FAQs | Mauritius

Get all the questions you have related to Digital Signatures answered in this section. This section addresses all your queries regarding DSC, their applicability and usage, procurement and regulatory implications in an easy-to-find categorized Q&A format.

General

Digital Signatures and Certificates

What is a Digital Signature ?

Digital signature means authentication of any electronic record by an individual by means of an electronic method or procedure which features easy portability and non- repudiation.

What is a Digital Signature Certificate (DSC) ?

Digital signature certificates are digital equivalent of physical or paper certificates that serve as proof of identity of an individual for a certain purpose online.

Why do I need a digital signature certificate ?

To protect yourself against cyber crime attacks by authenticating your identity electronically. This provides user with secure, encrypted, non-repudiated online transactions.

Where can I purchase a digital signature certificate ?

Legally valid Digital Signature Certificates are issued only through a Controller of Certification Authorities (CCA), Mauritius, licensed Certification Authority (CA) i.e. eMudhra.

eMudhra, a Certification Authority (CA), offers valid digital signature certificates through its Registration Authority i.e. Mauritius Post.

Where can I use digital signature certificates ?

You can use Digital Signature Certificates for the following:

To send and receive digitally signed and encrypted emails. Click here to download guide for configuring digital signature certificate in the email client.
Perform secure web-based transactions, or to identify other participants of web-based transactions.
Signing documents like MS Word, MSExcel and PDFs.
Plays a critical role in creating a paperless office.

How does a Digital Signature Certificate work ?

A Digital Signature Certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, postal code, country, email address, the date the certificate was issued and the name of the Certifying Authority that issued it).

These keys complement each other where one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a token. The user retains control of the private key; it can only be used with the issued password.

The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Is Digital Signature Certificate legally valid in Mauritius ?

Subsequent to the enactment of ETA Act of Mauritius, Digital Signatures are legally valid in Mauritius.

What is the difference between a Digital Signature and a Digital Signature Certificate ?

A digital signature is an electronic method of signing an electronic document whereas a Digital Signature Certificate is a computer based electronic record that

Identifies the Certifying Authority issuing it
Has the name and other details that can identify the subscriber
Contains the subscriber's public key
Is digitally signed by the Certifying Authority issuing it
Is valid for either two Years or three Years

What is the difference between signing and encrypting an email ?

Signing establishes authenticity of an email message by attaching your Digital Certificate to the email, but it does not provide protection against third party monitoring.

Encrypting scrambles a message in such a way that only the designated recipients can unscramble it. This safeguards messages against monitoring or interception. For encrypting message, recipient?s public key certificate is required and for decrypting message recipient will use his private key.

Can I send a secure email to someone who does not have a Digital Certificate ?

You can digitally sign any email as long as the recipient has an email application, which supports S/MIME. However, you cannot encrypt a message, unless you have the recipient's Digital Certificate.

Digital Signature Certificate Usage

Can I use one digital signature certificate for multiple email addresses ?

No, you cannot. A digital signature certificate can have only one email address.

Can I use digital signature certificate in e-tendering systems ?

Digital signature certificates in e-tendering systems are allowed based on the service provider.

Can digital signature certificates be used in wireless networks ?

Yes, digital signature certificates can be employed in wireless networks.

Am I allowed to use one web server certificate (SSL) for more than one website ?

No. You will not be able to use one SSL certificate on different websites with different domain names because the certificate is explicitly associated with the exact host and domain name.

A wild card SSL certificate can be issued that can support different sub domains like abc.emudhra.com, def.emudhra.com etc.

Can I use DSC for sending digitally signed emails ?

Yes.Click here to download guide for configuring digital signature certificate in the email client.

Can I use DSC for digitally signing MS Word document ?

Yes. Click here to download guide for digital signature usage in MS Word.

Regulatory

What is a Certification Authority (CA) ?

A Certification Authority is a trusted agency whose central responsibility is to issue, revoke, renew and provide directories for Digital Signature Certificates.

What is a Registration Authority (RA) ?

A RA (Registration Authority) is an agent of the Certification Authority who collects the application forms and related documents for Digital Signature Certificates, verifies the information submitted and approves or rejects the application based on the results of the verification process.

What is the role of CCA ?

The ICT Authority, in the exercise of its statutory function as CCA, is the apex body of the Mauritian PKI.

The CCA certifies the public keys of CAs, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose, CCA operates, the Root Certification Authority of Mauritius.

Repository

What is a CRL ?

The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA, and are therefore no longer valid.

What is a CPS ?

The Certification Practice Statement (CPS) is a statement of the practices that a Certification Authority (CA) employs for issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its system's trustworthiness and the practices that it employs both in its operations and in its support of issuance of a certificate.

What is Subscriber Agreement ?

