Order your EU Qualified Personal Organisation certificate
An EU Qualified Personal Organisation is an eIDAS certificate issued to a natural person who is an employee or representative of an organisation and used to apply electronic signatures. You can get one that applies Qualified electronic signatures (QCP-n-qscd) or applies advanced electronic signatures.
The EU Qualified Personal Organisation certificate is only available in DigiCert's European instance of CertCentral, where we store your data in our Europe data centers. To learn more about DigiCert privacy policy and data collection, see EU (eIDAS) products.
Before you begin
When ordering your EU Qualified Personal Organisation certificate, you must choose your provisioning method and certificate use. The provisioning method refers to where you will store the certificate's private key. The certificate use refers to what you want to use the certificate for.
Key provisioning methods and associated certificate uses
Qualified signature/seal creation device (QSCD) key provisioning method
Certificate use: Apply Qualified electronic signatures.
DigiCert sends the subject individual an email to verify their shipping address.
DigiCert generates the private key on the QCSD hardware token and ships it to the subject individual.
Use the DigiCert Trust Assistant to initialize your token and install your certificate on it. See Certificate issuance below.
Certificate signing request (CSR) key provisioning method
Certificate uses: Apply advanced electronic signatures. We also offer advanced authentication and encryption options.
DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate. See Certificate issuance below.
Organization validation
Before DigiCert can issue an EU Qualified Personal Organisation certificate, we must validate the organization for QCP-N. See TLS organization validation process.
If you add a new organization or an organization with expired validation, DigiCert will complete the organization validation as part of the order process.
Order an EU Qualified Personal Organisation certificate
In the CertCentral (Europe) main menu, go to Request a Certificate > EU (EIDAS) > EU Qualified Personal Organisation.
On the Request EU Qualified Personal Organisation certificate page, in the For menu, select the division to manage the certificate.
The For menu only appears if your account uses Divisions.
Under Certificate Settings section, under Certificate validity, select a validity period for the certificate: 1 year, 2 years, 3 years, Custom expiration date, or Custom length.
Select Key provisioning method for your EU Qualified Personal Organisation certificate:
Qualified signature/seal creation device (QSCD)
Select this option to apply Qualified electronic signatures, where your private key and certificate must be stored on a QSCD.
Select a Shipping Method and enter the subject individual's shipping information under Shipping address: recipient's name and the address where you want DigiCert to send the hardware token.
Provide certificate signing request (CSR)
Select this option to apply advanced electronic signatures, or for an advanced authentication or encryption certificate, where you provide the CSR and are responsible for securely storing the certificate and its private key.
DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate.
Select a certificate use for your order. You can only select one certificate use per certificate:
EU Qualified Electronic Signature
Get an eIDAS Qualified certificate (QCP-n-qscd) issued to a natural person who is an employee or representative of an organisation and used to apply a Qualified Electronic Signature (QES). Available with the Qualified signature/seal creation device (QSCD) key provisioning method.
Advanced Electronic Signature
Get an eIDAS Qualified certificate issued to a natural person who is an employee or representative of an organisation for advanced electronic signatures. Available with the Provide certificate signing request (CSR) key provisioning method.
Authentication
Get an eIDAS certificate (QCP-n) issued to a natural person who is an employee or representative of an organisation for authentication. Available with the Provide certificate signing request (CSR) key provisioning method.
Encryption
Get an eIDAS Qualified certificate (QCP-n) issued to a natural person who is an employee or representative of an organisation for encryption. Available with the Provide certificate signing request (CSR) key provisioning method.
Under Additional certificate options, select the Signature Hash and signing algorithm for your certificate:
sha256WithRSA
sha256WithRSAPSS
As a best practice, use the default RSA settings unless you have specific reasons for a different key size or signing algorithm, for example company policy requires an RSASSA-PSS signature.
Under Certificate details, select Add subject individual. In the Add subject individual window, add the information about the subject individual to be included on the certificate.
Add a new subject individual
DigiCert must validate the subject individual before issuing your certificate. Accurate information makes validating the individual easier and leads to faster certificate issuance. Verify that the details are correct, including spelling and punctuation.
Select Create new subject individual and then Next.
In the Add subject individual window provide the individual's name.
Given name
You may include a middle name and initials. Do not include titles or prefixes, such as "Dr.".
Surname
You may include generational suffixes, such as “Sr.” and “III”.
Select the Common Name to be included on the certificate:
Given name + Surname (recommend): You may include the given name + surname as the common name.
Preferred name: You may include a preferred name as the common name. You may include titles, prefixes, professional and academic suffixes, abbreviations, and accreditations.
Notice
Adding a preferred name requires additional validation and may delay certificate issuance.
