FAQs

Get all the questions you have related to Digital Signatures answered in this section. This section addresses all your queries regarding DSC, their applicability and usage, procurement and regulatory implications in an easy-to-find categorized Q&A format

FAQ- Digital Signature Certificate Management

Download

How do I install Root Certificates?

Currently, eMudhra handles installation of all certificates (Root, CA and your Digital Signature Certificate) during download of digital signature certificate.

Once I enter the credentials I’m getting the error “Credentials are not valid”

Double check your email and ensure correct entry of credentials in the download Digital Signature Certificate (DSC) page. If the problem persists, Please send an email to info@emudhra.mu.

I have not received the mails regarding the user ID/application ID and challenge code to download the DSC

If the email containing DSC download credentials is not received from eMudhra, then please send an email to info@emudhra.mu.

What are the pre-requisites/requirements before downloading the DSC
  • System requirement are Windows XP, Vista and 7.
  • The download process should be carried out in the administer privilege system.
  • Windows firewall and antivirus should be turned off.
  • The recommended browsers to download the digital signature certificate are Internet Explorer V6 and above.
Clicking “Install” button during DSC download does not prompt any POP UP message

Check in the same page whether you are getting a pop up message in the status bar to run the active X control, right click on the POP UP message and run the add-ons to get the active X control to install. If not, ensure that you are logged-in with 'Administrator privileges' and 'ActiveX' controls are enabled in the Internet Explorer (IE). To enable Active X please follow the below steps given:

  • Open 'Internet Explorer' > go to Tools > Internet Options > Security
  • Click "trusted sites" to add our website, change the Security Settings to "Medium"
  • Click "Custom Level" Button.
  • Enable the "Download Signed ActiveX controls" option
  • Enable the "Run ActiveX controls and Plug-in" option
  • Enable the "Script ActiveX controls marked safe for scripting" option
  • Enable the "Download unsigned ActiveX controls" option
  • Enable the “Initialize and script not marked as safe for scripting”

If all the settings are enabled and you have administrator rights then active x control should get downloaded on your machine, to proceed further, enable the continue button.

No option to choose from in the Cryptographic Service Provider (CSP) drop down box
  • Check whether the crypto token drivers have been installed properly. If yes, check in the status bar whether you are getting POP UP for the Microsoft add-ons to be installed. If yes, right click and run the add-on.
  • If you do not have Visual Basic Scripts installed, the VB script will not identify the contents of the Cryptographic Service Provider (CSP) list in the Internet Explorer and your browser will not be able to provide that information and hence the CSP drop box will be empty. In order to get the option to choose the CSP you have to enable scripting in the browser by following steps:
    • Tools > Internet Options > advanced and enable all boxes relating to scripting.
    • Tools > Internet Options > Security > Custom Level > enable active X control.
In the DN details page, once I confirm all the details I’m getting the error “Error occurred while key pair generation (-2146893792)”

Once you reach DN details confirmation page, a pop up message like “Internet needs to run the Microsoft certificate enrolment add-on to be run, run if you trust this website”, right click on the pop message and click on run add-ons to add that particular add-on to the IE for generating the key pair. If ignored, the above stated message will be displayed.

I’m getting the enrollment error when I click on continue button to download the DSC “certenroll:: cx509Enrollment:_CreateRequest: Or CertEnroll:: CX500DistinguishedName::Encode”:
    Ensure that 'ActiveX' controls are enabled in the Internet Explorer. To enable Active X please follow the below steps given:
  • Open 'Internet Explorer' > go to Tools > Internet Options > Security
  • Click "Trusted sites" and click on trusted sites to add our website, change the Security Settings to "Medium"
  • Click "Custom Level" Button
  • Enable the "Download Signed ActiveX controls" option
  • Enable the "Run ActiveX controls and Plug-in" option
  • Enable the "Script ActiveX controls marked safe for scripting" option
  • Enable the "Download unsigned ActiveX controls" option
  • Enable the “initialize and script not marked as safe for scripting” (mainly this should be enabled)
When I click on download certificate, certificate is not getting installed and the error as “certificate couldn’t be installed”

During the download of digital signature certificate on Operating Systems like Windows Vista and 7, the system should have trust chain certificates installed on IE. This is actually taken care during DSC download process but due to some reason, if trust chain is not installed properly, then the same can be downloaded from the eMudhra website (www.emudhra.mu) > quick links > CRLs & Root Certificate. The root certificate should be placed in the correct store of the windows as below:

  • CCA Mauritius 2012 certificate is the root certificate which should be placed in the trusted root certification authorities tab of the Windows store.
  • eMudhra Mauritius CA, eMudhra General Class Issuing CA are the trust chains which should be placed in intermediate certification authorities tab of the Windows store.
  • If CCA Mauritius 2012 certificate (which should be placed in the trusted root certification authority only) is placed in the intermediate certification authority you will receive the error massage as "This certificate cannot be verified up to a trusted certification authority" while viewing the certificate in the IE.
  • The above steps have to be done in the same system where you are planning to download the DSC for the first time.
  • After installing all the trust chain Please login with the same credentials to download the certificate.
How to enable ActiveX settings in different versions of Internet Explorer
  • Click on Tools > Internet options > Security > Trusted Site > Click on Sites button > Add emudhra.mu website (i.e., https://www.emudhra.mu) and click on Close button.
  • Click on custom level to set the active X control as per the below IE versions:

IE 6.0 Settings:-

IE 7.0 Settings:-

  • IE 8.0 Settings:-

  • IE 9.0 Settings:-

  • Revocation

    Some of the details in my Digital Signature Certificate are incorrect. Can these be corrected?

    No, details cannot be changed. You need to revoke the current certificate and apply for a new one.

    eMudhra provides a facility to check for the correctness of your details just before downloading of the digital signature certificate. If you are not satisfied with your details displayed, you can reject the application.

    What is Digital Signature Certificate Revocation?

    A Digital Signature Certificate can be revoked under circumstances such as the following

    • Users suspect compromise of certificate private key
    • Change of personal data
    • Change of relationship with the organization
    How do I revoke my current Digital Signature Certificate, and how long does it take?

    Revocation of Certificates can be done either directly online by visiting www.eMudhra.mu portal or by contacting Local Agent (LA) directly. The revocation request will be processed within two working days from the receipt date.

    Can someone other than the subscriber revoke a certificate?

    No, revocation is restricted to:

    • The Subscriber in whose name the certificate has been issued
    • A duly authorized representative of the subscriber
    • Authorized personnel of eMudhra CA / LA / RA when the subscriber has breached the agreement, regulation, or law that may be in force
    Where can I check whether my eMudhra Digital Signature Certificate is revoked or not?

    Users can check the status of revocation request from the Certificate Revocation List published in the www.eMudhra.mu website.

    How can I renew my Digital Signature Certificate?

    You have to contact Registration Authority i.e. Mauritius Post for Renewal of your Digital Signature Certificate.

    Protection and Recovery

    How do I protect my Digital Signature Certificate/Private key?
    • Protect your computer from unauthorized access by keeping it physically secure
    • Use access control products or operating system protection features (such as a system password)
    • Always protect your private key with a good password
    I have lost the USB Token containing my certificate and cryptographic keys. What do I do?

    Please contact your Registration Authority immediately to get your certificate revoked to avoid unauthorized access to it.

    Will I lose my Digital Signature Certificate if my hard drive is formatted or crashed?

    No. Your digital signature certificate is actually stored on your crypto token.