Order your EU Qualified Personal Organisation certificate
CertCentral Europe: Learn how to order an EU Qualified Personal Organisation certificate
An EU Qualified Personal Organisation is an eIDAS certificate issued to a natural person who is an employee or representative of an organisation and used to apply electronic signatures. You can get one that applies Qualified electronic signatures (QCP-n-qscd) or applies advanced electronic signatures.
The EU Qualified Personal Organisation certificate is only available in DigiCert's European instance of CertCentral, where we store your data in our Europe data centers. To learn more about DigiCert privacy policy and data collection, see EU (eIDAS) products.
Before you begin
Key provisioning methods and associated certificate uses
When ordering your EU Qualified Personal Organisation certificate, you must choose your provisioning method and certificate use. The provisioning method refers to where you will store the certificate's private key. The certificate use refers to what you want to use the certificate for.
Qualified signature/seal creation device (QSCD) key provisioning method
Certificate use: Apply Qualified electronic signatures.
DigiCert sends the subject individual an email to verify their shipping address.
DigiCert generates the private key on the QCSD hardware token and ships it to the subject individual.
Use the DigiCert Trust Assistant to initialize your token and install your certificate on it. See Certificate issuance below.
Certificate signing request (CSR) key provisioning method
Certificate uses: Apply advanced electronic signatures. We also offer advanced authentication and encryption options.
DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate. See Certificate issuance below.
Organization validation
Before DigiCert can issue an EU Qualified Personal Organisation certificate, we must validate the organization for QCP-N. See How do we validate your organization.
If you add a new organization or an organization with expired validation, DigiCert will complete the organization validation as part of the order process.
Order an EU Qualified Personal Organisation certificate
In CertCentral Europe, in the left menu, go to Request a Certificate > EU (EIDAS) > EU Qualified Personal Organisation.
On the Request an EU Qualified Personal page, in the For menu, select the division to manage the certificate.
The For menu only appears if your account uses Divisions.
Certificate validity
In the Certificate Settings section, under Certificate validity, select a validity period for the certificate: 1 year, 2 years, 3 years, Custom expiration date, or Custom length.
Key provisioning method
Select the key provisioning method for your EU Qualified Personal certificate.
The provisioning method refers to where you will store the certificate and its private key. The provisioning method determines what you can use the certificate for.
Qualified signature/seal creation device (QSCD)
Select this option to apply Qualified electronic signatures, where your private key and certificate must be stored on a QSCD.
Then, select a Shipping Method, and under Shipping address, add the subject individual's shipping information: recipient's name and the address where you want us to send the hardware token.
Provide certificate signing request (CSR)
Select this option to apply advanced electronic signatures or for an advanced authentication or encryption certificate, where you provide the CSR and are responsible for securely storing the certificate and its private key.
DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate
Certificate uses
Select a use for your certificate. You can only select one certificate use per certificate.
EU Qualified Electronic Signature
Get an eIDAS Qualified certificate (QCP-n-qscd) issued to a natural person who is an employee or representative of an organisation and used to apply a Qualified Electronic Signature (QES). Available with the Qualified signature/seal creation device (QSCD) key provisioning method.
Advanced Electronic Signature
Get an eIDAS Qualified certificate issued to a natural person who is an employee or representative of an organisation for advanced electronic signatures. Available with the Provide certificate signing request (CSR) key provisioning method.
Authentication
Get an eIDAS certificate (QCP-n) issued to a natural person who is an employee or representative of an organisation for authentication. Available with the Provide certificate signing request (CSR) key provisioning method.
Encryption
Get an eIDAS Qualified certificate (QCP-n) issued to a natural person who is an employee or representative of an organisation for encryption. Available with the Provide certificate signing request (CSR) key provisioning method.
Additional certificate options
Signature Hash
By default, DigiCert issues RSA certificates with a SHA-256 signature hash and RSA signing algorithm. We recommend using the default RSA settings unless you have specific reasons for using a different key size or signing algorithm (for example, company policy requires an RSASSA-PSS signature).
In the menu, select the signature hash and signing algorithm you want DigiCert to use for your certificate:
sha256WithRSA
sha256WithRSAPSS
Certificate details - Subject individual
Add the information about the subject individual to be included on the certificate. The subject individual is the holder of the certificate. Specific information about the individual will be included on the certificate. You can add a new subject individual or an existing subject individual used previously.
Under Certificate details, select Add subject individual. In the Add subject individual window, complete the tasks below as needed.
Add a new subject individual
DigiCert must validate the subject individual before we can issue your certificate. Accurate information makes validating the individual easier, leading to faster certificate issuance. Verify that the details are correct, including spelling and punctuation.
Select Create new subject individual and then Next.
In the Add subject individual window provide the individual's name.
Given name
You may include a middle name and initials. Do not include titles or prefixes, such as "Dr.".
