- General Support
- New Digitalsign Certification Authority
- Issuance of the Advanced Certificate
- Cloud Certificate
- Usage best practices
- Online Validation
- General Use - Certificates
- Consumer Information
- Shopping Guide
New Digitalsign Certification Authority
DigitalSign is pleased to report that it has successfully completed the accreditation of new Certification Authorities for the issuance of Qualified Digital Certificates with the National Security Office (GNS), using the latest cryptographic algorithms, including the 'Elliptical Curves' technology.
These new CAs have already been published, since 03/25/2021, in the Trust List published by the European Union (EU List of eIDAS Trusted Lists - LOTL) âhttps://esignature.ec.europa.eu/efda/tl-browser/#/screen/tl/PT/7
To proceed with the installation, download the installer of the certification chain in the following link:
If you intend to install manually, the certification chains for the new CA's are as follows:
Update of a certificate issued in the old CA
DigitalSign has successfully completed the certification of a new Root Certification Authority (ROOT CA), which makes it NECESSARY to update your certificate issued in the old CA, to ensure it remains VALID.
To make this process simpler and faster, DigitalSign provides a certificate updater. Please see the instructions and the example video below.
For updating certificates issued on a physical device (Smartcard, Token), please download the updater following the steps described and example video below.
1) Install and run the UpdateCertificado.exe application available at: https://downloads.digitalsign.pt/AtualizarCertificado.exe
2) Enter your certificate device and press next
3) Select your Qualified Certificate from the list and press next
4) Enter your PIN;
5) You can close the app.
Thank you, you have successfully updated your certificate.
1. The certificate reissue and update process does not entail any cost or submission of documentation by the certificate holder, and can be completed at the comfort of your home or office;
2. The expiration date of your digital certificate remains unchanged;
3. This new CA (Certification Authority) is already stated in the Trust List published by the European Union (EU List of eIDAS Trusted Lists)
Issuance of the Advanced Digital Certificate
Download and App Installation
To issue your Advanced Digital Certificate, it is necessary to install the App âAdvanced Certificate Issuance Serviceâ, using the data mentioned in point 3 of the email received informing that the certificate is ready to be collected.
1. Download the application available at the following link: https://downloads.digitalsign.pt/DsIssue/DsIssueSetup.exe
If the download does not start automatically, try downloading from another browser.
Compatible with Windows Operating System version 8.1 or higher.
2. After installing, open the application and fill in the data received by email with the order details - then click on âValidateâ
3. Complete your email validation via email request sent by DigiCert.
4. Please follow the instructions in the application to complete the installation of your Advanced Digital Certificate.
Frequently Asked Questions (FAQ)
How does the remote signature work?
DigitalSign is a qualified provider of security services (see Trusted List published by the Supervisory Entity - Gabinete Nacional de SeguranĂ§a - on the website of the European Commission - https://esignature.ec.europa.eu/efda/tl-browser/#/screen/tl/PT/7 and being aware of the difficulties of using the electronic signature using smartcard or token, implemented the IDcert service that aims to create a certificate and its use, in a totally remote and centralized way in its secure datacenters.
Using the HSM Cloud Certificate
For use in systems integrated with DigitalSign
When integrated with our partners, you do not need to install any software. The subscription process is extremely simple - you just need your credentials (email + password) and to have your mobile phone with you (you will receive a confirmation SMS):
For Generic Use
For use in other applications (such as Microsoft Word, Adobe Acrobat, PDF Sign & Seal, etc.), you will need to install the required middleware - VirtualCSP - to ensure integration:
Notes: For use in:
- PDF Sign&Seal needs to have version 6.6.0 or higher installed. To see your version of PDF Sign & Seal see the Help -> About panel;
- Microsoft Office - You must have version of Microsoft Office 2013 or higher installed.
Download middleware (VirtualCSP) from: https://downloads.digitalsign.pt/VirtualCSP.Installer.v126.96.36.199.msi and then install as instructed in the 'INSTALLATION' tab.