A Subscriber Agreement is an agreement between Subscriber and eMudhra CA stating that the subscriber will use the Digital Signature Certificate for the assigned use or objective and that the subscriber is solely responsible for the protection of the private key and ensuring functionality of the unique key pair. The subscriber also agrees through the Subscriber Agreement that all the information provided to eMudhra CA at the time of registration is accurate. In the event of any change in information, the subscriber is obliged to immediately inform eMudhra CA.

eMudhra CA is not responsible for any legal disputes arising due to misrepresentation on the part of the subscriber.

Registration and Application

How do I apply for a digital signature certificate through eMudhra ?

Users can submit their application to their nearest RA (Registration Authority) to obtain Digital Signature Certificate. eMudhra CA has tied up with Mauritius Post as RA which has wide reach in Mauritius.

What are the different steps involved in processing an application for a Digital Signature Certificate ?

Processing of Digital Signature Certificate Application comprises of just two steps:

Phase 1 - Application, Payment & Document Submission
Phase 2 - Download of the Digital Signature Certificate

Phase 1 - Application, Payment & Document Submission

You can download application form directly from this website: Click here OR Get the application from RA by making the payment and submit the necessary documents as specified in the application form to the Registration Authority i.e. Mauritius Post.

Phase 2 - Download of the Digital Signature Certificate

After successful verification of the application as well as supporting documents, eMudhra will send an email containing download credentials for Digital Signature Certificate. Logon to eMudhra portal and download digital signature certificate on to the token using the credentials.

Why do I need to submit documents for a Digital Signature Certificate ?

A Digital Signature Certificate has almost the same importance in the digital world as your Passport or Driving License does in the physical world. Therefore, all information displayed on your Digital Signature Certificate needs to be verified before issuance.

What are the documents I need to submit to get a Digital Signature Certificate ?

The following documents are required

For Individual

Attested copy of any one of the following as Identity Proof
- Telephone Bill
- Electricity Bill
- Water Bill
Attested copy of any one of the following as Address Proof
- Telephone Bill
- Electricity Bill
- Water Bill

For an Organization

In addition to the above documents, authorization letter in favor of the digital signature certificate applicant from the organization
Domain Name registration proof from the registrar of Domains (if applying for Server Certificate)

Do I have to be physically present for verification of identity when my application is being processed ?

Physical presence is mandatory for verification of applicants seeking Digital Signature Certificates.

What is the reason for refusal of my request for a Digital Signature Certificate ?

eMudhra follows stringent verification procedures as laid down by ICTA. Refusals to issue a Digital Signature Certificate are commonly due to incomplete application, information or wrong information.

Can I be sure that my confidential information will not be misused during enrollment for obtaining a Digital Signature Certificate ?

eMudhra has a strict policy on the use of applicant and customer information. eMudhra will not disclose such confidential information, except as required by the law.

I have submitted my application for Digital Signature Certificate, but now I have decided to cancel my request. Will I get a refund ?

No, the eMudhra CA does not provide any refund of fees paid for the digital signature certificates.

Digital Signature Certificate Management

Download

How do I install Root Certificates ?

Currently, eMudhra handles installation of all certificates (Root, CA and your Digital Signature Certificate) during download of digital signature certificate.

Once I enter the credentials I'm getting the error "Credentials are not valid".

Double check your email and ensure correct entry of credentials in the download Digital Signature Certificate (DSC) page. If the problem persists, Please send an email to info@emudhra.mu.

I have not received the mails regarding the user ID / application ID and challenge code to download the DSC.

If the email containing DSC download credentials is not received from eMudhra, then please send an email to info@emudhra.mu.

What are the pre-requisites / requirements before downloading the DSC ?

System requirement are Windows XP, Vista and 7.
The download process should be carried out in the administer privilege system.
Windows firewall and antivirus should be turned off.
The recommended browsers to download the digital signature certificate are Internet Explorer V6 and above.

Clicking "Install" button during DSC download does not prompt any POP UP message.

Check in the same page whether you are getting a pop up message in the status bar to run the active X control, right click on the POP UP message and run the add-ons to get the active X control to install. If not, ensure that you are logged-in with 'Administrator privileges' and 'ActiveX' controls are enabled in the Internet Explorer (IE). To enable Active X please follow the below steps given:

Open 'Internet Explorer' > go to Tools > Internet Options > Security
Click "trusted sites" to add our website, change the Security Settings to "Medium"
Click "Custom Level" Button.
Enable the "Download Signed ActiveX controls" option
Enable the "Run ActiveX controls and Plug-in" option
Enable the "Script ActiveX controls marked safe for scripting" option
Enable the "Download unsigned ActiveX controls" option
Enable the ?Initialize and script not marked as safe for scripting?

If all the settings are enabled and you have administrator rights then active x control should get downloaded on your machine, to proceed further, enable the continue button.

No option to choose from in the Cryptographic Service Provider (CSP) drop down box

Check whether the crypto token drivers have been installed properly. If yes, check in the status bar whether you are getting POP UP for the Microsoft add-ons to be installed. If yes, right click and run the add-on.
If you do not have Visual Basic Scripts installed, the VB script will not identify the contents of the Cryptographic Service Provider (CSP) list in the Internet Explorer and your browser will not be able to provide that information and hence the CSP drop box will be empty. In order to get the option to choose the CSP you have to enable scripting in the browser by following steps:
- Tools > Internet Options > advanced and enable all boxes relating to scripting.
- Tools > Internet Options > Security > Custom Level > enable active X control.

