Frequently_asked_Questions


Click here to view glossary of items


Why use a Certification Authority for public key distribution?

If a colleague sends you their public key over the network, you could not be certain it was from them. A hacker could have sent you an email with a public key in it saying it was from your colleague. But the public key could actually be the hacker�s. Certification Authorities solve this problem by acting as a trusted third party. They essentially create an electronic document containing the public key with its "owners" name and digitally sign it.

Why should I choose IDRBT CA as my Certifying Authority?

IDRBT, an autonomous institution established by Reserve bank of India (RBI), is the Certifying Authority in India licensed by the Controller of Certification Authorities (CCA).  The licensing of IDRBT CA by CCA is an indication to the public that it has met the stringent regulatory requirements established by the Controller.

For more information on the regulatory requirement of a licensed CA, please visit http://cca.gov.in/

Why do I need a digital certificate?

There are many certificate-enabled applications such as online banking, Structured Financial Messaging Systems (SFMS), Public Debt Office-Negotiable Dealing System (PDO NDS), Electronic Data interchange (EDI), Electronic Fund Transfer (EFT), Secure Electronic mail, etc. To access these applications securely, you will need to have a digital certificate.  

Who is eligible for a digital certificate from IDRBT CA ?

IDRBT CA offers Certification Services for the employees of Banks and Financial Institutions , Servers used for various bank applications and to Government Organisations who are the members of the Indian Financial Network (INFINET).

What is the essential requirement for getting a digital certificate?

For obtaining a digital certificate from IDRBT CA , the first and foremost thing is that you must be a member of INFINET.

How do I get a private and public key?

An appropriately trusted program on your computer or server or cryptographic hardware device usually generates a pair of keys. The public key will be submitted to IDRBT CA along with the request for a digital certificate.

What does IDRBT CA do with my public key?

The certificate request of the subscriber is verified by the Registration Authority and forwarded to IDRBT CA office.  IDRBT CA makes further checks and once satisfied creates a digital certificate. The certificate includes some of the information the user supplied and the user�s public key. The issued digital certificate can be downloaded from IDRBT CA's website.

What information is contained within a IDRBT CA digital certificate?

The following specifies the information contained within a personal and corporate IDRBT CA digital certificate. A personal IDRBT CA Digital Certificate will contain information such as:

  • The subscriber�s name and Distinguished Name

  • The subscriber�s public key

  • Name and digital signature of the issuing Certificate Authority

  • Expiry date of the certificate

What are Class 1, Class 2, and Class 3 Certificates?

Digital certificates issued by IDRBT CA fall under the following Classes.  

  • Class 1 Certificate

  • Class 2 Certificate

  • Class 3 Certificate

Visit http://idbrtca.org.in/product.html for more details.

The Class 1 Certificates can be used for Secure Mail applications and for Digital Signatures. Class 2 Certificates can also be used for Digital Signature and Encryption of messages. Class 3 Certificates can be used for Digital Signature, Object Signing and Secure Server.

How can I register for an IDRBT CA Digital Certificate? 

To register for an IDRBT CA digital certificate, contact the Registration Authority operating under IDRBT CA. For more information about the Registration Authorities, visit http://idrbtca.org.in/ra.html. You are encouraged to download and fill in the application form and send to the nearest Registration Authority with the necessary details including the personal identification documents mentioned in the IDRBT CA CPS. You must apply in person with the required documents before the RA, if you are applying for Class 3 Certificates.

What is the time duration for the issuance of digital certificate?

If all the subscriber credentials are verified, the certificate will be issued at a maximum of five working days.


How are digital certificates used?

When you connect with a secure web server (e.g. by https://......) the server will present its certificate to your browser so it can check the certificates validity for you. Email programs use digital certificates to check the authenticity of digital signatures. Using another person�s digital certificate is how you scramble your email to them. (If you scramble it with public keys in their certificate, only that person can unscramble because they are the only ones with the matching private keys).

Certificate for Individual can be use for:

Email security:

To sign and encrypt your emails to ensure integrity, confidentiality, non-repudiation and privacy. You can use it with MS Outlook, Outlook Express and Netscape Messenger.

Verification:

To assure your intended readers that you are the genuine author of the electronic documents and the content has not been tampered with or corrupted in any way.


What storage medium does Certificates for Individual supports?

 We recommend hardware token like Smart Card to store the Certificates. You are advised to store your certificate in the browser, you will make arrangements for the security of your machine. You can also take your certificates in a media protected with a password.

Do I need a smart card or token?  

Smart cards, and other cryptographic tokens, are suitable for very secure applications. Smart cards and tokens have these features:

  • Key pair is generated on the card

  • The private key cannot be removed from the card

  • All scrambling and unscrambling done on the card by a specialised processor

  • Full support for 128 bit (or greater) scrambling and digital signing

  • Affordable.  

How will I know if my Certificate has expired?

Certificates issued by IDRBT CA are valid for one year. You may wish to take note of the expiry date of your Certificate and renew it prior to its expiry. The Registration Authority will notify in advance before the expiry of the certificate.

What is suspension and revocation of a digital certificate?

Suspension is the process of making a certificate to make it invalid temporarily. Revocation is the process of making a certificate to be invalid permanently. IDRBT CA provides a service that allows you to suspend or revoke your certificate. You would suspend a certificate if the certificate has been issued containing wrong or falsified information or payment for the certificate has not been made according to contractual agreement. You would revoke it when you were certain it was compromised. An organisation can also revoke a certificate e.g. when an employee leaves.

How do I revoke my Certificate?  

The application form for the Certificate revocation/suspension is available in the IDRBT CA repository. Apply online for a certificate revocation to the IDRBT CA. Your Digital Certificate will be revoked according to the IDRBT CA CPS.    

How do you know when a message is digitally signed?  

The email program you are using will tell you that a message has been digitally signed, who signed it, and whether the signature is valid.

How can my company ensure that my clients can have a 128-bit encryption strength on their browsers?

 

Companies that have applied for IDRBT CA�s Class 3 Server Certificate enjoy encryption strength of 128 bits. The encryption strength is dependent on the default of the browsers, i.e. IE and Netscape. Internet surfers who visit these sites are encouraged to upgrade their browsers to IE 5.0 with 128-bit High Encryption Pack or Netscape 4 to enjoy the same encryption strength.

 

If I were to upgrade my server, can I continue to make use of the initial certificate that was issued to my company?

 

Yes, this is possible as long as the server being used is the same.

However, if the company upgrades the hardware to a completely new server, the company would have to revoke the initial certificate and apply for a new certificate to secure the new server.

How do customers identify that my website is secured by IDRBT CA?

 

Companies with websites secured by IDRBT CA have the option of placing an IDRBT CA's security seal on their web pages. This seal will enable customers to validate the status of your IDRBT CA Class 3 Server Certificate.

 

Why do I experience a Security Alert message before entering IDRBT CA's secured site?

 

IDRBT CA�s Root Certificate was not pre-installed in the standard browsers' certificate store. Being licensed by CCA, our root keys are certified by CCA, Government of India. We encourage all to download IDRBT CA Root Certificate.