STEP 2: Make online Payment

After submiting the online application, you can make online payment to eMudhra CSL.

STEP 3: Submit application form and other documents

Please sign and submit the printed application form to the Pickup agent (* only in selected cities in India) along with the supporting documents as per the requirements.

Document List for User Type - Individual:

ID PROOF:

Passport, Driving License, PAN Card, Post Office ID card, Bank Account Passbook containing the photograph and signed by an individual with attestation by the concerned Bank official, Photo ID card issued by the Ministry of Home Affairs of Centre/State Governments, Any Government issued photo ID card bearing the signatures of the individual

(Any one of the above)

ADDRESS PROOF:

Telephone Bill, Electricity Bill, Water Bill, Gas connection, Bank Statements signed by the bank, Service Tax/VAT Tax/Sales Tax registration certificate, Driving License/RC, Voter ID card, Passport, Property Tax/ Corporation/ Municipal Corporation Receipt

(Any one of the above)

Document List for User Type - Organisation:

  1. Any one ID proof has to be provided from the above mentioned ID proof check list.
  2. True copy of:
    • Certificate of Incorporation or Memorandum of Association or Regd Partnership Deed or Valid Business License.

      (Any one of the above)

  3. True copy of:
    • Annual Report or Latest Income Tax Return or Latest Organization Bank details from the Bank or Statement of Income issued by Chartered Accountant.

      (Any one of the above)

  4. Attested Copy of the Organization PAN Card
  5. Authorization letter in favor of the certificate applicant from the Organization as per format below
  6. List of Partners/Members/Directors with their complete name and address details

List of supporting documents

Document List for User Type - Individual:

ID PROOF:

Passport, Driving License, PAN Card, Post Office ID card, Bank Account Passbook containing the photograph and signed by an individual with attestation by the concerned Bank official, Photo ID card issued by the Ministry of Home Affairs of Centre/State Governments, Any Government issued photo ID card bearing the signatures of the individual

(Any one of the above)

ADDRESS PROOF:

Telephone Bill, Electricity Bill, Water Bill, Gas connection, Bank Statements signed by the bank, Service Tax/VAT Tax/Sales Tax registration certificate, Driving License/RC, Voter ID card, Passport, Property Tax/ Corporation/ Municipal Corporation Receipt

(Any one of the above)

Document List for User Type - Organisation:

  1. Any one ID proof has to be provided from the above mentioned ID proof check list.
  2. True copy of:
    • Certificate of Incorporation or Memorandum of Association or Regd Partnership Deed or Valid Business License.

      (Any one of the above)

  3. True copy of:
    • Annual Report or Latest Income Tax Return or Latest Organization Bank details from the Bank or Statement of Income issued by Chartered Accountant.

      (Any one of the above)

  4. Attested Copy of the Organization PAN Card
  5. Authorization letter in favor of the certificate applicant from the Organization as per format below
  6. List of Partners/Members/Directors with their complete name and address details

Usage in EPFO

Digital Signature Certificate and Employer Online Transfer Claim Portal:

Employer now can see all claim requests with ease, verify/correct member details, approve and submit the requests through employer online transfer claim portal. For online submission of the claims, the digital signature of the authorized person is required. The authorized signatory needs to use either Class 2 or Class 3 digital signature certificate issued by a licensed certifying authority such as eMudhra for digitally signing at EOTC portal.

    • A Class 2 Digital Signature Certificate is available for download after verification based on a trusted and pre-verified database.
    • A Class 3 Digital Signature Certificate, on the other hand, is of a higher level as it is issued only after the registrant’s identity verification has been done by authorized agent.

STEP 4: Get details to download certificate

Once the application is approved, the login credentials will be sent to the Registered Email ID

STEP 5: Download Certificate

  1. Visit www.e-mudhra.com and then click on Download DSC/Download Now.
  2. Enter the Application id and Challenge code received from eMudhra via email along with your Date of Birth and then click on "Submit" to proceed for download of digital signature certificate.
  3. Click here to download DSC Download User Manual for Soft Token.
  4. Click here to download DSC Download User Manual for Hard Token.

STEP 6: Register your certificate

Login to Employer Online Transfer Claim Portal and digital signature, register certificate, fill the mandatory details, select the token type, select certificate and register online.

