Digital Sign has at your disposal a Customer Support and Support team (SAC) where we can assist you with any issues and problem solving.

New Digitalsign Certification Authority

New CA

DigitalSign is pleased to report that it has successfully completed the accreditation of new Certification Authorities for the issuance of Qualified Digital Certificates with the National Security Office (GNS), using the latest cryptographic algorithms, including the 'Elliptical Curves' technology.

These new CAs have already been published, since 03/25/2021, in the Trust List published by the European Union (EU List of eIDAS Trusted Lists - LOTL) –

Certification Chain

To proceed with the installation, download the installer of the certification chain in the following link:

If you intend to install manually, the certification chains for the new CA's are as follows:

Update of a certificate issued in the old CA

DigitalSign has successfully completed the certification of a new Root Certification Authority (ROOT CA), which makes it NECESSARY to update your certificate issued in the old CA, to ensure it remains VALID.

To make this process simpler and faster, DigitalSign provides a certificate updater. Please see the instructions and the example video below.

For updating certificates issued on a physical device (Smartcard, Token), please download the updater following the steps described and example video below.

1) Install and run the UpdateCertificado.exe application available at:
2) Enter your certificate device and press next
3) Select your Qualified Certificate from the list and press next
4) Enter your PIN;
5) You can close the app.

Thank you, you have successfully updated your certificate.

1. The certificate reissue and update process does not entail any cost or submission of documentation by the certificate holder, and can be completed at the comfort of your home or office;
2. The expiration date of your digital certificate remains unchanged;
3. This new CA (Certification Authority) is already stated in the Trust List published by the European Union (EU List of eIDAS Trusted Lists)

Issuance of the Advanced Digital Certificate

Download and App Installation

To issue your Advanced Digital Certificate, it is necessary to install the App “Advanced Certificate Issuance Service”, using the data mentioned in point 3 of the email received informing that the certificate is ready to be collected.

1. Download the application available at the following link:

NOTE: If the download does not start automatically, try downloading from another browser.
Compatible with Windows Operating System version 8.1 or higher.

2. After installing, open the application and fill in the data received by email with the order details - then click on ”Validate”


3. Complete your email validation via email request sent by DigiCert.


4. Please follow the instructions in the application to complete the installation of your Advanced Digital Certificate.




Frequently Asked Questions (FAQ)

Why haven't I received the email to collect the certificate?
If the document process was completed and the payment made, but no certificate collection email was received, please contact DigitalSign Customer Support - Telephone: +351 253 560 642 /

I have interrupted the DSissue application and have not completed the certificate collection, what should I do?
It is mandatory to resume the issuance and/or installation at the same step where it was started.
Please run again the application by entering the order details and the process will resume at the step where the issuance was suspended.

Why haven't I received the DigiCert email for email validation?
Please contact DigitalSign Customer Support - Telephone: +351 253 560 642 /

I have finished the certificate collection/issuance. Where can I find the backup file (.pfx)?
A backup copy of the certificate (a file in the '.pfx' format) is automatically saved on the desktop of the computer in use with following description DigitalSign-«no order».pfx.

How to back up the advanced digital certificate already issued?
Please follow the instructions in this manual

HSM Cloud

How does the remote signature work?

Authorizers - Electronic Invoicing

How does the remote signature work?

DigitalSign is a qualified provider of security services (see Trusted List published by the Supervisory Entity - Gabinete Nacional de Segurança - on the website of the European Commission - and being aware of the difficulties of using the electronic signature using smartcard or token, implemented the IDcert service that aims to create a certificate and its use, in a totally remote and centralized way in its secure datacenters.

Using the HSM Cloud Certificate

For use in systems integrated with DigitalSign

When integrated with our partners, you do not need to install any software. The subscription process is extremely simple - you just need your credentials (email + password) and to have your mobile phone with you (you will receive a confirmation SMS):

Assinatura HSM Cloud

For Generic Use

Notes: For use in:

  • Microsoft Office - You must have version of Microsoft Office 2013 or higher installed.


Download middleware (VirtualCSP) from: and then install as instructed in the 'INSTALLATION' tab.

NOTE: Minimum Requirements for Using VirtualCSP: Computer with 64-bit Operating System, Version 'Windows 8.1' or Higher

Installation and use on windows system

Installation guide

Authorizers - Electronic Invoicing

How to register an Authorizer?

