- All
- General Support
- New Digitalsign Certification Authority
- Issuance of the Advanced Certificate
- Cloud Certificate
- Usage best practices
- CSR
- Online Validation
- Downloads
- General Use - Certificates
- Consumer Information
- Shopping Guide
Digital Sign has at your disposal a Customer Support and Support team (SAC) where we can assist you with any issues and problem solving.
New Digitalsign Certification Authority
New CA
DigitalSign is pleased to report that it has successfully completed the accreditation of new Certification Authorities for the issuance of Qualified Digital Certificates with the National Security Office (GNS), using the latest cryptographic algorithms, including the 'Elliptical Curves' technology.
These new CAs have already been published, since 03/25/2021, in the Trust List published by the European Union (EU List of eIDAS Trusted Lists - LOTL) –https://esignature.ec.europa.eu/efda/tl-browser/#/screen/tl/PT/7
Certification Chain
To proceed with the installation, download the installer of the certification chain in the following link:
If you intend to install manually, the certification chains for the new CA's are as follows:
- https://qca-g1.digitalsign.pt/DIGITALSIGNQUALIFIEDCAG1.p7b
- https://qca-v1.digitalsign.pt/DIGITALSIGNQUALIFIEDCAV1.p7b
Update of a certificate issued in the old CA
DigitalSign has successfully completed the certification of a new Root Certification Authority (ROOT CA), which makes it NECESSARY to update your certificate issued in the old CA, to ensure it remains VALID.
To make this process simpler and faster, DigitalSign provides a certificate updater. Please see the instructions and the example video below.
For updating certificates issued on a physical device (Smartcard, Token), please download the updater following the steps described and example video below.
1) Install and run the UpdateCertificado.exe application available at: https://downloads.digitalsign.pt/AtualizarCertificado.exe
2) Enter your certificate device and press next
3) Select your Qualified Certificate from the list and press next
4) Enter your PIN;
5) You can close the app.
Thank you, you have successfully updated your certificate.
Notes:
1. The certificate reissue and update process does not entail any cost or submission of documentation by the certificate holder, and can be completed at the comfort of your home or office;
2. The expiration date of your digital certificate remains unchanged;
3. This new CA (Certification Authority) is already stated in the Trust List published by the European Union (EU List of eIDAS Trusted Lists)
Issuance of the Advanced Digital Certificate
Download and App Installation
To issue your Advanced Digital Certificate, it is necessary to install the App “Advanced Certificate Issuance Service”, using the data mentioned in point 3 of the email received informing that the certificate is ready to be collected.
1. Download the application available at the following link: https://downloads.digitalsign.pt/DsIssue/DsIssueSetup.exe
NOTE:
If the download does not start automatically, try downloading from another browser.
Compatible with Windows Operating System version 8.1 or higher.
2. After installing, open the application and fill in the data received by email with the order details - then click on ”Validate”
3. Complete your email validation via email request sent by DigiCert.
4. Please follow the instructions in the application to complete the installation of your Advanced Digital Certificate.
Frequently Asked Questions (FAQ)
HSM Cloud
How does the remote signature work?
Authorizers - Electronic Invoicing
How does the remote signature work?
DigitalSign is a qualified provider of security services (see Trusted List published by the Supervisory Entity - Gabinete Nacional de Segurança - on the website of the European Commission - https://esignature.ec.europa.eu/efda/tl-browser/#/screen/tl/PT/7 and being aware of the difficulties of using the electronic signature using smartcard or token, implemented the IDcert service that aims to create a certificate and its use, in a totally remote and centralized way in its secure datacenters.
Using the HSM Cloud Certificate
For use in systems integrated with DigitalSign
When integrated with our partners, you do not need to install any software. The subscription process is extremely simple - you just need your credentials (email + password) and to have your mobile phone with you (you will receive a confirmation SMS):
For Generic Use
Notes: For use in:
- Microsoft Office - You must have version of Microsoft Office 2013 or higher installed.