Application form download

Click on the below links to download the application for the DSC you wanted to apply:

  1. Application form for Class 2 Gold and 3 Platinium Individual
  2. Application form for Class 2 Gold and 3 Platinium Organization

DSC Download Instruction Manual

Click on the below links to download the instruction manual for soft and hard token:

  1. Soft Token DSC download manual
  2. Hard Token DSC download manual

Registering DSC in EOTC Portal

Click on the below link to download the user manual for registering DSC in Employer Online Transfer Claim Portal introduced by EPFO:

  1. PF portal DSC registration Manual

Bulk Purchase

For bulk purchase of DSC please contact Mr. Sadananda Sagar at +91 9986271535 or sadananda.k@emudhra.com.

Digital Signature General

What is a Digital Signature?

A digital signature mimics in the virtual environment the function of a hand-written signature in printed documents. Information related to a unique user is encrypted in a private key that is appended to any message sent by this user. It authenticates the identity of the user and guarantees the integrity of the message.

What is a Digital Signature Certificate (DSC)?

A digital certificate is an electronic equivalent of an identification card such as a passport or driving license. It unequivocally establishes the identity of the user when exchanging information over the internet.

Why do I need a digital certificate?

A Digital Certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a digital certificate. You can use certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message.

Where can I purchase a digital certificate?

Digital Certificates are issued only through a valid Certification Authority (CA), such as e-Mudhra. A digital certificate explicity associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes.

The private key of the CA is integral to the certificate and is kept secret, while the public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Digital certificates can be used for signing email, encrypting messages, executing electronic financial transactions, e-commerce, securing web servers and much more.

e-Mudhra, a Certification Authority (CA), offers secure digital signatures through various options tailored to suit individual as well as organizational needs.

Where can I use digital certificates?

You can use Digital Certificates for the following:

  • For secure email and web-based transactions, or to identify other participants of web-based transactions.
  • To prove ownership of a domain name and establish SSL / TLS encrypted secured sessions between your website and the user for web based transactions.
  • As a developer, for proving authorship of a code and retaining integrity of the distributed software programs.
  • For signing web forms, e-tendering documents, filing income tax returns, to access membership-based websites automatically without entering a user name and password etc.
How does a Digital Signature work?

A digital certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, email address, the date the certificate was issued and the name of the Certifying Authority that issued it.).

These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a smart card. The user retains control of the private key; it can only be used with the issued password.

The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.

Are Digital Signatures legally valid in India?

Yes, subsequent to the enactment of Information Technology Act 2000 in India, Digital Signatures are legally valid in India.

What is the difference between a Digital Signature and a Digital Signature Certificate?

A digital signature is an electronic method of signing an electronic document whereas a Digital Certificate is a computer based record that

  • Identifies the Certifying Authority issuing it
  • Has the name or the identity of its subscriber
  • Contains the subscriber's public key
  • Is digitally signed by the Certifying Authority issuing it
What are personal certificates?

Personal certificates serve to identify a person. They can be used to secure e-mail correspondence or provide enhanced access control to sensitive or valuable information.

What is the difference between signing and encrypting an e-mail?

Signing an e-mail message means that you attach your Digital Certificate to it so that the recipient knows it came from you and was not tampered with en-route to their inbox. Signing authenticates a message, but it does not provide protection against third party monitoring.

Encrypting a message means scrambling it in such a way that only the designated recipients can unscramble it. This safeguards messages against monitoring or interception. In order to send a signed message, you must have a Digital Certificate. Since message encryption is done using specific keys available in the certificate, you cannot encrypt a message unless you possess the recipient's Digital Certificate.

Can I send a secure e-mail to someone who does not have a Digital Certificate?

You can digitally sign any e-mail as long as the recipient has an e-mail application, which supports S/MIME. However, you cannot encrypt a message, unless you have the recipient's Digital Certificate.

How do I know if the e-mail I have received is digitally signed or encrypted?

Microsoft Internet Explorer Users: Signed messages will be shown in the inbox (or any other folder) with a red ribbon on the envelope icon. Encrypted messages will show a padlock on the envelope icon.

Netscape Communicator Users: Any signed e-mail you receive will have a prominent icon in the upper-right corner of the message saying "signed" or "encrypted" or both. If you want more information about the security of a message, click on the Security button (padlock icon) above the message.

Digital Signature Usage

Can I use one digital certificate for multiple e-mail addresses?

No, you cannot. A digital certificate e-mail address combination is unique.