NOTE: Minimum Requirements for Using VirtualCSP: Computer with 64-bit Operating System, Version 'Windows 8.1' or Higher
Installation and use on windows systemInstallation guide
Authorizers - Electronic Invoicing
1) Log in to your IDCert account at https://gapi.digitalsign.pt;
2) Go to âCertificatesâ;
3) Choose the certificate you want to assign to the Authorizer and click on the âManageâ button
4) Click on the button âRegister Authorizerâ
5) Complete the process, which includes assigning a name to the authorizer and complete the authorization by entering the code received via SMS - OTP sent to the mobile phone number associated with the certificate. Please, write down the information required for configuration in the ERP, if applicable. The new Authorizer is automatically associated with the certificate;
6) The updated list of Authorizers registered for that certificate will be displayed, which can be activated and/or deactivated at any time.
To check the authorizations related to an Authorizer, click âShowâ.
Note 1: Each authorization associated with an Authorizer is valid for 60 days - it must be renewed before its expiration date to continue signing in the applications.
Note 2: It is possible to configure more than one Authorizer to be used in compatible applications, such as electronic invoicing platforms.
Note 3: Registering Authorizers is only allowed in qualified digital certificates with Electronic Seal profile.
1) Log in to your IDCert account at https://gapi.digitalsign.pt;
2) Go to âCertificatesâ and click âEditâÂ in the line of the certificate that is associated with the Authorizer;
3) Select the Authorizer you want to renew and click âShowâ;
4) The list of authorizations already granted to that Authorizer will be displayed. Now click âRenewâ
5) Complete the process by entering the OTP code received by SMS/Email (sent to: mobile phone number/email) associated with the certificate.
What is the difference between an Authorizer and an Authenticator?
Both are signature code generators, but they are used in different contexts.
- Authorizer (Electronic Invoicing)
An Authorizer is registered by the customer and used by partners that the customer trusts to generate signature codes, which are included in the signature order placed by the partners, the customer's behalf, as a method of signing approval. This type of signature code generator is mostly used in integration with electronic invoicing platforms, among others, where, the customer registers Authorizers, and allows their partner(s) to use them for the purpose of signing documents. Each Authorizer is associated with a specific certificate. This means that the signature codes generated by a given Authorizer only approve the signing of documents with the certificate associated with that same Authorizer.
An Authenticator is registered by the customer and its signature generated codes can be consulted directly on a mobile application developed by DigitalSign called DSAuth, available free of charge, for iOS (App Store) and Android (Play Store). These signature codes are used by the customer to approve signatures, on signature processes entirely carried out by the customer, who has exclusive access to the Authenticator and its respective generated codes.
The main advantage of using Authenticators is being able to quickly check the signature code in the mobile application, instead of waiting for the SMS to be received on the mobile phone to obtain it.
Signature codes generated by registered Authenticators approve the signing of documents in which the certificates used have a type of approval set as âAuthenticatorâ.
Usage best practices
SafeSign Standard (SafeSign IC) â Management Software
The SafeSign Standard (SafeSign IC) is innovative software developed exclusively for DigitalSign customers, in order to simplify the use of digital certificates issued by DigitalSign Certification Authorities.
Check with the operator of the Customer Service (CS) of DigitalSign, what options are available for the proper use of the software with your cryptographic device (card or token).
WARNING: At no time import and export certificates to your cryptographic device, you may eventually damage your certificate.
Whenever it is necessary to issue a new certificate due to misuse of the Software, DigitalSign, will not be responsible. The issuance of a new certificate and a new document validation is required.
Any doubts about our software, please contact one of our specialist operators.
Cryptographic deviceThe cryptographic device that contains your digital certificate is personal and non-transmissible use. Remember that your certificate is your identity in the virtual world! Do not give to others your card or token containing your certificate, or provide the access codes (PIN and PUK), as they are unique to use with your certificate.
NOTE: By facilitating your certificate together with your passwords (PIN and PUK), the holder can, for example, create legal documents on your behalf, among others.
The cryptographic device should only be used when performing a digital signature. The digital certificate replaces your handwritten signature, as such, identifies the person who holds it.
In case of loss of the device, inform DigitalSign as soon as possible, so we can proceed to the revocation of it. Revocation action should be made by the holder. Following revocation, your certificate will no longer be valid and, therefore, you will need to purchase another.
