PersonalSign Certificates | Support

How can I install my PersonalSign Certificate?

Please refer to our Installation Guide for help installing your PersonalSign Certificates. You can find it here: http://www.globalsign.com/support/ordering-guides/personalsign-installation-guide.pdf.

You can also find installation help based on your server type. Please choose your server type from the list below for step by step installation instructions

• Outlook 2003
• Outlook 98-2000
• Outlook Express
• Outlook 2001 Mac
• Outlook 2007
• Thunderbird
• Windows mobile PDA
• Lotus Notes 8.5
• Lotus Notes

---

Do you have any support videos I can watch on PersonalSign Certificates?

Our Managing Personal Digital Certificates video offers a great overview of our PersonalSign Certificates, including installation help, use with the FDA ESG, common problems and solutions, and steps for reissuing. You can watch it here http://www.globalsign.com/support/videos/digital-id/.

---

Which browser do you recommend I use during installation?

We recommend using Internet Explorer or Firefox during the installation.

---

Should I install the ActiveX control?

If you are using Windows and Internet Explorer, in step 2 of your online certificate request a yellow bar will appear at the top of the screen.

Please click on the yellow bar and continue to install the Active-X driver as instructed. The installation will only take a few moments and will ensure the certificate request is made on your browser. If you continue to the next step and the Active-X driver has not been installed the box labelled Cryptographic Service Provider will not be selectable.

The box labelled Cryptographic Service Provider on Step 5 should appear, if it does not, go back and make sure you install the Active-X Driver.

---

Why does Firefox ask me for a Master Password?

Firefox insists that the user sets up a Master password before they request a GlobalSign Code Signing or PersonalSign certificate, and will ask the user for that password when they come to install their certificate. It is very easy to set up a Master password, simply open Firefox and go to Tools > Options > Security > select Use a master password and enter then confirm a password of your choice > OK.

---

How do I reissue my PersonalSign Certificate?

You can reissue your Certificate free of charge. Please follow the steps outlined here: http://www.globalsign.com/support/faq/misc/22.php.

---

How can I export my PersonalSign Certificate?

You can export your Certificate to keep a backup or use on another machine. We recommend you keep a backup in case you suffer hardware failure on the machine originally used for the install. Please follow the steps outlined here to export your Certificate: http://www.globalsign.com/support/faq/misc/16.php.

---

I lost my private key and cannot export my Certificate. What can I do?

PersonalSign customers who have lost their private keys are asked to contact our support team by filling out the form here: https://www.globalsign.com/leadgen/submit-support-inquiry.html.

For more information, including what you can do to avoid this problem in the future, please visit http://www.globalsign.com/support/faq/misc/13.php.

---

How do I renew my PersonalSign Certificate?

GlobalSign does not retain the information from your original order for use in renewals. Therefore, you will need to purchase another Certificate when your original Certificate expires. You can do so by visiting http://www.globalsign.com/authentication-secure-email/digital-id/index.html and selecting Buy / Renew next to the desired product.

I want to sign a Microsoft Office document. Do I need a PersonalSign Certificate or a Code Signing Certificate?

You need a PersonalSign Certificate to sign the following types of documents:

•  Word documents

•  Excel spreadsheets

•  PowerPoint presentations

•  Outlook emails (encryption also supported)

Code Signing Certificates are needed to sign any VBA macro, regardless of program.

---

How do I digitally sign Microsoft Office documents or emails?

Our Guide to Signing Microsoft Office Documents includes step by step instructions for adding digital signatures to Microsoft Office documents and emails. You can find it here: http://www.globalsign.com/resources/userguides/guide-to-signing-microsoft-documents.pdf.

---

Which mail clients are compatible with S/MIME?

Please see our white paper on assessing the compatibility and best practices of using S/MIME encryption: http://www.slideshare.net/GlobalSign/globalsign-white-paper-smime-compatibility-in-the-mail-client-universe

---

What does authentication in a signed email mean?

Authentication is the verification of the identity of a person (or host, server, client, etc.). It guarantees the authenticity of who signed the data - so you know who participated in a transaction and that it has not been forged by someone else. It allows to determine the true identity of a user attempting to access a system by confirmation of the claimed identity.

---

What do data integrity and confidentiality in a signed e-mail mean?

Digital signatures protect the integrity of the data - so you know that the message you read has not been changed or altered, either accidentally or maliciously. Technically, a digital signature includes a hash of the overall document being signed. Any change to the document after it is signed would invalidate this digital hash. Digital signatures ensure the confidentiality of the data of an encrypted email – only the intended recipient can retrieve and read a message.

---

What does non-repudiation in a signed e-mail mean?

A feature of a digital signature which allows the author ("signer") of a message to prove his identity. Non-repudiation allows you to prove later who participated in a transaction - a signer of a document on one end of a transmission cannot deny having sent the message nor can the recipient deny having received it. Simply stated, non-repudiation means that information cannot be disclaimed, similar to a witnessed handwritten signature on a paper document.

---

How can I use a PersonalSign Certificate to submit documents to the FDA ESG?

You can use a GlobalSign PersonalSign Certificate to submit electronic documentation to the FDA. Please see our FDA ESG FAQs for more information: http://www.globalsign.com/authentication-secure-email/digital-id/fda-faq.html

---

Will my signature expire?

Yes, when your Certificate expires your signature will expire. We recommend keeping document lifetime in mind when ordering your PersonalSign Certificate. We offer Certificates with validity periods ranging from one to three years. If the documents you plan on signing will be accessed over a longer period of time, you can select a longer Certificate validity period.

---

What is cryptography?

Cryptography is the science of transforming information you can read (in plaintext) into information someone cannot read. In this process, information is coded (encrypted) to stop information from being read or altered by anyone but the intended recipient. It may be intercepted, but it will not be intelligible to someone without the ability to decode (decrypt) the message.

Encryption and decryption require a mathematical formula or "algorithm" to convert data between readable and encoded formats and a key. A key is a unique number which is combined with the plaintext to produce the encrypted message or the digital signature.

---

What is public key cryptography?

In a public key cryptography system, two keys are required in order for two parties to exchange information in a secure fashion: a public key and a private key. If one key is used to encrypt a message, then only the other key in the pair can be used to decrypt it.

Although the keys of the public and private key pair are mathematically related, it is computationally infeasible to derive one key from the other, so the private key is protected from duplication or forgery even when someone knows the public key. Therefore, it is safe to openly distribute your public key for everyone to use, but it is essential that your private key remains closely guarded and secret.

The public key can be used to verify a message signed with the private key or encrypt messages that can only be decrypted using the private key.

If someone wants to send you an encrypted message, they encrypt the message with your public key and you, being the sole possessor of the corresponding private key of the pair, are the only one who can decrypt it.

---

What is a key?

A key is a single numeric value that is part of an algorithm for encrypting text. It is a sequence of characters used to encode and decode a file. The key is used to encrypt and/or decrypt a message. For a symmetric key algorithm, the same key is used for both encryption and decryption. For public key algorithms, the publicly known key can only encrypt the messages, the privately held key must be used to decrypt the messages.

---

What kind of keys are used in digital signatures?

Digital signatures use public key cryptography. Two keys are used to encrypt and decrypt a message. A digital signature is created using a person's "private" key. The recipient checks the signature using that person's "public" key.

---

What are Root Certificates?

A root certificate is the digital certificate of a certification authority. The public key in this certificate is used to verify the signature of the certification authority. With the corresponding private key the certification authority signs all certificates issued.

The root certificate confirms that the public key and the certification authority are linked. By downloading the root certificate the user accepts to trust the certification authority.

NOTE: GlobalSign will have both self-signed and non self-signed certificates because it uses the chaining:

•   TOP Root — which is self-seigned

•   Primary Roots — signed by TOP root

•   Subordinate Roots (Operational Keys) — signed by the primary roots