What is the scope of using digital signatures for e-tendering systems?

Digital signatures for e-tendering are allowed, though with limited scope. The following transactions/instruments are not recognized as per the IT Act 2000:

  • Negotiable Instrument as defined in section 13 of 26 of 1881. The Negotiable Instrument Act, 1881.
  • A Power-of-Attorney.
  • Succession Act/Will.
  • Transfer of Immovable property
  • Trust
Can digital signatures be used in wireless networks?

Yes, digital signatures can be employed in wireless networks.

I have purchased a Digital Certificate as an individual. Can I use it for my website?

No, you cannot use a Digital Certificate that has been purchased by you as an individual for your website. A Digital Certificate meant for use by an individual is applicable to sending and receiving secure email and executing personal web-based transactions through web browsers. If you require a Digital Certificate for your website, you need to purchase one that is specific to the functionality of the web-based transactions handled on your website.

Am I allowed to use one web server certificate (SSL) for more than one website?

No. You will not be able to use one certificate on different websites because the certificate is explicitly associated with the exact host and domain name.

Is the information contained in my Digital Certificate automatically sent to the websites I visit?

No, you control the presentation of your Digital Certificates to websites through the settings in your web browser.

To define whether or not you would like your Digital Certificate to be sent automatically to the websites you access, the set up procedure is as follows:

Microsoft Internet Explorer Users: Internet Explorer always asks you whether to send Digital Certificate information to any website requesting it, and allows you to choose which Digital Certificate to use (if you have more than one installed).

Netscape Communicator Users:

1 Click on the Security Preferences button (the one that looks like a padlock) on the Main toolbar.
2 Click Navigator from the menu on the left.
3 From the "Default Certificate to present to websites" pop-up list, select one of the available options:
  • Digital Certificate to use automatically
  • Ask every time (the default setting)
  • Let Navigator choose

Regulatory

What is a Certifying Authority (CA)?

A Certifying Authority is a trusted agency whose central responsibility is to issue, revoke, renew and provide directories for Digital Certificates. According to Section 24 of the Information Technology Act 2000, "Certifying Authority" means a person who has been granted a license to issue Digital Signature Certificates.

Who can be a Certifying Authority (CA)?

The IT Act 2000 details the prerequisites of a CA. Accordingly, a prospective CA has to establish the required infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities. Subsequent to complete compliance of all requirements, a license to operate as a Certifying Authority can be obtained. The license is issued by the Controller of Certifying Authority, Ministry of Information Technology, Government of India.

What is a Registration Authority (RA)?

A RA (Registration Authority) is an agent of the Certifying Authority who collects the application forms and related documents for Digital Certificates, verifies the information submitted and approves or rejects the application based on the results of the verification process.

How does one become a Registration Authority (RA)?

e-Mudhra has a Partner Program through which various individuals or organizations can join the country-wide network of Registration Authorities. The applicants need to meet certain eligibility criteria that include being involved in any one of the following businesses/services:

  • KYC services
  • Already a Registration Authority
  • Service providers for Mutual Funds, Data Entry, Courier, AVCV, DSA (Bank), PAN
  • Collection and Cash Management or any other similar FOS [Feet on Street] service

e-Mudhra reserves the right to accept or reject applications.

What is the role of CCA?

The Controller of Certifying Authorities (CCA) is a Government of India undertaking that is involved in the monitoring and compliance of online security policy implementations in the country. These controls include

  • CA key generation, storage, backup and recovery
  • CA public key distribution and escrow
  • CA key usage, destruction and archival
  • CA cryptographic hardware life cycle management
  • CA-provided subscriber key management
  • Certification practice statement and certificate policy management
What is NRDC?

In accordance with Section 20 of the IT Act, NRDC is a national repository maintained by the CCA that contains all Digital Certificates and CRLs issued by all the licensed CAs. It also contains all the Digital Certificates and CRLs issued by the CCA through its RCAI. All Relying Parties are allowed to verify the authenticity of a CA's public keys from this repository.

What is RCAI?

RCAI is the Root Certifying Authority of India. It was established by the CCA under Section 18(b) of the IT Act and is responsible for digitally signing the public keys of all the licensed CAs in the country.

The RCAI root certificate is the highest level of certification in the country. The RCAI root certificate is a self-signed certificate.

