What is a Digital Certificate?
A Certificate contains your name, a serial number, expiration date, public key (used for encrypting messag es), digital signature and the digital signature of the Certificate-Issuing Authority so that a recipient can verify that the certificate is real
Why do I need a Digital Certificate?
What is a Digital Signature?
What does a digital signature look like?
-------BEGIN SIGNATURE------
I QB 1 Aw UB MVSiA5QYCuMfgNYjAQFAKgL/ZkBfbeNEsbthba4Blrcn jaqbcKgNv+a5kr4537y8RCd+RHm75yYh5xxA1ojELwNhhb7cltrp2V7LlOn Aelws4S87UX80cLBtBcN6AACf11qymC2h+Rb2j5SU+rmXWru+=QFMx
------END SIGNATURE------
What is Encryption?
What is SSL used for?
Short form for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Na viga tor and Internet Explorer support SSL. Many Websites use this protocol to obtain confidential user information, such as credit card numbers. By convention,Web pages that require an SSL connection start with https:
What is a Certification Authority?
A trusted third-party organization issues digital certificates that are used to create digital signatures and public-private key pairs . The role of the CA in this process is to validate that the individual granted the unique certificate is, in fact, who he or she claims to be. CAs are a critical component in data security and electronic commerce because they confirm identities of parties exchanging information.
What is CRL (Certificate Revocation Lists) used for?
Certificates have a specified lifetime, but CAs can reduce this lifetime by the process known as certificate revocation. The CA publishes a certificate revocation list (CRL) that lists certificates it considers no longer valid. The CA may also include in the CRL the reason why the certificate has been revoked. It also includes a date from which this change of status is understood to apply.
What does PKI used for?
The term public key infra structure (PKI) is us ed to describe the policies , standards, a nd software that regulate or manipulate certificates and public and private keys. In practice, PKI refers to a system of digital certificates, certification authorities (CAs), and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction
What are Public Keys & Private Keys used for?
Two keys—a public key and a private key, which are mathematically related—are used in public-key encryption. To contrast it with symmetric-key encryption, public-key encryption is also sometimes called asymmetric-key encryption. In public-key encryption, the public key can be passed freely between the parties or published in a public repository, but the related private key remains private. Data encrypted with the public key can be decrypted only using the private key. Data encrypted with the private key can be decrypted only using the public key.
Where can I apply for Digital Certificates?
A) Demo Certificate
https ://comtrust.etisalat.ae/enrollment/app/general/Demo
B) User Certificate
https ://comtrust.etisalat.ae/enrollment/app/general/User
C) Business User Certificate
(Login for existing customers only):
https ://comtrust.etisalat.ae/enrollment/app/Customer/Login
D) SSL Server Certificate
https://comtrust.etisalat.ae/enrollment/app/general/Server
How long does it take to process applications for Digital certificates?
Yes, except for DEMO user certificates
Do I need to come in person to submit the documentation required?
Yes, except for DEMO user certificates
What crypto graphic method should be chosen during enrollment?
If you donot have any specific requirements, just leave it to the default selection. The Cryptographic method provided is simply a set of libraries that are used to generate the key-pairs. (e.g., you can use the smart card libraries to create your keys on a smart card)
I completed the enrollment but I did not receive a response. How can I follow-up on the status of my application?
In general you should get an email describing the steps that should follow your enrollment. If a reference number is communicated to you, please note it down. You will be able to check status of your certificate using this reference number. Depending on the type of certificate you have applied for, the processing time will differ.If the specified period has elapsed then you can contact our Registration Authority (RA) team by sending an email to pkira@etisalat.ae for an update.
How do I verify if my Digital Certificate was installed correctly?
1. From the Tools menu, click Internet Options.
2. From the Content tab, click Certificates.
3. From the Personal tab, double-click the desired certificate.
4. Click the Details tab. Scroll to view the desired information.
The fields to note are:
- Valid To - certificate expiration date.
- Subject Alternative Name - email address used when the certificate was purchased.
- Key Usage - indicates whether this is a Signature certificate or an Encipherment certificate.
5.Click OK.
6. To exit the Tools windows, click Close and then click OK.
How do I verify if digital certificates exist or not on my PC?
How do I reinstall my Digital Certificate after upgrading or reinstalling Microsoft Internet Explorer?
If you delete your Web browser you also delete the Digital Certificate. You will need to apply for a new one. If the Microsoft Internet Explorer copies were removed by deleting the application and its directory, the file containing the private key associated with the digital certificates got deleted. Without the private key the Certificate cannot be installed. In general you should export your certificate (back it up) before upgrading or uninstalling your browser/email client.