Download
Download middleware (VirtualCSP) from: https://downloads.digitalsign.pt/VirtualCSP.Installer.v3.3.0.0.msi and then install as instructed in the 'INSTALLATION' tab.
NOTE: Minimum Requirements for Using VirtualCSP: Computer with 64-bit Operating System, Version 'Windows 8.1' or Higher
Installation and use on windows system
Installation guideAuthorizers - Electronic Invoicing
How to register an Authorizer?
1) Log in to your IDCert account at https://gapi.digitalsign.pt;
2) Go to “Certificates”;
3) Choose the certificate you want to assign to the Authorizer and click on the “Manage” button
4) Click on the button “Register Authorizer”
5) Complete the process, which includes assigning a name to the authorizer and complete the authorization by entering the code received via SMS - OTP sent to the mobile phone number associated with the certificate. Please, write down the information required for configuration in the ERP, if applicable. The new Authorizer is automatically associated with the certificate;
6) The updated list of Authorizers registered for that certificate will be displayed, which can be activated and/or deactivated at any time.
To check the authorizations related to an Authorizer, click “Show“.
Note 1: Each authorization associated with an Authorizer is valid for 60 days - it must be renewed before its expiration date to continue signing in the applications.
Note 2: It is possible to configure more than one Authorizer to be used in compatible applications, such as electronic invoicing platforms.
Note 3: Registering Authorizers is only allowed in qualified digital certificates with Electronic Seal profile.
How can I renew the authorization granted to an Authorizer?
1) Log in to your IDCert account at https://gapi.digitalsign.pt;
2) Go to “Certificates” and click “Edit” in the line of the certificate that is associated with the Authorizer;
3) Select the Authorizer you want to renew and click “Show”;
4) The list of authorizations already granted to that Authorizer will be displayed. Now click “Renew”
5) Complete the process by entering the OTP code received by SMS/Email (sent to: mobile phone number/email) associated with the certificate.
What is the difference between an Authorizer and an Authenticator?
Both are signature code generators, but they are used in different contexts.
- Authorizer (Electronic Invoicing)
- Authenticator
An Authorizer is registered by the customer and used by partners that the customer trusts to generate signature codes, which are included in the signature order placed by the partners, the customer's behalf, as a method of signing approval. This type of signature code generator is mostly used in integration with electronic invoicing platforms, among others, where, the customer registers Authorizers, and allows their partner(s) to use them for the purpose of signing documents. Each Authorizer is associated with a specific certificate. This means that the signature codes generated by a given Authorizer only approve the signing of documents with the certificate associated with that same Authorizer.
An Authenticator is registered by the customer and its signature generated codes can be consulted directly on a mobile application developed by DigitalSign called DSAuth, available free of charge, for iOS (App Store) and Android (Play Store). These signature codes are used by the customer to approve signatures, on signature processes entirely carried out by the customer, who has exclusive access to the Authenticator and its respective generated codes.
The main advantage of using Authenticators is being able to quickly check the signature code in the mobile application, instead of waiting for the SMS to be received on the mobile phone to obtain it.
Signature codes generated by registered Authenticators approve the signing of documents in which the certificates used have a type of approval set as “Authenticator”.
Usage best practices
SafeSign Standard (SafeSign IC) – Management Software
The SafeSign Standard (SafeSign IC) is innovative software developed exclusively for DigitalSign customers, in order to simplify the use of digital certificates issued by DigitalSign Certification Authorities.
Check with the operator of the Customer Service (CS) of DigitalSign, what options are available for the proper use of the software with your cryptographic device (card or token).
WARNING: At no time import and export certificates to your cryptographic device, you may eventually damage your certificate.
Whenever it is necessary to issue a new certificate due to misuse of the Software, DigitalSign, will not be responsible. The issuance of a new certificate and a new document validation is required.
Any doubts about our software, please contact one of our specialist operators.