In the DN details page, once I confirm all the details I'm getting the error "Error occurred while key pair generation (-2146893792)".

Once you reach DN details confirmation page, a pop up message like "Internet needs to run the Microsoft certificate enrolment add-on to be run, run if you trust this website", right click on the pop message and click on run add-ons to add that particular add-on to the IE for generating the key pair. If ignored, the above stated message will be displayed.

I'm getting the enrollment error when I click on continue button to download the DSC "certenroll:: cx509Enrollment:_CreateRequest: Or CertEnroll:: CX500DistinguishedName::Encode":

Ensure that 'ActiveX' controls are enabled in the Internet Explorer. To enable Active X please follow the below steps given:

Open 'Internet Explorer' > go to Tools > Internet Options > Security
Click "Trusted sites" and click on trusted sites to add our website, change the Security Settings to "Medium"
Click "Custom Level" Button
Enable the "Download Signed ActiveX controls" option
Enable the "Run ActiveX controls and Plug-in" option
Enable the "Script ActiveX controls marked safe for scripting" option
Enable the "Download unsigned ActiveX controls" option
Enable the "initialize and script not marked as safe for scripting" (mainly this should be enabled)

When I click on download certificate, certificate is not getting installed and the error as ?certificate couldn?t be installed ?

During the download of digital signature certificate on Operating Systems like Windows Vista and 7, the system should have trust chain certificates installed on IE. This is actually taken care during DSC download process but due to some reason, if trust chain is not installed properly, then the same can be downloaded from the eMudhra website (www.emudhra.mu) > quick links > CRLs & Root Certificate. The root certificate should be placed in the correct store of the windows as below:

CCA Mauritius 2012 certificate is the root certificate which should be placed in the trusted root certification authorities tab of the Windows store.
eMudhra Mauritius CA, eMudhra General Class Issuing CA are the trust chains which should be placed in intermediate certification authorities tab of the Windows store.
If CCA Mauritius 2012 certificate (which should be placed in the trusted root certification authority only) is placed in the intermediate certification authority you will receive the error massage as "This certificate cannot be verified up to a trusted certification authority" while viewing the certificate in the IE.
The above steps have to be done in the same system where you are planning to download the DSC for the first time.
After installing all the trust chain Please login with the same credentials to download the certificate.

How to enable ActiveX settings in different versions of Internet Explorer

Click on Tools > Internet options > Security > Trusted Site > Click on Sites button > Add emudhra.mu website (i.e., https://www.emudhra.mu) and click on Close button.
Click on custom level to set the active X control as per the below IE versions:

IE 6.0 Settings:-

IE 7.0 Settings:-

IE 8.0 Settings:-

IE 9.0 Settings:-

Revocation

Some of the details in my Digital Signature Certificate are incorrect. Can these be corrected ?

No, details cannot be changed. You need to revoke the current certificate and apply for a new one.

eMudhra provides a facility to check for the correctness of your details just before downloading of the digital signature certificate. If you are not satisfied with your details displayed, you can reject the application.

What is Digital Signature Certificate Revocation ?

A Digital Signature Certificate can be revoked under circumstances such as the following

Users suspect compromise of certificate private key
Change of personal data
Change of relationship with the organization

How do I revoke my current Digital Signature Certificate, and how long does it take ?

Revocation of Certificates can be done either directly online by visiting www.eMudhra.mu portal or by contacting Local Agent (LA) directly. The revocation request will be processed within two working days from the receipt date.

Can someone other than the subscriber revoke a certificate ?

No, revocation is restricted to:

The Subscriber in whose name the certificate has been issued
A duly authorized representative of the subscriber
Authorized personnel of eMudhra CA / LA / RA when the subscriber has breached the agreement, regulation, or law that may be in force

Where can I check whether my eMudhra Digital Signature Certificate is revoked or not ?

Users can check the status of revocation request from the Certificate Revocation List published in the www.eMudhra.mu website.

How can I renew my Digital Signature Certificate ?

You have to contact Registration Authority i.e. Mauritius Post for Renewal of your Digital Signature Certificate.

Protection and Recovery

How do I protect my Digital Signature Certificate / Private key ?

Protect your computer from unauthorized access by keeping it physically secure
Use access control products or operating system protection features (such as a system password)
Always protect your private key with a good password

I have lost the USB Token containing my certificate and cryptographic keys. What do I do ?

Please contact your Registration Authority immediately to get your certificate revoked to avoid unauthorized access to it.

Will I lose my Digital Signature Certificate if my hard drive is formatted or crashed ?

No. Your digital signature certificate is actually stored on your crypto token.

Global Leader in Identity & Transaction Management Solutions