The key activities of the RCAI include:

  • Digitally signing licenses issued by CCA to CA
  • Digitally signing public keys corresponding to private keys of a CA
  • Ensuring availability of these signed certificates for verification by a Relying Party through the CCA or CA website

Certificate Management

Some of the details in my Digital Signature Certificate are incorrect. Can these be corrected?

No, details cannot be changed. You need to revoke the current certificate and apply for a new one by following the same process as the one you used for the earlier certificate. eMudhra provides a facility where in you can check for the correctness of your details just before downloading of the digital signature certificate. If you are not satisfied with your details displayed, you can reject the application.

What is Certificate Revocation?

A Digital Signature Certificate can be revoked under circumstances such as the following

  • Users suspect compromise of certificate private key.
  • Change of personal data.
  • Change of relationship with the organization.
How do I revoke my current Digital Signature Certificate, and how long does it take?

Revocation of Certificates can be done either online www.e-Mudhra.com portal or by contacting the nearest RA. The revocation request will be processed within two working days from the receipt date.

Can someone other than the subscriber revoke a certificate?

No, revocation is restricted to:

  • The Subscriber in whose name the certificate has been issued.
  • A duly authorized representative of the subscriber.
  • Authorized personnel of e-Mudhra CA or RA when the subscriber has breached the agreement, regulation, or law that may be in force
Where can I check whether my e-Mudhra Digital Signature Certificate is revoked or not?

Users can check the status of revocation request from the Certificate Revocation List published in www.e-Mudhra.com.

How can I renew my Digital Signature Certificate?

You can visit e-mudhra.com portal for renewal of your Digital Signature Certificate.

How do I protect my Digital Signature Certificate/Private key?
  • Protect your computer from unauthorized access by keeping it physically secure.
  • Use access control products or operating system protection features (such as a system password)
  • Always protect your private key with a good password
  • It is better download the digital signature certificate on to the crypto token which is more secure and tamper proof
What do I do if someone copies my Digital Signature Certificate?

Your Digital Signature Certificate cannot be used without your private key. To maintain security, your private key should be protected by a password and never sent across any network. However, you do want your Digital Signature Certificate (which contains your public key) to be available to other users so that they can verify your right to use the Digital Signature Certificate, decrypt messages that you have encrypted with your private key, and verify your digital signatures.

Can more than one person store their Digital Signature Certificate on a computer?

Yes. More than one digital signature certificate can be stored on a computer

I have forgotten my private key password. Can someone change it for me?

No. If you have forgotten your private key password, you will have to apply for a new Digital Signature Certificate

I have lost the Smart Card / USB Token containing my certificate and cryptographic keys. What do I do?

Please contact your nearest RA Administrator immediately to get your certificate suspended to avoid unauthorized access to it.

Will I lose my Digital Signature Certificate if my hard drive is formatted or crashed?

If you have a soft token and if the hard drive is formatted or has crashed, the Digital Signature Certificate will be deleted.

I accidentally deleted my Digital Signature Certificate from my PC hard disk drive. What should I do now?

Once your Digital Signature Certificate and key files have been deleted, damaged or overwritten, there is no way to reactivate your Digital Signature Certificate. You need to revoke your Digital Signature Certificate and then enroll for a new one.

Once your Digital Signature Certificate and key files have been deleted, damaged or overwritten, there is no way to reactivate your Digital Signature Certificate. You need to revoke your Digital Signature Certificate and then enroll for a new one.

Web Browser Related

Certificate Installation

How do I install my Digital Signature Certificate?

Currently, e-Mudhra handles installation of all certificates (Root, CA and your Digital Signature Certificate) during download of digital signature certificate.

I deleted Microsoft Internet Explorer and installed the latest version. How do I reinstall my Digital Signature Certificate?

Before installation of latest version, if you have not backed up your certificate, you need to request for a new Digital Signature Certificate

I deleted Netscape Navigator and installed the latest version. How do I reinstall my Digital Signature Certificate?

Before installation of latest version, if you have not backed up your certificate, you need to request for a new Digital Signature Certificate.

A more suitable alternative is to upgrade Navigator with the Netscape installer so that your personal information, including your Digital Signature Certificate and private key are preserved. In the future, you should use this installer when upgrading Navigator.

eMudhra Class 2 or above Digital Signature Certificate acceptable at Employer Online Transfer Claim Portal
Get your Digital Signature Certificate for “Employer Online Transfer Claim Portal-EPFO” in six simple steps: