How CPAC SSL Certificates digitally sign your documents?

Sectigo Personal Authentication Certificate lets you easily sign any valuable and critical personal or company document, therefore ensuring compliance with industry requirements of digitally signed documents. By digitally signing the document, you identify yourself as the authentic document signer and certify its integrity by proving that your document hasn’t been altered since it was signed. In this way, CPAC SSL Certificates help you migrate from ink & paper to digital workflows of contracts, sign-offs, request forms and other important company documents, working in tandem with or replacing the visible signature feature in Microsoft® products such as Microsoft Office Suite, Open Office Suite, VBA Macros and more.

Copy Link

How to Export a S/MIME / CPAC Certificate from Firefox?

To export a S/MIME certificate from firefox follow the instructions below:

  1. Open the Firefox browser and click the Options Menu button at the top-right corner, then select Settingssmime export
  2. Select Privacy & Security from the menu on the left
  3. On the Privacy & Security tab, scroll down to the Certificates section, and click View Certificates
  4. In the Certificate Manager window, select the Your Certificates tab, then select the certificate you wish to back up. Click Backupcertificate manager
  5. Your certificate will be exported to a PKCS12 file. To learn more about certificate formats, check our comprehensive SSL formats guide. Please create a name for this file and specify where you want to save it.save certificate
  6. Next, you must create a password to protect your PKCS12 file. Remember this password because you need it if you import the certificate into another browser or mail client.create password
  7. Click OK to export your Sectigo Personal Authentication certificate.success alert

Source: Sectigo’s Knowledge Base

Copy Link

How to Import and Export a CPAC Certificate on Mac OS X?

Follow the steps below to export your CPAC (which was already installed on Keychain into a PKCS12 file).

  1. Navigate to Applications > Utilities > Keychain Access
  2. In the Keychains options (on the left), select Login and click My certificates in the Category panel.keychain access
  3. Next, select the certificate you want to export ad click File then Export Items:export items
  4. Now, for the File Format, select Personal Information Exchange (.p12). Name it as you wish, and save it in a directory of your choice.file format
  5. Next, create a password for the exported file. It will be requested if/when you import the certificate into another browser/mail client or device.password
  6. Click OK. You have successfully exported your Sectigo Personal Authentication certificate.

Once you’ve exported the Email;/Personal Authentication certificate into P12 format, you can import it into a MAC OC using Keychain Access. To complete the process, follow the steps below:

  1.  Go to Applications > Utilities > Keychain Access
  2. In the Keychains panel on the left, select Login > File > Import Items…Import Items
  3.  Now, locate your saved certificate file and click Open.enter password

    Note: If prompted to trust certificates issued by your CA automatically, select the Always Trust option to trust and install your certificate.

  4.  You can view the installed certificate by clicking Category > My Certificates in the Keychain Access window.

Source: Sectigo’s Knowledge Base

Copy Link

How to install my CPAC Certificate?

You can install your Sectigo CPAC Certificate as soon as it has been issued to you.

Here are installation instructions for different browsers, email clients, and mobile devices provided by Sectigo:

Copy Link

How to reissue a CPAC Certificate?

Here are the steps that you need to do in order to reissue your Sectigo CPAC Certificate:

1) Login at https://secure.trust-provider.com/products/frontpage?area=ssl using the username and password that you used when you configured your Sectigo CPAC initially;
2) Once you are logged in, find the “Replace” button and click on it;
3) You will start the reissue process for your Sectigo CPAC SSL.
4) Follow the steps and instructions that come next, until you complete the Sectigo CPAC Certificate reissue.

Copy Link

What CPAC Certificate to choose – Basic, Pro, or Enterprise?

