Nowadays, as more and more procedures in India are involving possession of Digital Certificate, people in India often feel confused as to what exactly this new sort of “signature” is! They wonder about how to get a digital certificate in India. So, this morning I decided to sit down for an hour and write this tell-all tale of Digital Certificate.
Well, just like your signature is a unique entity that identifies you, a digital signature is nothing but a measure to uniquely identify a person, organization or computer etc.
But digital certificate is not something you write with a pen –it is simply a computer readable file which typically contains the following information:
Name of the Holder: Name of the person or organization to whom the certificate belongs.
Signature of the Certifying Authority (CA) : Yes! Your digital signature actually contains another signature. This signature is that of the CA (I will explain CA a bit later)
Serial Number: A number that uniquely identifies your Digital Certificate.
Valid from date: The date when Digital Certificate was issued.
Valid to date: The expiry date of the Digital Certificate
Public Key: This is YOUR actual signature.
Encryption Algorithm: The algo that was used to create the Digital certificate.
Now I can imagine you saying, “Give me a break! I am confused! Tell me in plain English” … Alright! the above given information was necessary to set the background. Now, let me try to explain all this in simpler terms.
A Certifying Authority is an organization that has the power to issue, revoke and renew Digital Certificates to others. There are numerous such organizations all over the world.
At present, in India, the status of CA has been given to:
- Tata Consultancy Services (TCS),
- SafeScrypt,
- IDRBT,
- National Informatics Center (NIC),
- (n)Code and
- e-Mudhra
So, in India, only these organizations can issue Digital Signature Certificates.
Controller of Certifying Authorities (CCA) is a Government of India agency that has the power to appoint and remove CAs. CCA holds the Root Certificate in India. Root Certificate is the highest digital certificate that is used to sign all other certificates in the hierarchy. With Root Certificate, CCA signs Digital Certificates of all the CAs that it appoints. Then CAs sign your Digital Certificate with their own certificate.
CCA (posses Root Certificate) > CA (posses CA Certificate signed by Root Certificate) > User (apply for and get digital certificate signed by CA Certificate)
Not necessarily. Above mentioned CAs have authorized many other companies to issue Digital Certificates on their behalf. Following is the list of some of the companies. You can go to their website to get your Digital Certificate.
This list is incomplete. If you know more companies that issue Digital Certificates, please let me know.
A Digital Certificate is not a paper certificate. It is a computer file which can be downloaded, uploaded, copied, deleted or emailed just like any other computer file.
The certificate issuing company usually gives you two options for getting your Digital Certificate. One, they can email the certificate as attachment. Then you can download this attachment. Two, they can give the certificate in a pen-drive.
Digital Certificates are used for various purposes. Depending upon these purposes, certificates have been classified into three classes, namely, Class 1, 2 and 3. These three classes have been further divided into seven sub-classes. You should get certificate of the class that serves your purpose. Let’s see which class serves which purpose.
- Class 1: Issued to individuals. Used for
- Secure email messages
- Class 2a: Issued to individuals. Used for
- Signing web based forms
- Client authentication
- Secure email messages
- Other low Risk Transactions
- Class 2b: Issued to Enterprises / Government Organizations or Agencies. Used for:
- Signing web based forms
- Client authentication
- Secure email messages
- Other low Risk Transactions
- Class 3a: Issued to individuals. Used for:
- VPN user
- Code Signing
- Signing web based forms
- Client authentication
- Secure email messages
- Class 3b: Issued to Enterprises / Government Organizations or Agencies. Used for:
- VPN user
- Code Signing
- Signing web based forms
- Client authentication
- Secure email messages
- Class 3c: Issued to Individual / Enterprises / Government Organizations or Agencies. Used for:
- SSL server authentication
- Class 3d: Issued to Individual / Enterprises / Government Organizations or Agencies. Used for:
- VPN device authentication
Digital Signature Certificates are valid either for one year or two year. You can choose which duration you want. Two year duration is more expensive than one year duration. After the validity period is over, you would need to renew certificate, if you need it any further.
Recently, I purchased a Class 2 certificate for Rs. 800 (about US $12). Class 1 certificates are cheaper than this and Class 3 certificates are more expensive (close to Rs. 2000, at present)
Yes, they can! If you give incomplete or wrong information in your application form –the issuing company may refuse to issue you a certificate.
No. Every vender all over the world uses their own classification of certificates. For example, Verisign, a Certifying Authority in USA, uses five class model. They have classified all the certificates they issue in five classes. In India, however, three classes are used.
Class 2 certificate is commonly used for electronically filing (e-filing) tax returns in India. Chartered Accountants who file return on your behalf can apply for and get DSC for you.
Thank you for this useful information. Being an ICT teacher, I am very interested in new and current technology updates and information.