Contents
Is my web browser compatible with Chamber SimplySign certificates
What is a Digital Certificate?
What is a Root Certificate?
Where can I get the Trustis FPS Root Certificate?
How do Digital Certificates Work?
Who needs a Digital Certificate?
How do I get a Digital Certificate
How do I contact government departments that accept your certificates?
What details do I need to submit?
What guarantees do I have that my personal details will be used responsibly?
How long will the process take?
Why must I provide all the registration information?
What happens if my application details cannot be corroborated?
Can I be guaranteed that I will be issued a certificate?
When is the payment taken? Am I charged if I do not complete my application, or it fails?
Can I use a SimplySign certificate issued by Trustis for other purposes?
What security and assurance standards does Trustis use for Chamber SimplySign certificate services?
Which web browsers are supported for use with registration portal?
I have received an email after sending my request. What do I do next?
How do I collect my certificate?
I am using Internet Explorer and cannot see Microsoft Enhanced Cryptographic Provider v1.0. (CSP Error)
I am using Internet Explorer and receive an "Error D" when trying to download my certificate
I am trying to download my certificate and a warning message has popped up...
The web browser compatibility test shows a red cross next to one or more tests. What should I do?
Can I use my Chamber SimplySign Digital Certificate with Macintosh computers?
Am I able to install and use my Chamber SimplySign Digital Certificate if I work within a Citrix or virtual desktop environment?
What about Cookies?
Is my web browser compatible with Chamber SimplySign certificates?
To apply for, download and use a Chamber SimplySign certificate, your web browser must be capable of using strong encryption and scripting. Trustis has provided a simple web page to test your web browser’s capabilities here --> http://www.simplysign.co.uk/support/diagnostics
What is a Digital Certificate?
In simple terms, a Digital Certificate (or Digital ID as it is sometimes known) is the electronic commerce world's analogue of the passport. It is a credential issued by a trusted authority that binds you as an individual to an identity that can be recognised and verified electronically by other entities. It confers certain rights and obligations on you according to policies exercised by the Issuing Authority. Because it uses cryptographic technology, it provides you with the ability to digitally sign emails, documents or transactions, or to verify the signatures of others. It enables you to make emails, documents or transactions only readable by those that you designate.
In a real passport, various checks on you are made by a trusted representative of the Issuing Authority to ensure that you are who you say you are, and thus establish a binding between you as an individual and the paper document that declares your identity. In the digital certificate world, a trusted representative of the Issuing Authority must be satisfied that you are who you say you are, before a request is made to issue a digital certificate on your behalf.
Just as a government officially vouches for your identity when it issues you with a passport, a Digital Certificate Issuing Authority vouches for your identity (or an element thereof) when it issues you with a digital certificate. For example, an Issuing Authority which issues you a digital certificate for secure email is putting its name behind the claim that you are the holder of your e-mail address.
In a real passport, the methods used to ensure the integrity of the binding between you and the paper identity are such things as watermarks, seals, special paper and ink, etc. In the digital certificate world, the method used to ensure the integrity of the binding between an entity and its private key, is the digital signature of the Issuing Authority.
A root certificate is the self-signed digital certificate of the Root Certificate Authority – the Certificate Authority that provides the Trust Anchor in a Public Key Infrastructure. The public key in this root certificate is used to verify the digital signature of the Root Certificate Authority. The Root Certificate Authority's digital signature is present in all certificates that it issues (normally to Subordinate Issuing Authorities). Therefore, the root certificate can be used to verify the integrity of any certificate that the Root Certificate Authority signs. By downloading the root certificate, a user indicates trust in the Root Certificate Authority; consequently, this also indicates trust in the bindings that it creates between real identities and their corresponding digital certificates.
Where can I get the Trustis FPS Root Certificate?
The Trustis FPS Root Certificate is available for download here. You must have the Trustis FPS Root Certificate and the Chamber SimplySign Issuing Authority certificates installed before you can proceed to use your certificate online. Clicking on the link provided will do this for you. Alternatively, the Trustis FPS Root Certificate can be obtained through Microsoft Windows Update.
How do Digital Certificates Work?