1) Log in to your IDCert account at;

2) Go to “Certificates”;

3) Choose the certificate you want to assign to the Authorizer and click on the “Manage” button

4) Click on the button “Register Authorizer”

5) Complete the process, which includes assigning a name to the authorizer and complete the authorization by entering the code received via SMS - OTP sent to the mobile phone number associated with the certificate. Please, write down the information required for configuration in the ERP, if applicable. The new Authorizer is automatically associated with the certificate;

6) The updated list of Authorizers registered for that certificate will be displayed, which can be activated and/or deactivated at any time.

To check the authorizations related to an Authorizer, click “Show“.

Note 1: Each authorization associated with an Authorizer is valid for 60 days - it must be renewed before its expiration date to continue signing in the applications.

Note 2: It is possible to configure more than one Authorizer to be used in compatible applications, such as electronic invoicing platforms.

Note 3: Registering Authorizers is only allowed in qualified digital certificates with Electronic Seal profile.

How can I renew the authorization granted to an Authorizer?

1) Log in to your IDCert account at;

2) Go to “Certificates” and click “Edit” in the line of the certificate that is associated with the Authorizer;

3) Select the Authorizer you want to renew and click “Show”;

4) The list of authorizations already granted to that Authorizer will be displayed. Now click “Renew”

5) Complete the process by entering the OTP code received by SMS/Email (sent to: mobile phone number/email) associated with the certificate.

What is the difference between an Authorizer and an Authenticator?

Both are signature code generators, but they are used in different contexts.

  • Authorizer (Electronic Invoicing)
  • An Authorizer is registered by the customer and used by partners that the customer trusts to generate signature codes, which are included in the signature order placed by the partners, the customer's behalf, as a method of signing approval. This type of signature code generator is mostly used in integration with electronic invoicing platforms, among others, where, the customer registers Authorizers, and allows their partner(s) to use them for the purpose of signing documents. Each Authorizer is associated with a specific certificate. This means that the signature codes generated by a given Authorizer only approve the signing of documents with the certificate associated with that same Authorizer.

  • Authenticator
  • An Authenticator is registered by the customer and its signature generated codes can be consulted directly on a mobile application developed by DigitalSign called DSAuth, available free of charge, for iOS (App Store) and Android (Play Store). These signature codes are used by the customer to approve signatures, on signature processes entirely carried out by the customer, who has exclusive access to the Authenticator and its respective generated codes.
    The main advantage of using Authenticators is being able to quickly check the signature code in the mobile application, instead of waiting for the SMS to be received on the mobile phone to obtain it.
    Signature codes generated by registered Authenticators approve the signing of documents in which the certificates used have a type of approval set as “Authenticator”.

Usage best practices

SafeSign Standard (SafeSign IC) – Management Software

The SafeSign Standard (SafeSign IC) is innovative software developed exclusively for DigitalSign customers, in order to simplify the use of digital certificates issued by DigitalSign Certification Authorities.

Check with the operator of the Customer Service (CS) of DigitalSign, what options are available for the proper use of the software with your cryptographic device (card or token).

WARNING: At no time import and export certificates to your cryptographic device, you may eventually damage your certificate.

Whenever it is necessary to issue a new certificate due to misuse of the Software, DigitalSign, will not be responsible. The issuance of a new certificate and a new document validation is required.

Any doubts about our software, please contact one of our specialist operators.

Cryptographic device

The cryptographic device that contains your digital certificate is personal and non-transmissible use. Remember that your certificate is your identity in the virtual world! Do not give to others your card or token containing your certificate, or provide the access codes (PIN and PUK), as they are unique to use with your certificate.

NOTE: By facilitating your certificate together with your passwords (PIN and PUK), the holder can, for example, create legal documents on your behalf, among others.

The cryptographic device should only be used when performing a digital signature. The digital certificate replaces your handwritten signature, as such, identifies the person who holds it.

In case of loss of the device, inform DigitalSign as soon as possible, so we can proceed to the revocation of it. Revocation action should be made by the holder. Following revocation, your certificate will no longer be valid and, therefore, you will need to purchase another.

Take care of your device containing your certificate, bend it, do not damage the chip, exposing it to heat or water, if your device does not run for misuse, your certificate will be unusable.

DigitalSign, is not responsible for misuse of the certificate and the mismanagement of the cryptographic device.

When in doubt, contact DigitalSign Support operator, which will help you as best as possible.

Online Validation

Remote Validation Process

For online validation of your identity via video call, you will need your identification document, namely, identity card or passport.

Consult in this list which identifications documents are accepted for video call, sorted by country/nationality.

