FAQ By Certificate Lifecycle (Learn)
Yes, you may submit forms for your IGC certificate request by email. Follow these steps:
- Take the Part 1 – Subscribing Organization Authorization Form to an organization officer to have it filled out, including signed by the organization officer.
- All fields must be filled in. Missing information will lead to the submission being rejected.
- Take the Part 2 – ID Form to a notary or Trusted Agent (TA) and present the accepted forms of identity required, either one valid federal ID (must be valid and contain a photo) or two valid state or local government IDs, one of which must contain a photo.
- All fields must be filled in. Missing information will lead to the submission being rejected.
- Sign the Part 2 form in the presence of the notary or TA.
- Have the notary or TA sign the Part 2 form.
- Scan the completed Part 1 and Part 2 forms and email to [email protected].
To avoid delays or rejection of the submission, confirm the following prior to electronic submission:
- All fields are filled in.
- All signatures are either handwritten or digital.
- Stamp signatures and electronic signatures (i.e. DocuSign) are not accepted.
- All information is legible.
The standard method of submitting original signature forms is also accepted. Originals may be mailed to:
IdenTrust Registration
5225 W. Wiley Post Way
Suite 450
Salt Lake City, UT 84116
IdenTrust does undergo an SSAE-18 SOC 2 Type II audit every year. However, since the detailed information in the audit report is company-confidential, we require an NDA to be in place.
An alternative that does not require an NDA:
As a Certificate Authority, IdenTrust undergoes a WebTrust for Certificate Authorities audit, and the attestation letter for this audit is publicly available without the need for an NDA. The WebTrust for CA audit examines not only the same general information security practices as the SOC 2 criteria does, but also certificate life cycle practices including proper handling of applicant information. The link for the WebTrust for CA audit is at the bottom of our home page. You may also be interested in examining our Privacy Policy.
To send and receive encrypted S/MIME email messages, users need to follow these simple steps:
- Obtain digital certificates: Both the sender and recipient must acquire S/MIME certificates from a trusted certificate authority such IdenTrust.
- Install certificates: Users need to install these certificates on their email clients, such as Outlook or Gmail.
- Exchange public keys: The sender's email client needs access to the recipient's public key certificate, usually obtained from a directory or trusted source.
- Compose and encrypt: When writing an email, the sender chooses to encrypt the message using S/MIME. Their email client uses the recipient's public key to encrypt the content.
- Send the message: The encrypted email is sent through normal channels. Receive and decrypt: The recipient's email client uses their private key to decrypt the message upon arrival.
Verify digital signatures: Recipients can also verify the sender's identity using the digital signature attached to the email.
It's important to note that both parties must have S/MIME set up for the encryption to work end-to-end. Additionally, organizations may need to configure their email servers and infrastructure to support S/MIME.For ongoing use, once the initial setup is complete, users can typically enable S/MIME encryption for all outgoing messages or choose to encrypt individual emails as needed
Yes - the "IdenTrust DST Root CA X3" root is expiring on 9/30/2021 has been replaced with the "IdenTrust Commercial Root CA 1" self-signed root which is also trusted by the major browsers and root stores since 1/16/2014. You may download the IdenTrust Commercial Root CA 1 at this link: Root Certificate Download.
If you have appliances that are not dynamically updating the root trust chain, they need to be manually updated with the self-signed "IdenTrust Commercial Root CA 1" which can be downloaded at this link: Root Certificate Download.
Browser compatibility will depend on the type of certificate and the operating system you are using.
| Software Certficates | Microsoft® Edge | Google® Chrome | Mozilla® Firefox | Android® OS |
|---|---|---|---|---|
| Certificates can be retrieved using these browsers | X | X | X | |
| Certificates can be imported to these browsers | X | X | X | X |
| Hardware Certificates | Microsoft® Edge | Google® Chrome | Mozilla® Firefox | Android® OS |
|---|---|---|---|---|
| Certificates can be retrieved using these browsers | X | X | X | |
| Certificates can be imported using these browsers | X | X | X |
| Software Certificates | Google® Chrome | Mozilla® Firefox | Apple® Safari | iOS (iPhone/iPad) |
|---|---|---|---|---|
| Certificates can be retrieved using these browsers | X | X | X | |
| Certificates can be imported using these browsers | Accessible Via Keychain | X | Accessible Via Keychain | X |
| Hardware Certificates | Google® Chrome | Mozilla® Firefox | Apple® Safari | iOS (iPhone/iPad) |
|---|---|---|---|---|
| Certificates can be retrieved using these browsers | X | X | X | |
| Certificates can be imported using these browsers | Accessible Via Keychain | X | Accessible Via Keychain |
| TLS/SSL Certificates Are Interoperable With: |
|---|
|
Account Password
The Account Password is created by you when the application is filled out online. This password is required to download your certificate and to access your account via the Certificate Management Center (CMC).
Within the CMC you can:
- Revoke your certificate
- Replace your certificate
- Renew your certificate
- Update your account information
- Update Account Password & security questions
The rules for creating your Account Password are:
- Account Password must be between 8-30 characters in length
- It can consist of letters, numbers and some special characters
- Cannot contain ( ) \ / " *.
- The Account Password is case sensitive (UPPER & lower case)
Certificate Password
The Certificate Password is created to protect the use of the certificate. Depending on the assurance level of your certificate, when your certificate is downloaded to your machine you may be prompted to create the private key password. This is referred to as the Certificate Password.
The Certificate Password is used each time the certificate is accessed:
- Signing emails
- Signing documents (Adobe, Word, Excel, etc..)
- Accessing a secure website
When creating your Certificate Password we recommend you use the following guidelines:
- Between 8-30 characters
- At least 1 lower case letter
- At least 1 upper case letter
- At least 1 special characters
- Create a Certificate Password that is not easily guessed, but something that you will not forget
A digital certificate is a form of ID, just like a Driver’s License or Passport. We need to verify your identity before we can approve your application and issue your certificate.
Here is a list of what you will need to provide:
• Two forms of approved, valid (unexpired) ID, one of which must be a photo ID. Examples include a Passport, Certificate of Naturalization, Drivers License or State ID, CAC Card, and U.S. issued Birth Certificate. View our PDF document Identity Verification Requirements DoD ECA Certificate Policy for details.
• The Headquarters' address for your organization.
• The name of the agency or agencies you will use your certificate to interact with.
• Voucher Number: The voucher code you have been provided.