request and click Next.

- Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records only.
- We recommend you stay with the default of 1024 bit key if the option is available. Click Next

- Enter Organization and Organization Unit, these are your company name and department respectively. Click Next.

- The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, a Basic SSL Certificate issued for Networking4allgroup.com will not be valid for secure.Networking4allgroup.com. If the web address to be used for SSL is secure.Networking4allgroup.com, ensure that the common name submitted in the CSR is secure.Networking4allgroup.com. Click Next.

- Enter your country, state and city. Click Next.

- Enter a filename and location to save your CSR. You will need this CSR to enroll for your IIS SSL Certificate. Click Next

- Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be "Issued To". Your IIS SSL Certificate will only work on this domain. Click Next when you are happy the details are absolutely correct.
- When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including
-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----
- Click Next
- Confirm your details in the enrollment form
- Finish
To save your private key:
- Go to: Certificates snap in in the MMC
- Select Requests
- Select All tasks
- Select Export
We recommend that you make a note of your password and backup your key as these are known only to you, so if you loose them we can't help! A floppy diskette or other removable media is recommended for your backup files.

- Open Internet Services Manager, or the custom MMC containing the Internet Information Services snap-in.

- Expand Internet Information Services (if needed) and browse to the Web site you have a pending certificate request on.

- Right-click on the site and then click Properties.
- Click the Directory Security tab.

- Under the Secure Communications section, click Server Certificate.
On the Web Server Certificate Wizard, click Next

- Choose to Process the Pending Request and Install the Certificate. Click Next.

- Type in the location of the certificate response file (you may also browse to the file), and then click Next.

- Choose which SSL port the webserver will use (default is 443) and click Next.

You will see a confirmation screen. After reading this information, click Next.

You now have an SSL server certificate installed. You may want to test the Web site to ensure that everything is working correctly. Be sure to use https:// when you test connectivity to the site.

1- Click Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
2- Click on the server name.
3- From the center menu, double-click the "Server Certificates" button in the "Security" section (it is near the bottom of the menu

4- Next, from the "Actions" menu (on the right), click on "Create Certificate Request." This will open the Request Certificate wizard.

5- In the "Distinguished Name Properties" window, enter the information as follows:
Common Name - The name through which the certificate will be accessed (usually the fully-qualified domain name, e.g., www.domain.com or mail.domain.com).
Organization - The legally registered name of your organization/company.
Organizational unit - The name of your department within the organization (frequently this entry will be listed as "IT," "Web Security," or is simply left blank). City/locality - The city in which your organization is located.
State/province - The state in which your organization is located.
Country/region - Country

6- Click Next.
7- In the "Cryptographic Service Provider Properties" window, leave both settings at their defaults (Microsoft RSA SChannel and 1024) and then click next.

8- Enter a filename for your CSR file.
Remember the filename that you choose and the location to which you save it. You will need to open this file as a text file and copy the entire body of it (including the Begin and End Certificate Request tags) into the online order process when prompted.

9- Click Finish. Your new CSR is now contained within the file c:\certreq.txt
NOTE: - When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including
-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----

After you download Etisalat Certificate you will first need to install it to the server from which the certificate request was generated. Installation:
1. Open the .p7b file containing your certificate. Save the file named your_domain_name.cer to the desktop of the web server you are securing.
2. Click on Start, then Administrative Tools, then Internet Information Services (IIS) Manager.
3. Click on the server name.
4. From the center menu, double-click the "Server Certificates" button in the "Security" section (near the bottom of the menu).

5. From the "Actions" menu (on the right), click on "Complete Certificate Request." This will open the Complete Certificate Request wizard.

6. Browse to your_domain_name.cer file that was provided to you by Etisalat. You will then be required to enter a friendly name. The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate.

7. Clicking "OK" will install the certificate to the server.
Note: There is a known issue in IIS 7 giving the following error: "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." You may also receive a message stating "ASN1 bad tag value met". If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press "F5" to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR. Once the SSL certificate has been successfully installed to the server, you will need to assign that certificate to the appropriate website using IIS.
8. From the "Connections" menu in the main Internet Information Services (IIS) Manager window, select the name of the server to which the certificate was installed.
9. Under "Sites," select the site to be secured with SSL.
10. From the "Actions" menu (on the right), click on "Bindings." This will open the "Site Bindings" window.

11. In the "Site Bindings" window, click "Add..." This will open the "Add Site Binding" window.

12. Under "Type" choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The "SSL Certificate" field should specify the certificate that was installed in step 7.

13. Click "OK."

14. Your SSL certificate is now installed, and the website configured to accept secure connections.

Export Procedure:-
1. Start > Run
2. Type in MMC and click OK
3. Go into the File Tab > select Add/Remove Snap-in
4. Click on Certificates and click on Add.
5. Select Computer Account > Click Next
6. Select Local Computer > Click Finish
7. Click OK to close the Add/Remove Snap-in window.
8. Double click on Certificates (Local Computer) in the center window.
9. Double click on the Personal folder, and then on Certificates.
10. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
11. Follow the Certificate Export Wizard to backup your certificate to a .pfx file.
12. Choose to 'Yes, export the private key'
13. Choose to "Include all certificates in certificate path if possible." (do NOT select the delete Private Key option)
14. Enter a password you will remember
15. Choose to save file on a set location
16. Finish
17. You will receive a message > "The export was successful." > Click OK
18. The .pfx file backup is now saved in the location you selected.
Import Procedure:-
1. Start > Run
2. Type in MMC and click OK
3. Go into the File Tab > select Add/Remove Snap-in
4. Click on Certificates and click on Add.
5. Select Computer Account > Click Next
6. Select Local Computer > Click Finish
7. Click OK to close the Add/Remove Snap-in window.
8. Double click on Certificates (Local Computer) in the center window.
9. Right click on the Personal Certificates Store (folder)
10. Choose > ALL TASKS > Import
11. Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. You will need to browse for .pfx files.
12. Enter the password that was used when exporting the certificate to a .pfx file.
13. If desired, check the box to "Mark this key as exportable."
14. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
15. Click Finish to close the certificate wizard.
16. Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.