Please note that:

  • Not accepted: photocopies, pictures, residence permits or expired/damaged documents;
  • To make the video call, you will need to grant access to the camera and microphone;
  • The video call must be carried out only by the certificate holder, without any intervention by third parties.

1. Install the IDCheck app on your mobile device

Install the 'IDCheck' app directly from the APP Store or Google Play.


2. Open the IDCheck app to begin the identification process

In the application, enter the access code and start identification:

3. Follow the steps requested in the application on your mobile device

- After starting the process, follow the instructions given;

- Carry out all steps until validation is completed;

- After your identity has been successfully validated by our services, you will subsequently receive an email with instructions for collecting the certificate.

Quick Guide:

  •  Portuguese
  •  Spanish
  •  French
  •  English
  •  Polish
  • You can also watch the IDCheck APP video.


    Technical Support Application

    TeamViewer is the tool used by DigitalSign, to provide technical support. Download TeamViewer application and run it when prompted, provide the ID and password to our Customer Service team.


    1. Qualified Digital Certificate - Installation of the Certification Chain

    CSR - Certificate Signing Request

    What is a CSR?

    The CSR (Certificate Signing Request) is an encrypted file that contains the public key, location and URL (Web address) of the company.

    To create a CSR, you must use the Web server software. When generating CSR, the Web server creates two files: a private key and CSR.

    The CSR is required when the client asks a server ID. The CSR has to be sent to us together with the application of server certificate.

    How to create a CSR?

    Before you start the request to issue an SSL certificate, you must ensure that you already have the CSR.

    When generating the CSR, most server software requests the following information: common name (por exemplo,, organization name and location (country, state/province, city/town), key type (typically RSA), and key size (minimum 2048 bits).

    Below you will find the instructions for the main servers. For other servers you can consult this help.

    • Microsoft IIS

    CSR Generator: DigiCert Certificate Utility
    Instructions: IIS 10 | IIS 8/8.5 | IIS 7 | IIS 5/6 | IIS 4 | PFX Import/Export

    • Microsoft Exchange Server

    CSR Generator: CSR for Exchange 2007 | DigiCert Certificate Utility
    Instructions: Exchange 2016 | Exchange 2013 | Exchange 2010 | Exchange 2007 | PFX Import/Export

    • Apache Server (Open SSL)

    CSR Generator: Open SSL CSR Wizard
    Instructions: Apache Server | Ubuntu Server with Apache2 | PFX Import/Export

    • Tomcat Server (Keytool)

    CSR Generator: Java Keytool CSR Wizard
    Instructions: Tomcat Server | Java Based Server

    • Microsoft Lync

    CSR Generator: DigiCert Certificate Utility
    Instructions: Lync 2013 | Lync 2010

    What is the aspect of a CSR?

    Visually the CSR is text that starts with a line containing: '-----BEGIN CERTIFICATE REQUEST-----' and ends with the last line with: '-----END CERTIFICATE REQUEST-----'



    General Use - Certificates

    Usage context  QDC 
     Sign any documents and contracts on behalf of the organization. X  
     Sign documents and contracts not involving the transfer or encumbrance of real estate. X  
     Sign routine documents which does not involve the assumption of any obligations or commitments by the Organization.


     Sign on Electronic Platform of Licensing of Health Units (Law No. 127/2014).


     Sign on Hiring Electronic Platforms (Law No. 96/2015 of 17 August).


     Sign communication from the onset of activity and real estate transactions along IMPIC - Institute of Public Markets, Real Estate and Construction (Law 83/2017 - Article 46).


     Sign communications electronically to the Town Councils, within the legal system of urbanization and construction (Law 60/2007).


     Sign on Hiring Electronic Platforms (Law No. 96/2015 of 17 August);
     Sign communication from the onset of activity and real estate transactions along IMPIC - Institute of Public Markets, Real Estate and Construction (Law 83/2017 - Article 46)
      Sign communications electronically to the Town Councils, within the legal system of urbanization and construction (Law 60/2007)


     For electronic billing only.  


     For e-mail signature only.  


    Consumer Information

    In the event of a consumer dispute, the consumer may resort to the following consumer dispute resolution entity:

    Centro de Arbitragem de Conflitos de Consumo do Vale do Ave/Tribunal Arbitral - Guimarães
    Phone number: 253 422 410

    For updates and more information, please consult the Portuguese Consumer Porta available at (under the article 18 of the Portuguese Law no. 144/2015, of 8 September)