Cryptographic device
The cryptographic device that contains your digital certificate is personal and non-transmissible use. Remember that your certificate is your identity in the virtual world! Do not give to others your card or token containing your certificate, or provide the access codes (PIN and PUK), as they are unique to use with your certificate.NOTE: By facilitating your certificate together with your passwords (PIN and PUK), the holder can, for example, create legal documents on your behalf, among others.
The cryptographic device should only be used when performing a digital signature. The digital certificate replaces your handwritten signature, as such, identifies the person who holds it.
In case of loss of the device, inform DigitalSign as soon as possible, so we can proceed to the revocation of it. Revocation action should be made by the holder. Following revocation, your certificate will no longer be valid and, therefore, you will need to purchase another.
Take care of your device containing your certificate, bend it, do not damage the chip, exposing it to heat or water, if your device does not run for misuse, your certificate will be unusable.
DigitalSign, is not responsible for misuse of the certificate and the mismanagement of the cryptographic device.
When in doubt, contact DigitalSign Support operator, which will help you as best as possible.
Online Validation
Remote Validation Process
For online validation of your identity via video call, you will need your identification document, namely, identity card or passport.
Consult in this list which identifications documents are accepted for video call, sorted by country/nationality.
Please note that:
- Not accepted: photocopies, pictures, residence permits or expired/damaged documents;
- To make the video call, you will need to grant access to the camera and microphone;
- The video call must be carried out only by the certificate holder, without any intervention by third parties.
1. Install the IDCheck app on your mobile device
Install the 'IDCheck' app directly from the APP Store or Google Play.
 |
 |
|
 |
 |
 |
2. Open the IDCheck app to begin the identification process
In the application, enter the access code and start identification:
3. Follow the steps requested in the application on your mobile device
- After starting the process, follow the instructions given;
- Carry out all steps until validation is completed;
- After your identity has been successfully validated by our services, you will subsequently receive an email with instructions for collecting the certificate.
Quick Guide:
You can also watch the IDCheck APP video.
Downloads
Technical Support Application
TeamViewer is the tool used by DigitalSign, to provide technical support. Download TeamViewer application and run it when prompted, provide the ID and password to our Customer Service team.
Guides
1. Qualified Digital Certificate - Installation of the Certification Chain
CSR - Certificate Signing Request
What is a CSR?
The CSR (Certificate Signing Request) is an encrypted file that contains the public key, location and URL (Web address) of the company.
To create a CSR, you must use the Web server software. When generating CSR, the Web server creates two files: a private key and CSR.
The CSR is required when the client asks a server ID. The CSR has to be sent to us together with the application of server certificate.
How to create a CSR?
Before you start the request to issue an SSL certificate, you must ensure that you already have the CSR.
When generating the CSR, most server software requests the following information: common name (por exemplo, www.example.com), organization name and location (country, state/province, city/town), key type (typically RSA), and key size (minimum 2048 bits).
Below you will find the instructions for the main servers. For other servers you can consult this help.
- Microsoft IIS
CSR Generator: DigiCert Certificate Utility
Instructions: IIS 10 | IIS 8/8.5 | IIS 7 | IIS 5/6 | IIS 4 | PFX Import/Export
- Microsoft Exchange Server
CSR Generator: CSR for Exchange 2007 | DigiCert Certificate Utility
Instructions: Exchange 2016 | Exchange 2013 | Exchange 2010 | Exchange 2007 | PFX Import/Export
- Apache Server (Open SSL)
CSR Generator: Open SSL CSR Wizard
Instructions: Apache Server | Ubuntu Server with Apache2 | PFX Import/Export
- Tomcat Server (Keytool)
CSR Generator: Java Keytool CSR Wizard
Instructions: Tomcat Server | Java Based Server
- Microsoft Lync
CSR Generator: DigiCert Certificate Utility
Instructions: Lync 2013 | Lync 2010
What is the aspect of a CSR?
