Securing Reference Numbers and Authorisation Codes
We need a reference number and authorisation code for activating our digital certificate. You will receive them from the Certification Authority's issuer of SIGEN-CA digital certificates:
- by e-mail you will receive your reference number and
- by registered mail your authorisation code.
You must activate the digital certificate as soon as possible, and no later than in 60 days from the issue of the reference number and the authorisation code. Until then store them in a secure place to prevent access by unauthorised persons and, at the same time, also the possibility of misuse.
After accepting the digital certificate, the reference number and the authorisation code are unusable and can be eliminated.
Storing Private Keys
It has to be ensured that unauthorised persons do not have access to your private key or the password by which it is protected. The Certification Authority recommends that you store your digital certificate and private key on a smart card. The usage of smart cards in comparison with other mediums, e.g., external drive, reduces the possibilities of misuse.
For the usage of web digital certificates, follow SIGEN-CA Policy (chapter Security Requirements for the Certificate Holder) and the instructions for storing private keys on a smart card. If you are not going to use the smart card, despite the recommendation, follow the instructions for storing private keys on a external drive (in the browser base). For secure use of passwords, follow the instructions for using passwords.
Storing Private Keys on a Smart Card
The usage of smart cards for storing private keys and profiles ensures that private keys are never exported to the memory of the computer or on a disc, where they could be accessed by unauthorised persons. Keys are generated on a smart card and are also stored there. Unauthorised persons can use your digital certificate and private keys, if they know your password or your PIN code. A smart card must be stored securely, so that authorised persons do not have access to it.
Follow the instructions for secure passwords, when creating one for securing a smart card.
Using Smart Cards
Choose a smart card, which corresponds to your computer system and your browser for storing 2048 bits RSA key. Before using your smart card, it is necessary to install a smart card reader, i.e., a device, which is connected to the computer - and when a digital certificate is used, a smart card is inserted into it.
Follow the manufacturer's instructions of smart cards in detail and in accordance with instructions for software. Use the smart card in accordance with the manufacturer's instructions of smart cards.
The technology of smart cards disables the making of back-up copies.
Storing Private Keys on a External Flash Drive
If you, despite the recommendation, do not use smart cards, you can store the digital certificate and your private key on the disc of your computer or in the base of your browser. However, this will increase the possibility of misuse by unauthorised persons in comparison with the usage of smart cards.
It is important that you secure your private key by a good password, following the instructions for the browser you are using.
It is recommended that you make a security copy on a external flask drive (USB), provided that you have the means. Use your USB as stated in the manufacturer's instructions.
If you do not have the possibility of storing a back-up copy of your digital certificate and private key on a USB, you can make a back-copy on a external drive, but this is a less reliable and less durable medium for storing back-up copies of your private keys. Use your external drive in accordance with manufacturer's instructions.
You have to store your back-up copy, on USB or external drive, in a secure place to prevent misuse.
Create passwords considering the following:
- miscellaneous use of Uppercase and Lowercase letters, numbers and special characters,
- password, made up of at least 8 characters,
- avoid using words, which are written in the dictionaries.
We recommend that you memorise your password and not write it down. If you write the password down, store it in a place, where it can be accessed only by you.
Protection of Web Certificates with Passwords
If you activated your web page with MS Internet Explorer and did not choose a high level of protection for your certificate (your certificate is not protected with a password), then your certificate can be misused by anyone, who has access to your computer.
You can protect your certificate also later by exporting it and then importing it. During the process of importation the high level of protection must be chosen.
In Mozilla Firefox browser you can set or change password through menu Preferences -> Privacy&Security -> Master Password.
- Use browsers that support strong encryption. Follow the instructions for using browsers.
- Use manufacturer's instructions and instructions for storing private keys on a smart card.
- Follow and consider the notices of the SIGEN-CA group.
Acting in Cases of Changes and Misuse
If changes occur that are connected with digital certificates, misuse or possibilities of misuse, you must inform SIGEN-CA immediately.
In cases of misuse or possibilities of misuse, file an application form for revocation of certificate, in person or via e-mail, or call the duty number for revocation of certificates: +386-1-4788-777.