Surname
You may include generational suffixes, such as “Sr.” and “III”.
Select the Common Name to be included on the certificate:
Given name + Surname (recommend)
You may include the given name + surname as the common name.
Preferred name
You may include a preferred name as the common name. You may include titles, prefixes, professional and academic suffixes, abbreviations, and accreditations.
Note: Adding a preferred name requires additional validation and may delay certificate issuance.
Enter the following information about the subject individual as required:
Job title (optional)
You may include the subject individual's job title on the certificate.
Adding a job title is optional, and you can leave this field empty.
Including a job title requires additional validation and may delay certificate issuance.
Country code
Country code for the individual's phone number.
Phone number
Phone number for the individual.
Country
Country where the individual resides.
City
You may include the city where the individual resides.
Adding a city is optional, and you can leave this field empty.
Including a city requires additional validation and may delay certificate issuance.
State, province, or region
State, province, or region where the individual resides.
Postal code
Postal code where the individual resides.
Approval email
DigiCert uses this email address to process your request.
Note: This email does not appear on the certificate.
When ready, select Add.
Add an existing subject individual
Select Use previous subject individual.
In the menu, select the subject individual.
Under Common Name, select the name to include on the certificate:
Given name + Surname
Preferred name
Select Add.
Certificate details – Organization
Add the information about the organization to which the subject individual is a valid employee or company representative and is included in official company registries. Specific information about this organization will be included on the certificate.
You can add an existing organization from your account or a new organization. If you add a new organization, it gets added to your account.
Under Certificate details, select Add an organization. In the Add organization window, complete the following task as needed:
Add an existing organization
Select Existing organization.
In the Organization menu, select the organization and then select Add.
If you choose an organization not validated for EU (eIDAS) certificates or the organization's validation has expired, DigiCert must validate the organization for QCP-N validation before we issue your certificate.
Add organization and technical contacts.
DigiCert automatically adds the contacts assigned to the organization to the request form. To see the organization and technical contacts, select Show organization contacts.
Add a new organization
Select New organization.
DigiCert must validate the new organization for QCP-N validation before we can issue your certificate. Learn more about organization validation.
Certificate details
Under Certificate details, enter the information below as needed. This information about the organization appears on the certificate.
Legal name
Organization name exactly as it appears in corporate registries, such as local government registration records.
Assumed name (optional)
Assumed name or doing business as name.
Note: Adding an assumed name requires additional validation, which may delay organization validation and certificate issuance.
Country
Country where the organization is legally located.
City
City where the organization is legally located.
State / Province / Region
State, province, region where the organization is legally located.
Organization details
Under Organization details, add the information below as needed and then select Add. This information is needed to validate the organization and will not appear on the certificate.
Address 1
The address where the organization is legally located.
Address 2 (optional)
Additional address in formation, such as a Suite #.
Postal code (optional)
Postal code where the organization is legally located.
Country code
Country code for the organization's phone number
Phone number
Organization's phone number.
Note: DigiCert must call a verified organization phone number to confirm your authority to order a certificate for the organization. We verify this phone number against online third-party address listing sources like Google Business. Learn how we confirm your authority
Contacts – authorized representative
You can add an existing authorized representative or a new one. You must add at least one authorized representative to your certificate request. However, you can add up to 15.
重要
What is an authorized representative and why do I need to add one
The authorized representative is in the company registry, represents the organization, and has the authority to approve your EU Qualified Personal Organisation certificate requests. Before DigiCert can issue your certificate, one of the authorized representatives in your request must approve the order.
DigiCert validates all the authorized representatives in your request. Then, we send them the approval email and wait for one of them to approve your order. Only after one of the representatives approves the order can DigiCert issue your certificate.
Under Contacts, select Add authorized representative. In the Add authorized representative window, complete the following task as needed:
Add an existing authorized representative
Select Existing contact.
In the Contacts menu, select the contact you want to use as the authorized representative for this request.
Note: If you select a contact who is not an existing authorized representative, we must validate them.
Select Add.
Add a new authorized representative
Select New contact.
Enter the contact's first and last name, job title, email address, and phone number, and then select Add.
Contacts – organization contact
The organization contact is the person we contact when validating the organization and verifying your authority to order a DigiCert certificate for the organization. They may also receive the following notifications: Order status updates for certificates requested for their organization and Domain status updates for domains associated with their organization.
When you add a new organization, DigiCert automatically adds the certificate requestor as the organization contact. When you add an existing organization, DigiCert automatically adds the contacts assigned to the organization to the request form.
To use a different organization contact
To delete the organization, contact that is automatically populated for you, select the trashcan image.
Select Add contact.
If you've already added a technical contact, select Add Organization Contact.
In the Add Contact window, in the Contact Type menu, select Organization Contact.
Add the contact:
Add an existing contact
Select Existing Contact. In the Contacts menu, select a contact and select Add.