Visually the CSR is text that starts with a line containing: '-----BEGIN CERTIFICATE REQUEST-----' and ends with the last line with: '-----END CERTIFICATE REQUEST-----'
Example:
-----BEGIN CERTIFICATE REQUEST-----
MIICxDCCAawCAQAwfzELMAkGA1UEBhMCYnIxEjAQBgNVBAcMCVNhbyBQYXVsbzEu
MCwGA1UECgwlRElHSVRBTFNJR04gQ0VSVElGSUNBQ0FPIERJR0lUQUwgTFREQTEs
MCoGA1UEAwwjd3d3LmRpZ2l0YWxzaWduY2VydGlmaWNhZG9yYS5jb20uYnIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKLAtrzhVU8tuBKURRRDeL4el5
0V4NywfGuyDHly6UW6BbLbVEYTCBJiaMOKOkZBybv32u0cLItAd5kfDxy7H7s1m7
nPcYRCAzNhKKWQLaN8WQ8FhbRJmwuUwRvnyLcQp+wrl4H082vInJLSme8nx9XiNt
H3t0gWOE0UrYKDEeK8/kAU6aurt4tJrSdhcfwYdv6Kd12/7BUU61Ha6ZokBkiH+G
mPZK9cCmux3BVIAHODyAJ8GzyfEh7irN7i123qTjhLcUBqw7+TWZ9i53qA1uNXZ0
SR5yIj3DCyJ1VSZ6MGKJ+HsyoBdK20omgnxV58ooSEY1yJpCAKWMWhXkFihfAgMB
AAGgADANBgkqhkiG9w0BAQUFAAOCAQEAmziDYcPPOvxF5fi27O8jtLNiy+Ef3+5Y
dzjyuj6KAxrp37p3T7174o+55w3DZ8dYP3Gpn+QaVwoTma/ZWaN7nE4F596iBs4m
+u/VKgTGtKzP+3CM6eVyNjiQSh0ozjrVWjLLKxvDnuLm5O203HFc8WUVwncWFmOC
KsLiHWfk6Zqc9e8xEksu0a+rVdTYatOcRGyTmxxwzW1+gB9J/0TMxkvRrywIcybf
P5xjXw3Tw4b9KS2cvSOf1qHmOby+dyRmGBZf46gUFHviPGaRNyTXs9nhVBiQFx+A
PdzCw+IF/RsivOa+Qdlr/SS7QqGcdCzYjy120DAEqwKQkrec5f52oQ==
-----END CERTIFICATE REQUEST-----
General Use - Certificates
| Usage context | QDC |
ADC |
| Sign any documents and contracts on behalf of the organization. |  |
|
| Sign documents and contracts not involving the transfer or encumbrance of real estate. | |
|
| Sign routine documents which does not involve the assumption of any obligations or commitments by the Organization. |
|
|
| Sign on Electronic Platform of Licensing of Health Units (Law No. 127/2014). |
|
|
| Sign on Hiring Electronic Platforms (Law No. 96/2015 of 17 August). |
|
|
| Sign communication from the onset of activity and real estate transactions along IMPIC - Institute of Public Markets, Real Estate and Construction (Law 83/2017 - Article 46). |
|
|
| Sign communications electronically to the Town Councils, within the legal system of urbanization and construction (Law 60/2007). |
|
|
| Sign on Hiring Electronic Platforms (Law No. 96/2015 of 17 August); + Sign communication from the onset of activity and real estate transactions along IMPIC - Institute of Public Markets, Real Estate and Construction (Law 83/2017 - Article 46) + Sign communications electronically to the Town Councils, within the legal system of urbanization and construction (Law 60/2007) |
|
|
| For electronic billing only. |
|
|
| For e-mail signature only. |
|
Consumer Information
In the event of a consumer dispute, the consumer may resort to the following consumer dispute resolution entity:
Centro de Arbitragem de Conflitos de Consumo do Vale do Ave/Tribunal Arbitral - Guimarães
E-mail: triave@gmail.com
Phone number: 253 422 410
Website: www.triave.pt
For updates and more information, please consult the Portuguese Consumer Porta available at www.consumidor.pt (under the article 18 of the Portuguese Law no. 144/2015, of 8 September)