Take care of your device containing your certificate, bend it, do not damage the chip, exposing it to heat or water, if your device does not run for misuse, your certificate will be unusable.
DigitalSign, is not responsible for misuse of the certificate and the mismanagement of the cryptographic device.
When in doubt, contact DigitalSign Support operator, which will help you as best as possible.
Video Call - Accepted identification documents
To validate online your identity by video call, you will need your identification document, namely, identity card or passport.
- Example: Valid Portuguese Identity Card issued after 2009
Please check the list of accepted IDâs for making the videocall, sorted by country/nationally.
Please note that:
- Identification documents without a term of validity are not accepted;
- Not accepted: residence permits, copies and expired/damaged IDâs.
- The customer must grant access to camera and microphone to do the video call.
- The video call must be performed by the certificate holder, without any third-party intervention.
Online Identity Validation
1. Please access the link received by email to start your online identity validation.
2. Once there, please enter your order number and Identification phrase set by you and proceed with the validation process.
3. Install the App 'IDnow Online-Ident' directly from Play Store (ios) or Google Play (android).
4. Open the application and start the identification process with your Ident-ID
Your Ident-ID will be provided on this page.
You may follow up the process through the images below:
5. After starting the video call, an operator will guide you through the identification process and perform your online identity verification.
After the process is completed on your mobile device, please wait until the identification is validated.
Technical Support Application
TeamViewer is the tool used by DigitalSign, to provide technical support. Download TeamViewer application and run it when prompted, provide the ID and password to our Customer Service team.
1. Qualified Digital Certificate - Installation of the Certification Chain
CSR - Certificate Signing Request
What is a CSR?
The CSR (Certificate Signing Request) is an encrypted file that contains the public key, location and URL (Web address) of the company.
To create a CSR, you must use the Web server software. When generating CSR, the Web server creates two files: a private key and CSR.
The CSR is required when the client asks a server ID. The CSR has to be sent to us together with the application of server certificate.
How to create a CSR?
Before you start the request to issue an SSL certificate, you must ensure that you already have the CSR.
When generating the CSR, most server software requests the following information: common name (por exemplo, www.example.com), organization name and location (country, state/province, city/town), key type (typically RSA), and key size (minimum 2048 bits).
Below you will find the instructions for the main servers. For other servers you can consult this help.
- Microsoft IIS
- Microsoft Exchange Server
- Apache Server (Open SSL)
- Tomcat Server (Keytool)
- Microsoft Lync
What is the aspect of a CSR?
Visually the CSR is text that starts with a line containing: '-----BEGIN CERTIFICATE REQUEST-----' and ends with the last line with: '-----END CERTIFICATE REQUEST-----'
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
General Use - Certificates
|Usage context|| QDC
|Sign any documents and contracts on behalf of the organization.|
|Sign documents and contracts not involving the transfer or encumbrance of real estate.|
|Sign routine documents which does not involve the assumption of any obligations or commitments by the Organization.||
|Sign on Electronic Platform of Licensing of Health Units (Law No. 127/2014).||
|Sign on Hiring Electronic Platforms (Law No. 96/2015 of 17 August).||
|Sign communication from the onset of activity and real estate transactions along IMPIC - Institute of Public Markets, Real Estate and Construction (Law 83/2017 - Article 46).||
|Sign communications electronically to the Town Councils, within the legal system of urbanization and construction (Law 60/2007).||
| Sign on Hiring Electronic Platforms (Law No. 96/2015 of 17 August);
Sign communication from the onset of activity and real estate transactions along IMPIC - Institute of Public Markets, Real Estate and Construction (Law 83/2017 - Article 46)
Sign communications electronically to the Town Councils, within the legal system of urbanization and construction (Law 60/2007)
|For electronic billing only.||
|For e-mail signature only.||
In the event of a consumer dispute, the consumer may resort to the following consumer dispute resolution entity:
Centro de Arbitragem de Conflitos de Consumo do Vale do Ave/Tribunal Arbitral - GuimarĂŁes
Phone number: 253 422 410
For updates and more information, please consult the Portuguese Consumer Porta available at www.consumidor.pt (under the article 18 of the Portuguese Law no. 144/2015, of 8 September)