One widely-used tool for privacy protection is what cryptographers call "symmetric" or "secret key" encryption, so named because a single, shared encryption key is used to both encrypt and to decrypt information. This key should obviously be kept secret from anyone not authorised to decrypt the information. Your logon password, your cash card PIN, and the information you provide to access your online bank accounts are all examples of secret keys. You share these secret keys only with the parties you want to communicate with, such as the bank or a credit card company. Your private information is then encrypted with this secret key, and it can only be decrypted by one of the parties holding that same key.
Despite its widespread use, this secret-key system has some serious limitations. As network communications proliferate, it becomes very cumbersome for users to create and remember different passwords for each situation. Moreover, the sharing of a secret key involves inherent risks. When you give your mother's maiden name over the telephone, how do you know you can trust the party on the other end of the line? Can you be sure it is really the credit card company you are talking to? Can you be sure nobody is maliciously listening in? If you give somebody your mother's maiden name and that person abuses it for their own gain, how can you prove you did not authorise their use?
Digital Certificate technology addresses these issues because it does not rely on the sharing of secret keys. Rather than using the same key to both encrypt and decrypt data, a Digital Certificate uses a matched pair of keys which complement one another. In other words, what is done by one key can only be undone by the other key in the pair. In this type of key-pair system, a user holds onto a "private key" and never gives it to anyone, while widely disseminating a "public key." Any information locked with the public key can only be unlocked by the corresponding private key, and vice versa. Since the public key alone does not provide access to communications, users do not need to worry about who may obtain this key.
For example, for the purposes of securing e-mail, key pairs can work in the following two ways:
You can digitally sign your e-mail by enclosing an electronic stamp constructed by using your private key. When your recipient gets your message, their computer checks this stamp to see if it can be decrypted using your public key. If successful, the recipient knows that the message can only have come from the holder of the private key.
Someone who wants to send you private e-mail can use your public key to encrypt the message. When you receive the e-mail, your computer determines if the public key used to encrypt the e-mail is a valid match for your private key. If the match is successful, the message gets decrypted and you can read it. Anyone who receives your e-mail but does not hold your private key will be unable to decrypt and read the message.
The only problem is in knowing for sure that the public key you're about to use, actually belongs to the person to whom you think it does. This is where the Digital Certificate comes in. As discussed in "What is a Digital Certificate?" a Digital Certificate binds a public key to an individual or organisation. That binding of a public key to an individual or organisation is certified by a trusted Issuing Authority.
A Digital Certificate makes it possible to verify someone's claim of rightful ownership of a given key, helping to prevent people from using counterfeit or stolen keys to impersonate other users. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.
Because a Digital Certificate uses and supplies us with the tools of cryptographic technology, it provides us with the ability to digitally sign documents or transactions, or to verify the signatures of others. It enables us to make documents or transactions only readable by those that we designate. Because Digital Certificates bind a public key to an individual or organisation, in a trusted manner, we can be sure of the identities behind these operations.
Who needs a Digital Certificate?
Anyone who wants to receive encrypted e-mail so they know nobody else can read it will need a Digital Certificate. Anyone who wants to digitally sign their e-mail so that recipients can feel confident it came from them will also need a Digital Certificate. The government gateway also allows users to sign communications over the web when dealing with government departments.
How do I get a Digital Certificate?
You may apply for a digital certificate as an individual by visiting www.simplysign.co.uk
To obtain a Digital Certificate, Apply Here to use the online Digital Certification Services.
How do I contact government departments that accept SimplySign certificates?
The following government departments accept Chamber SimplySign certificates and can be contacted as follows.
| HM Customs & Excise: | 0845 010 9000 |
| Inland Revenue: | 0845 605 5999 |
| E-IACS: | 0845 601 3482 |
What details do I need to submit?
The following details are required:
Full name
Title
Date of Birth
Place of birth (Town, County, Country)
Current home address
Contact Telephone number
Contact Email address
Optional details (which will help authorise you if the other information flags a query) are:
Driving licence number
Passport number
Passport expiry date
Electricity supply number
The more information you can provide, the better your chance of being verified quickly.
What guarantees do I have that my personal details will be used responsibly?
Please go here to see our Privacy Statement.
How long will the process take?
This depends on the accuracy of the information received and whether we have enough information in order to do an authorisation check. If all the information is corroborated via the electoral register, you should receive you certificate within two working days.
Why must I provide all the registration information?
Trustis must provide SimplySign certificates to standards prescribed by the Government Gateway. This includes confirming the details of the individual receiving a certificate. HM Government has established mechanisms for ensuring the identity of individuals. This is achieved by a process of corroboration and checking. The information you provide allows this process to be completed.