Why should I save a backup copy of my Digital Certificate?
It is important to save a backup copy of your Digital Certificate on an external disk drive, in case your hard drive crashes or your digital certificate files are accidently delete. If you store a backup copy of your certificate on an external disk drive in a secure place, you will always be able to reinstall your certificate. If you lose your digital certificate and it is not backed-up, then you will lose any messages that have been encrypted for you.
How do I save a back up copy of my digital certificate?
Microsoft Internet Explorer (7.0 or later):
1. Start Internet Explorer, select Tools - Internet Options - Content -Certificates.
2. From the Personal tab, select the desired certificate and click on Export
3. Follow the Certificate Manager Import Wizard
a. Select the Yes, export with private key option
i. Note: Default is set to No, which will need to be changed.
b. Click on include all certificates in the certification path if possible
Type a password (that you can remember later) to encrypt the private key.
4. Select the drive and give the file a name.
5. Click Next then Finish.
How do I transfer a digital certificate on to my new computer from an external disk drive?
1. From the Tools menu, click Internet Options.
2. From the Content tab, click Certificates
3. From the Personal tab, select the desired certificate.
4. Click the Import button.
5. Follow the Certificate Manager Import Wizard and
a. Browse and choose the certificate to be imported
b. Enter the password to access the file when prompted
c. Check both the Enable strong private key protection and Mark the private key as exportable options
6. Upon finishing the Import Wizard, you will be prompted for the Security level of the Private Key Container, it is highly recommended to set it to HIGH
a. Choose Create a new password for this item
b. Enter Password for (example: Bob) and set your Password
c. Enter the Password that you have just assigned
d. Please note that the Remember password option is NOT recommend
7. Click finish and then click OK.
How do I delete/remove my Digital Certificate from my PC?
Microsoft Internet Explorer (7.0 or later):
1. From the Tools menu, click Internet Options.
2. From the Content tab, click Certificates.
3. From the Personal tab, select the desired certificate.
4. Click the Remove button.
5. Click finish and then click OK.
How to generate a Certificate Signing Request (CSR)?
Before you purchase an SSL Certificate, you need to generate a Certificate Signing Request (CSR) for the server where the certificate will be installed. Select CSR generation instructions for your server software. If your server is not listed or you need additional information, refer to your server documentation or contact your server vendor. If you do not know what software your server uses, contact your technical support. A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process:
- Select Administrative Tools
- Start Internet Services Manager
- Click Server Certificate. The following Wizard will appear:
- Click Create a new certificate and click Next.
- Select Prepare the request and click Next.
- Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records only. If your server is 40 bit enabled, you will generate a 512 bit key. If your server is 128 bit you can generate up to 1024 bit keys. We recommend you stay with the default of 1024 bit key if the option is available. Click Next
- Enter Organization and Organization Unit, these are your company name and department respectively. Click Next
- The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, a Basic SSL Certificate issued for Networking4allgroup.com will not be valid for secure Networking4allgroup.com. If the web address to be used for SSL is secure.Networking4allgroup.com, ensure that the common name submitted in the CSR is secure.Networking4allgroup.com. Click Next
- Enter your country, state and city. Click Next.
- Enter a filename and location to save your CSR. You will need this CSR to enroll for your IIS SSL Certificate. Click Next
- Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be "Issued To". Your IIS SSL Certificate will only work on this domain. Click Next when you are happy the details are absolutely correct.
When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form including
-----BEGIN CERTIFICATE REQUEST-----
to
-----END CERTIFICATE REQUEST-----
- Click Next
- Confirm your details in the enrollment form
- Finish
What are the normal business hours of operation?
PKI Support is available 24hrs a day / 7 days a week and can be reached by email at pkihelp@eim.ae or by telephone at 8002900.
What are the supported browsers for Digital Certificates?
What happens if the Digital Certificate is deleted or lost?
If you have not backed up your Digital Certificate, then it is lost and you will have to re-apply for a new one.
Where can I download the Digital Certificates from?
Demo Certificate link:
https://comtrust.etisalat.ae/enrollment/app/general/Cert?codeId=XYZ&type=Demo
User Certificate link:
https://comtrust.etisalat.ae/enrollment/app/general/User
Business User Certificate link:
https://comtrust.etisalat.ae/enrollment/app/general/Cert?codeId=YYZ&type=Business%20User
SSL Server Certificate link:
https://comtrust.etisalat.ae/enrollment/app/general/Cert?codeId=YYY&save=1&type=Server
**Please make sure that you initiate the download from the same web browser running on the same computer that was used when the request was made.