Add new contact
Select New Contact, enter the contact's first and last name, job title, email address, and phone number, and then select Add.
Contacts – technical contact
We may contact a technical contact for inquiries regarding certificate orders for the organization. They may receive the certificate lifecycle-related emails: certificate issued, reissued, and expiring.
When adding an existing organization, DigiCert automatically adds the contacts assigned to the organization to the request form.
To delete the existing technical contact that is populated automatically for you, select the trashcan image.
Select Add contact.
If you've already added an organization contact, select Add Technical Contact.
In the Add Contact window, in the Contact Type menu, select Technical Contact.
Add the contact:
Add an existing contact
Select Existing Contact. In the Contacts menu, select a contact and select Add.
Add new contact
Select New Contact, enter the contact's first and last name, job title, email address, and phone number, and then select Add.
Additional emails (optional)
Enter the email addresses of the people you want to receive the certificate issuance, expiring certificate, and expiring order notifications. Use a comma to separate addresses or enter them on separate lines.
These recipients don't manage the order. They only receive all the certificate-related emails.
Additional order options – Order Specific Renewal Message
To create a renewal message for this certificate, enter a renewal message with information that might be relevant to the certificate’s renewal.
Note: Comments and renewal messages are not included in the certificate.
Select payment method
Under Payment information, select a payment method to pay for the certificate.
Master Services Agreement and Qualified Certificate Terms of Use
Read the Master Services Agreement and the Qualified Certificate Terms of Use and select the following options to continue:
I have read and agree with the Master Services Agreement
I have read and agree with the Qualified Certificate Terms of Use that apply to the eIDAS, PKIoverheid, or Swiss Qualified Certificate requested.
Select Submit request.
What's next
CertCentral takes you to the certificate’s Order # details page, where you can see the status of your certificate order.
Complete the individual identity validation
Before we can issue you certificate, DigiCert must validate the subject individual on the certificate using one of the identity verification processes below.
Remote Identity Verification (RIV)
The RIV method allows you to complete the identity validation process at your convenience. Only available with some certificate issuance processes.
Face-to-face
The face-to-face method requires you to meet in person with an authorized professional who can verify you are who you say you are. The professionals authorized to verify your identity differ depending on where you reside.
Complete organization validation
DigiCert must validate and authenticate your authority to order a certificate for the organization on your certificate order. To do this, we will call a verified phone number to speak with someone who represents you, the certificate requestor, such as the organization or technical contact.
To get organization consent for your certificate order:
Answer the organization/validation phone call (preferred method)*.
After you submit your certificate order, ensure that the organization contact, technical contact, and company receptionist know you’ve ordered an EU Individual in Organisation certificate.
Let them know DigiCert will call a verified phone number to speak with one of them to complete organization validation/authentication.
This phone call usually takes place within 24 hours of the order being placed.
Respond to the organization consent message.
If the DigiCert validation agent can’t reach someone who represents you at the verified phone number, they will leave a message with a call-back phone number and a verification code.
Make sure that the organization or technical contact responds to the message and provides the verification code.
Certificate issuance
Once the validation process is complete, we will issue your certificate.
eIDAS Qualified certificate (QCP-n-qscd) to apply a Qualified Electronic Signature (QES)
If you ordered an eIDAS Qualified certificate (QCP-n-qscd) to apply a Qualified Electronic Signature (QES), DigiCert sends an email to the subject individual to verify their shipping address.
After verifying the shipping address, we create the private key on the hardware token and ship it to the subject individual. On your certificate's order details page, you can track your QSCD token shipment.
After receiving the qualified signature/seal creation device (QSCD) and getting the PIN for it, return to CertCentral and download and install the DigiCert Trust Assistant. Then use the DigiCert Trust Assistant to unlock and install the certificate on your QSCD token.
Why do I need to install DigiCert Trust Assistant?
The DigiCert Trust Assistant ensures that the public key in your certificate matches the private key in your QSCD token. If the keys don’t match, DigiCert Trust Assistant won’t install the certificate on the token, adding another layer of security to your certificate process. Learn more about the DigiCert Trust Assistant.
Advanced certificate: Apply advanced electronic signature
If you ordered an eIDAS Qualified certificate (QCP-n) to apply advanced electronic signatures or for authentication or encryption, DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate.
They must do one of the following:
Use the DigiCert key-gen tool to create a CSR and generate the certificate.
With this option, our key-gen tool creates and downloads a .p12 file containing the private key and certificate on the computer used to access this page. We will also email you a copy of the certificate.
Upload a CSR and generate the certificate.
With this option, you provide the CSR. DigiCert then issue your certificate and downloads it as a .p7b file on the computer used to access this page. We will also email you a copy of the certificate.
You can only use your certificate when installed on the computer where you generated the CSR and securely stored your private key.