Sectigo Personal Authentication Certificates were designed for individuals and businesses who are looking at implementing the best web security practices, such as email & document encryption and user two-factor authentication. However, each CPAC SSL Certificate was designed to fit a particular need. Just like DV, BV, and EV SSL Certificates, CPAC SSL Certificates come with different validation requirements which enable certain certificate fields:

  • CPAC Basic – requires Domain Control and displays only your email in the SSL Certificate
  • CPAC Pro – requires Domain Control and Identity Verification in order to display your email, First and Last Name in the SSL Certificate
  • CPAC Enterprise – requires Domain Control, Identity Verification, and Organization Validation in order to display your email, First and Last Name, as well as Company Name and Address in the SSL Certificate.

Based on your actual needs, you can now decide which Sectigo Personal Authentication Certificate is the best option for you, providing you an enhanced web security of your business activity. 

For more info about validation requirements for each type of certificate, check this FAQ section.

Copy Link

Validation Requirements for Personal Authentication Certificates

You can order a Sectigo Personal Authentication Certificate (SPAC) for any valid email address. Below are the validation requirements for each type of Personal Authentication Certificate:

SPAC Basic

Validation requires a challenge-response from you, which is sent to the email address you provide. Once you have followed the instructions in the challenge email, the certificate is issued.

SPAC Pro

To obtain a SPAC Pro certificate, you need to complete the following steps:

  • Provide a government-issued photo ID such as; a driver’s license, passport, national ID card, or military ID. The name on the government-issued photo ID must match the name of the certificate. You must provide a legible and readable copy of the photo ID.
  • Verify your email address by responding to a challenge sent to the email address listed on the certificate.

After you complete the instructions in the challenge email, the certificate is issued.

SPAC Enterprise

Validation for an Enterprise requires the following:

  • Business Identity verification using a QIIS, QGIS, or QTIS document (the definitions of these acronyms are at the end of this FAQ).
  • Authenticating the identity of the applicant (listed as the admin contact on the order). The name on the government-issued photo ID (driver’s license, passport, national ID card, or military ID) must match the name of the admin contact. Sectigo requires applicants to provide a legible and readable copy of the photo ID.
  • Physical address verification via QIIS QGIS or QTIS document.
  • Order authentication via a callback process using the business telephone number included in a QIIS, QGIS, or QTIS document.

Once the above steps are completed, the certificate is issued.

Definitions:

QIIS stands for Qualified Independent Information Source – an up-to-date public database that provides reliable and accurate information for which it is consulted. Examples of QIIS are local phone directories or third-party commercial credit services such as Dun and Brandsheet.

QTIS (Qualified Tax Information Source) is a governmental database that contains tax information relating to Private Organizations, Business Entities, or Individuals. Employer Identification Number (EIN) is considered a QTIS.

QGIS stands for Qualified Government Information Source – a database maintained by a Government Entity that contains legal business registration, corporate filing, trademarks, and patents.

Source: Sectigo’s Knowledge Base

Copy Link

How CPAC SSL Certificates ensure user two-factor authentication?

 Sectigo Personal Authentication Certificate helps businesses reduce the risks and threats associated with using standard passwords by enabling the two-factor authentication of users. If you need a stronger guarantee that the person logging into your company network or account is your legitimate employee, CPAC SSL Certificates will allow you to secure your sensitive and private customer or corporate data by enabling the industry standard used by banks all over the world – two-factor authentication – seamlessly integrating the certificate as a second authentication element. In this way, you will protect your company access, including remote, from any hackers attempting to steal usernames and passwords. 

Copy Link

How CPAC SSL Certificates secure and encrypt your emails?

Sectigo Personal Authentication Certificates provide you the highest level of protection by enabling end-to-end encryption of your email communications. By signing and encrypting your outgoing email messages, you protect them from Man-in-the-Middle attacks, https proxies, or packet-sniffers, therefore your messages can’t be intercepted and decrypted by a malicious third party.

Encrypting Email Messages guarantees their privacy and integrity, while digitally signing the messages authenticates you as being the genuine sender. In this way, you will secure yourself and your business from accidental or fraudulent data exposures, privacy breaches, and other potential security threats associated with business communication.

Copy Link