What happens if my application details cannot be corroborated?
If Trustis cannot satisfactorily complete registration with the initial information you provided, our registration staff may contact you. You will then be required to resubmit your application online or by post, supplying the additional evidence required.
Can I be guaranteed that I will be issued a certificate?
No. Whilst rare, it is possible that some individuals are unable to fulfil the standard required by HMG. In such a case, it is not possible for Trustis to issue a certificate
When is the payment taken? Am I charged if I do not complete my application, or it fails?
No payment is taken from your credit/debit card until your application for a Chamber SimplySign digital certificate has been successful.
Can I use a SimplySign certificate issued by Trustis for other purposes?
Although the primary purpose of the SimplySign certificate is for access to the Government Gateway, the certificate can also be used for other purposes, such as for signing emails, documents, or pdf files, as well as other Government Gateway services like submitting Tax returns. Please check the specific application to determine if a certificate can be used with it.
What security and assurance standards does Trustis use for Chamber SimplySign certificate services?
Trustis provides SimplySign certificates from specialist secure facilities. The facilities and services it provides are approved and/or externally audited to ISO 27001, tScheme and WebTrust standards. Trustis' SimplySign certificate service is compliant with the standards required by HMG for certificates used with the Government Gateway.
Which web browsers are supported for use with registration portal?
Currently, Trustis supports the following browsers and operating systems for use with the Chamber SimplySign Certificate Portal:
- Microsoft Windows 7 using Microsoft Internet Explorer (MSIE), version 8
- Microsoft Windows Vista using MSIE, version 7 and above
- Microsoft Windows XP using MSIE, version 6 and above
- Microsoft Windows operating systems using Mozilla Firefox, version 3.5 and above.
I have received an email after sending my request. What do I do next?
The email you receive will give details for collecting your certificate. Follow the link on the email in order to go the certificate collection location.
How do I collect my certificate?
Click on the link in the email you receive. You will require the shared secret which you created when you applied, along with the User-Id which you will be provided to you in the email.
This may be because you have not allowed ActiveX scripts to run or you have not configured your Trusted Sites setting. Please refer to the configuration guides according to your operating system - these can be found in the Online Help.
I am using Internet Explorer and receive an "Error D" when trying to download my certificate
This may be because your PC has not been configured correctly. Please refer to the configuration guides according to your operating system - these can be found in the Online Help.
This is a security message from the web browser. Choose Yes. This will allow the web site to run correctly.
The web browser compatibility test shows a red cross next to one or more tests. What should I do?
Have you followed the instructions for configuring your web browser? Go to the Online Help. If you have followed all of the instructions and are still receiving any red crosses, please contact Trustis support either through the Platinum Support phone number (if you have subscribed to this), or via the online support form here.
Can I use my Chamber SimplySign digital certificate with Macintosh computers?
You can obtain and use a Chamber SimplySign digital certificate using a Firefox browser on a Macintosh operating system. Trustis is, however, unable to provide support for certificates on platforms with Macintosh operating systems.
Services for which you require a Chamber SimplySign certificate may not support platforms with Macintosh operating systems. If you intend to use a Macintosh platform, you are advised to check with the service provider that it is suppported before making your certificate application.
It is possible to install and make use of a digital certificate within a Citrix or virtual desktop environment but it is dependent on how the environment has been setup. We recommend that you discuss this with your IT department before trying to configure your machine or install your certificate. If you do not, this could cause the installation to fail and you may be charged for a replacement certificate.
For users simply browsing our information website (www.simplysign.co.uk) we do not use cookies. We only use cookies that are strictly necessary for you to use one of our digital certificate services. The cookies support the technology we use to control and protect your interaction with us to help maintain the security standards to which we operate.
The Chamber SimplySign service uses cookies during the application and collection stages. Where cookies are used, they are only First Party Session cookies. This means that they are required only for the period of your interaction with our services and expire at the end of your session with us. We do not allow cookies from others, termed ‘Third Party Cookies’ and we do not use ‘Persistent Cookies’.
For the technically minded, session cookies are used as part of the Microsoft ASP technology we use. Some parts of our services require you to accept these cookies and our test pages indicate this and allow you to test that your browser is configured appropriately.
Further information on cookies can be found at:
http://www.allaboutcookies.org
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx