Frequently Asked Questions (FAQ)

Digital Signature

Q. What is a Digital Signature Certificate (DSC)?
Ans. Digital Signature Certificate (DSC) is the electronic format of physical or paper certificate like a driving License, passport etc. Certificates serve as proof of identity of an individual or organization for a certain purpose on online / computer. Digital Signature Certificate (DSC) Certificate can be presented electronically to prove your identity, to access information or services on the Internet or to sign certain documents digitally manually.

Q. Why do I need a Digital Signature Certificate (DSC)?
Ans. A Digital Signature Certificate (DSC) Certificate authenticates your identity electronically. DSC also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a Digital Signature Certificate (DSC). You can use certificates to sign / encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message.

Q. Where can I use Digital Signature Certificate (DSC)?
Ans. For sending and receiving digitally signed and encrypted emails/ documents.
For carrying out secure web-based transactions.
In eTendering, eProcurement,for Registrar of Companies e-filing,Income Tax for e-filing income tax returns and also in many other applications.
For signing documents like MS Word, MS Excel and PDFs.

Q. Where can I purchase a Digital Signature Certificate (DSC)?
Ans. Legally valid Digital Signature Certificate (DSC) Certificates are issued only through a Controller of Certifying Authorities (CCA), Govt. of India, licensed Registration Authorities (RA), such as e-Solutions. e-Solutions, a Registration Authorities (RA) licensed by (n)Code Solutions-CA, offers secure Digital Signature Certificate (DSC)s through various options tailored to suit individual as well as organizational needs.

Q. How does a Digital Signature Certificate (DSC) work?
Ans. A Digital Signature Certificate (DSC) explicitly associates the identity of an individual/device with a two keys - public and private keys. The certificate contains information about a user's identity (for example, their name, pincode, country, email address, the date the certificate was issued and the name of the CA. These keys will not work in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user.
The private key is stored on the user's computer hard disk or on an external device such as a USB token. The user retains control of the private key; it can only be used with the issued password. The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Q. Are Digital Signature Certificate (DSC)s legally valid in India?
Ans. Yes, as per Information Technology Act 2000 in India, Digital Signature Certificate (DSC) are legally valid in India. Digital Signature Certificate (DSC) are issued by licensed Certifying Authorities under the Ministry of Information Technology, Government of India as per the Information Technology Act.

Q. What type of Digital Signature Certificate is required for e-Tendering, e-Procurement, Trademark / Patent filing?
Ans. Class 3 Company / Organization User certificate is required for e-Tendering, e-Procurement , Trademark / Patent filing. Class 3 is the highest type of Digital Signature Certificate. it can be issued for 1 years or 2 years. After the valid period , user need to renew class 3 digital signature certificates.

Q. What type of Digital Signature Certificate is required for Income Tax filing, ROC and MCA filing?
Ans. Class 2 Digital Signature Certificate is required for Income Tax filing, ROC and MCA filing. Class 2 Digital Signature Certificate can be issued for 1 year or 2 years. After the valid period , user need to renew class 2 digital signature certificates. Class 2 Digital Signature certificate can be issued to individual / organization.

Q. What type of Digital Signature Certificate is required for Importers-Exporters?
Class 3 DGFT Digital Signature Certificate is required for DGFT website to communicate. DGFT Digital Signature is valid for 1 years or 2 years. User can save time and money by using DGFT Digital Signature Certificate.

Q. What type of Digital Signature Certificate (DSC) is to be obtained for eFiling on the MCA Portal ?
DSC of Class 2 and Class 3 category issued by a licensed Certifying Authority (CA) needs to be obtained for e-filing on the MCA Portal.

Q. What does X509 refer to as it relates to digital certificates?
Ans. X509 is the industry standard for digital certificate format. It defined the various mandatory and optional attributes that can be defined within the certificate.

Q. Why does a digital signature certificate have a limited validity period?
Ans. Digital signature certificates have an explicit start date and an explicit expiration date. Most applications check the validity period of a certificate when the digital certificate is used. The signature certificate expiration date is also used for managing the certificate revocation list (CRL). A certificate is removed from the revocation list when its natural expiration date arrives. As such, generally the shorter the certificate validity period, the shorter the CRL.

Q. What is a root certificate, and why do I need one?
Ans. A root certificate is one of two things: Either an unsigned public key certificate or a self-signed certificate used to identify the Root Certificate Authority (CA). The root certificate is in fact the anchor of trust in a digital certificate and is used for validating the entire certification tree.

Q. Can a person have two digital signatures say one for official use and other one for personal use?
Ans. Yes

Q. What are the different classes of Digital Signature Certificates?
Ans. In addition to four classes of certificates given below, the Certifying Authority may issue more classes of Public Key Certificates, but these must be explicitly defined including the purpose for which each class is used and the verification methods underlying the issuance of the certificate. The suggested four classes are the following :-
Class 0 Certificate: This certificate shall be issued only for demonstration/ test purposes.
Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These certificates will confirm that user's name (or alias) and E-mail address form an unambiguous subject within the Certifying Authorities database.
Class 2 Certificate: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.

eToken

Q. "Error in Downloading Certificate"
Q. "Error in Creating CSR" while Enrolling Certificate Request.
Q. "ePass2003" is detected by system whereas "ePass2003Auto" is not detected.
Q. "Your CA is not trusted".
Q. "Application Blocked by Security Setting or Application cannot be run."
Q. "Fake Path" while signing XML file on Income Tax Website.
Q. "Invalid Digital Signature Certificate" while Registering or Uploading Return.
Q. "Invalid Digital Signature While Login."
Q. "The Microsoft Cryptographic Service Provider Reported an Error" while signing MCA PDF.
Q. "ePass2003" Token is not getting recognized by system.
Q. Token is not identifying by System.
Q. How to verify whether Smartcard Services is running on system?
Q. How to restart Smartcard service in System?
Q. Process for reinstall Smartcard Service.
Q. System Restore and Driver Rollback Instructions.
Q. Firefox Compatibility Problem.
Q. Verification Code (CAPTCHA) is not visible.
Q. File Signing Failed due to Space (or) Special Characters.
Q. "Failure! Certificate Trusted Chain Validation Failed"
Q. Applet is not Started or Initialized.
Q. Your Browser does not support javascript.
Q. Page Authorization Error.
Q. Get Certificate Public Key Failed: There was an error while exporting the Key Blob.
Q. How to uninstall Internet Explorer 11 and restore Previous version of Internet Explorer.
Q. ePass2003 Token Driver for Linux and Mac OS.
Q. Root Chain and Installation Process.
Q. Microsoft CSP option is not highlight while installing ePass2003 token driver.

Q. "Error in Downloading Certificate"

Reason:

Root Chain is not installed in system.

System is different from the one where the request was generated for digital signature.

Certificate enrollment request is deleted or removed from system.

Token is not detected or token driver is not installed or are uninstalled from the system.

Key Pair is not generated while enrolling for digital signature request or is deleted from the token.

Resolution:

Install Root chain in system.

Make sure you are using the same system from where the request was generated.

Open the token manager and Log-in to token to check whether token is detected by system.

After Login into the token check whether the key pair is present in it.

Q. "Error in Creating CSR" while Enrolling Certificate Request.

Reason:

Token is not attached to the system, or is not detected by the system.

'Cryptographic Service provider' is not selected properly.

If the token is Aladdin eToken 32K.

Resolution:

Make sure that the token drivers are installed in the system.

Check whether the token is connected to the system, and you are able to login to the token.

Do not use SHA1 Compatible tokens, like Safenet iKey or eToken 32K for enrollment.

Q. "ePass2003" is detected by system whereas "ePass2003Auto" is not detected.

Reason:

System may be recognizing both drivers, for ePass2003 & ePass2003Auto, as different driver.

Resolution:

Control Panel > System > Device Manager. In the console tree find the epass2003Auto, right click on it and select uninstall.

Remove the token and reconnect it, system automatically recognizes the driver and the drivers will be installed successfully in the system.

Q. "Your CA is not trusted".

Reason:

This Notification comes when Root Chain is not installed in system or the browser settings are not proper.

Resolution:

Install Root Chain in system.

Make browser settings as per website guideline.

Check Java version recommended by website.

All new ePass drivers comes with built-in Root Chain, uninstall the older version of driver and install latest drivers, this will automatically install Root Chain of all CAs and SubCAs.

Q. "Application Blocked by Security Setting or Application cannot be run."

Reason:

System settings do not allow downloading of the required java applet.

Resolution:

Open Control Panel > Java > Security Tab. Set security level to medium and then click on Edit Site list button. Click on Add Button and add Trusted Site or site URL where you are performing task.

Q. "Fake Path" while signing XML file on Income Tax Website.

Reason:

Internet Explorer settings are not proper.

Internet Explorer version is below 7.

Resolution:

Internet Explorer version must be above 7.
a) Open Tools Menu -> Internet option -> Click on Security Tab -> Here first set all security to default zone. Now click on Internet Icon then click on Custom button.
b) Now 'Reset custom settings' to medium.
c) Enable all ActiveX controls and plug-ins. If the ActiveX enable setting is (not secured) then select prompt but not disable.
d) In the User Authentication Logon Section select Automatic logon with current user name and password.
e) Click on OK and Apply Settings.
f) Now click on Second Icon Local intranet > Reset this Zone to Low, apply it.

Q. "Invalid Digital Signature Certificate" while Registering or Uploading Return.

Reason:

Name mentioned in the Digital Signature does not match with the account details.

Resolution:

Update Profile settings with the details of the person whose digital signature certificate is being used for filling return. Check the Name in Verification Part in XML file or in Pre-paired return.

Q. "Invalid Digital Signature While Login."

Reason:

Registered certificate does not match with the certificate used for login.

Resolution:

After renewal of the certificate you need to update it on the respective portal where you are using the certificate for login or for e-tender.

Each tender site has different process for registration, please get in touch with respective site Helpdesk.

Q. "The Microsoft Cryptographic Service Provider Reported an Error" while signing MCA PDF

Reason:

System Cryptographic Services are not working properly or respective security patch is not installed in System.

Resolution:

If you are countering error "The Microsoft Cryptographic Service Provider reported an error:" in Adobe Acrobat Reader while signing MCA Documents.

This error may face in Adobe Acrobat Reader Version 9.0 and above, this is error of Adobe Acrobat and not of USB Token, may face this error in any USB Token.

Here is the link for the solution of the same: http://www.charteredinfo.com//DSC/TokenDrivers/AdobeReaderwithSecurityInstallation.zip

Above link is for complete Adobe Acrobat Reader Download with Security Installation prompting to solve above error, details document included in above link, read instructions document carefully before installation.

Q. "ePass2003" Token is not getting recognized by system.

Reason:

This problem is very rare and arises because the hardware not compatible with the latest driver version.

Resolution:

Please find the folder on the below link:
http://www.charteredinfo.com/DSC/TokenDrivers/Token-Not-Recognized.zip

If the token is not getting detected by Windows or even ePass2003 drivers, please plug in the token in USB port and try running Step 1 and then Step 2 Application from the downloaded folder.

Steps are as follows:

1. Plug In token in USB Port.
2. Run Step 1 - you will get message "Initialize Successfully". (Do not run Step 1 in case there is Certificate in token, Certificate in token will get erased - no issues in case of blank token.)
3. Run Step 2 - and on successful up-gradation of token you will get message Upgraded Successfully.

Plug out and Plug in token.
Windows/Drivers will detect the token.

Q. Token is not identifying by System

Reason:

Token drivers are not installed correctly or services are not running.

Policy or Admin Rights issue.

Same as Problem "ePass2003" Token is not getting recognized by system.

Resolution:

Make sure token driver is installed correctly and you are able to login to the token.

Verify that all required services for token is started and working fine.

These services are:

Smartcard Services {Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.}

Cryptographic Services {Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.}

Certificate Propagation Services {Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.}.

Open the Run Prompt (Window Key + 'R') and enter services.msc, Right Click on above mentioned service and select restart.

Same as Problem "ePass2003" Token is not getting recognized by system.

Q. How to verify whether Smartcard Services is running on system?
To check if the smart card services is running,
1. Press Ctrl+Alt+Del and then click 'Task Manager'.
2. In the 'Windows Task Manager Dialog Box, Click the Services Tab.
3. Click the Name column to sort the list alphabetically, and then type S.
4. In the name column, look for scardsvr, and then look under the status column to see if the services are running or stopped.

Q. How to restart Smartcard service in System?
To Restart the smart card services,
1. Start > Run > cmd, Right Click cmd.exe and then click Run as Administrator.
2. At the command prompt, type net stop scardsvr.
3. At the command prompt type net start scardsvr.
4. You can use the following command at command prompt to check whether service is running sc queryex scardsvr.

Q. Process for reinstall Smartcard Service.
Start > Run > cmd. Enter the following commands and validate by enter.
Regsvr32 C:\WINDOWS\system32\scardssp.dll (Enter) > scardsvr reinstall and press enter.

Q. How to install Smartcard Reader manually in Windows.
Open Control Panel > Systems > Device Manager. Double click other devices; Right click the Smartcard Reader Devices, and click 'Update Driver Software'. In the Update Driver Software window, click “Browse My Computer For Driver Software” and then follow the prompts to locate and install driver. When driver finish installing the Smartcard Reader Device is listed in Device Manager as Smartcard Reader. If the token device already listed in smart card reader same steps can be used for update driver.

Q. System Restore and Driver Rollback Instructions

Option 1:

Backup Your System Using System Restore.
System Restore works a lot like the Undo command in Microsoft Word. You can use System Restore to return to your previous driver version if you create a restore point prior to installing the driver. System Restore does not affect your personal data files (such as Microsoft Word documents, browsing history, drawings, favorites, or email) so you won't lose changes made to these files after the restore point is created. Windows XP steps to create a restore point (before installing the new driver):
1. Click Start
2. Point to All Programs
3. Point to Accessories
4. Point to System Tools
5. Click "System Restore"
6. Click "Create a Restore Point", and then click Next
7. Type a name to identify this Restore Point and click Create

To return to this Restore Point, from the same System Restore Wizard select “Restore My Computer to an Earlier Time”. Then select the date you created the Restore Point from the calendar in the Select a Restore Point screen. All Restore Points you created are listed by name in the list box to the right of the calendar.

Windows Vista or Windows 7 steps to create a restore point (before installing the new driver):
1. Click Start
2. Click Control Panel
3. Windows Vista: Click System and Maintenance and then System or simply System (in Classic view). Windows 7: Click System and Security and then System.
4. In the left pane, click System Protection
5. On the System Protection tab, Click Create
6. Type a name to identify this restore point and click Create

Option 2:

Roll Back To Your Previous Driver If you install the newer driver without first uninstalling the previous version, you may be able to simply roll back your driver to the previous version using these steps: Windows XP steps to roll back your driver:
1. Click Start
2. Click Control Panel
3. Click Performance and Maintenance and then System (in Category view) or System (in Classic view)
4. Select the Hardware Tab
5. Click Device Manager
6. Double-click on Smart Card Readers
7. Double-click on your token
8. Select the Driver Tab
9. Click on Roll Back Driver

Windows Vista or Windows 7 steps to roll back your driver:
1. Click Start
2. Click Control Panel
3. Windows Vista: Click System and Maintenance and then System or simply System (in Classic view). Windows 7: Click System and Security and then System.
4. In the left pane, click Device Manager
5. Double-click on Smart Card Readers
6. Double-click on your token
7. Select the Driver Tab
8. Click on Roll Back Driver

Q. Firefox Compatibility Problem

Reason:

Mozilla Firefox 3.0 version does not allow applet to access the host file system. It prevents application tools to perform certain operation. In such, case there will be alert messages like "System error: Undefined".

Suggestions:

Open Firefox Browser

In Address Bar type about:config

Then in search text area enter applet

Double click on the given result

It enables the applet to run in the browser.

Q. Verification Code (CAPTCHA) is not visible

Reason:

Verification code (CAPTCHA) is an .png image file. That are streamed from the server. The lower version browser (IE < 7.0) does not support .png image.

Windows OS is not updated with latest service pack.

Resolution:

Upgrade Internet Explorer (IE) version to latest version (IE 7.0) or above

Update Windows latest service pack.

Using Mozilla Firefox can be also one option.

Q. File Signing Failed due to Space (or) Special Characters.

Reason:

If chosen file has special characters like (& # @ ).

Resolution:

Remove the special characters from the File Name and try uploading it.

Q. "Failure! Certificate Trusted Chain Validation Failed"

Reason:

Server is not updated with the Particular Citifying Authority Root Certificates.

Resolution:

Update the CA certificate to the server repository (JKS in the java base dir).

.Get in touch with Helpdesk team of Respective Website or Application.

Q. Applet is not Started or Initialized.

Reason:

Client workstation does not contain JRE (Java Runtime environment).

The installed JRE is old version, which does not support the application implementation.

Resolution:

Download latest JRE updates from the sun java website/from the download option of the tender site and install in the client workstation.

Q. Your Browser does not support javascript.

Reason:

The computer browser is disabled with javascript option.

Resolution:

Enable the javascript option in IE.

Go to Internet Options -> security -> Custom level -> Enable scripting.

Q. Page Authorization Error.

Reason:

The logged in user does not have the access rights to view the page hence system throws page authorization error.

If any permission is not set in the configuration file.

Resolution:

The system admin has to configure the rights to a particular group of mail.

Q. Get Certificate Public Key Failed: There was an error while exporting the Key Blob .

Reason:

Required Prerequisites NxtCryptoSetup is not available or incorrect setup installed.

Resolution:

Download NxtCryptoSetup –
For ePass2003 and ePass2003Auto Click Here
For Browser Settings Click Here

Q. How to uninstall Internet Explorer 11 and restore Previous version of Internet Explorer .

Resolution:

Un-installation of Internet Explorer 11 required when some web site not compatible with this version and we need to working in previous version. First try with Development Tool if it’s not working then uninstall IE 11. Development Tools available in Internet Explorer Tool Menu. Here you found different Browser Mode. This process only works in Windows 7 not for windows 8, because Windows 8 come with IE 11.
Control Panel – Program and Features – Installed update – enter IE 11 in search box.
Right Click on entry and select uninstall.
After restart machine Go to Tools Menu > Internet Option > Advance Tab > and select Reset Button > Check the Delete Personal Settings and select Reset button.

Q. ePass2003 Token Driver for Linux and Mac OS
Linux-X86 OS: http://www.taxpro.co.in/DSC/TokenDrivers/ePass2003-Linux-i386.zip
Linux-X64 OS: http://www.taxpro.co.in/DSC/TokenDrivers/ePass2003-Linux-x64.zip
Mac OS: http://www.taxpro.co.in/DSC/TokenDrivers/ePass2003-MAC-iOS.rar

If you want the ePass2003 token could be run on Mac OS, you need to install the Mac OS driver (above link has Mac OS driver) firstly, then run it.

Q. Root Chain and Installation Process
CCA Certificates (Trusted Root Certification Authorities)
CA and Sub CA Certificates (Intermediate Certification Authorities)
Please install the CA & sub-CA certificate by following the below mentioned path.
Right click on Intermediate CA and Sub CA.p7b > Select install certificate > click on next in the import wizard > Select place all certificate in the following store > click on browse > check the check box Show physical store > select Intermediate Certification Authorities > click on OK > click on next and finish.
Please Install CCA certificate by following the below mentioned path.
Right Click on CCA.p7b > Select install certificate > click on next in the import wizard > Select place all certificate in the following store > click on browse > check the check box Show physical store > select Registry under Trusted Root Certification Authorities > click on OK > click on next and finish.

Q. Microsoft CSP option is not highlight while installing ePass2003 token driver
If Microsoft CSP option is not highlight while installing ePass2003 token driver, then download and install Patch file from link: http://www.microsoft.com/en-in/download/details.aspx?id=4670

Need a Digital Signature?Get your eMudhra and SIFY DSChere!