Enter the following information about the subject individual as required:
Field
Guidance
Job title (optional)
You may include the subject individual's job title on the certificate
Adding a job title is optional
Including a job title requires additional validation and may delay certificate issuance
Country code
Country code for the individual's phone number.
Phone number
Phone number for the individual
Country
Country where the individual resides
City (optional)
City where the individual resides. Including a city requires additional validation and may delay certificate issuance.
State, province, or region
State, province, or region where the individual resides
Postal code
Postal code where the individual resides
Approval email
DigiCert uses this email address to process the request. This email address does not appear on the certificate
Select Add.
Add an existing subject individual
Select Use previous subject individual.
In the menu, select the subject individual.
Under Common Name, select the name to include on the certificate:
Given name + Surname
Preferred name
Select Add.
Under Certificate details, select Add an organization. Add the organization to which the subject individual is a valid employee or company representative.
Add an existing organization
Select Existing organization.
In the Organization menu, select the organization and then select Add.
If you choose an organization not validated for EU (eIDAS) certificates or the organization's validation has expired, DigiCert must validate the organization for QCP-N validation before we issue your certificate.
Add organization and technical contacts.
DigiCert automatically adds the contacts assigned to the organization to the request form. To see the organization and technical contacts, select Show organization contacts.
Add a new organization
Select New organization.
DigiCert must validate the new organization for QCP-N validation before we can issue your certificate. TLS certificate organization validation process.
Under Certificate details, enter the information below as needed. This information about the organization appears on the certificate.
Field
Guidance
Legal name
Organization name exactly as it appears in corporate registries, such as local government registration records.
Assumed name (optional)
Assumed name or doing business as name.
Note: Adding an assumed name requires additional validation, which may delay organization validation and certificate issuance.
Country
Country where the organization is legally located.
City
City where the organization is legally located.
State / Province / Region
State, province, region where the organization is legally located.
Under Organization details, enter the following information and then select Add. This information is needed to validate the organization and does not appear on the certificate:
Field
Guidance
Address 1
The address where the organization is legally located.
Address 2 (optional)
Additional address in formation, such as a Suite #.
Postal code (optional)
Postal code where the organization is legally located.
Country code
Country code for the organization's phone number
Phone number
Organization's phone number.
Note: DigiCert must call a verified organization phone number to confirm your authority to order a certificate for the organization. We verify this phone number against online third-party address listing sources like Google Business. Learn how we confirm your authority
Under Contacts, select Add authorized representative.
Add at least one authorized representative. You can add up to 15.
중요
What is an authorized representative and why do I need to add one
The authorized representative is listed in the company registry, represents the organization, and has the authority to approve EU Qualified Personal Organisation certificate requests. Before DigiCert can issue your certificate, one of the authorized representatives in your request must approve the order.
DigiCert validates all authorized representatives and sends them an approval email. DigiCert issues the certificate only after one representative approves the order.
Add an existing authorized representative
Select Existing contact.
In the Contacts menu, select the contact you want to use as the authorized representative for this request.
Notice
If you select a contact who is not an existing authorized representative, DigiCert must validate them before the certificate can be issued.
Select Add.
Add a new authorized representative
Select New contact.
Enter the contact's first and last name, job title, email address, and phone number.
Select Add.
Under Contacts, add the organization contact. The organization contact is the person DigiCert contacts when validating the organization and verifying your authority to order a certificate. They may also receive order status updates and domain status updates for the organization.
When you add a new organization, DigiCert automatically adds the certificate requestor as the organization contact. When you add an existing organization, DigiCert automatically adds the contacts assigned to that organization.
To use a different organization contact:
Select the delete icon next to the automatically populated organization contact.
Select Add contact. If you have already added a technical contact, select Add Organization Contact.
In the Add Contact window, in the Contact Type menu, select Organization Contact.
Add the contact:
Select Existing Contact and choose from the Contacts menu.
Select New Contact and enter the contact's first and last name, job title, email address, and phone number.
Select Add.
Under Contacts, add the technical contact.
DigiCert may contact the technical contact for inquiries regarding certificate orders for the organization. The technical contact may receive certificate lifecycle emails: certificate issued, reissued, and expiring. When adding an existing organization, DigiCert automatically adds the contacts assigned to that organization.
To use a different technical contact:
Select the delete icon next to the automatically populated technical contact.
Select Add contact. If you have already added an organization contact, select Add Technical Contact.
In the Add Contact window, in the Contact Type menu, select Technical Contact.
Add the contact:
Select Existing Contact and choose from the Contacts menu.
Select New Contact and enter the contact's first and last name, job title, email address, and phone number.
Select Add.
Under Additional emails (optional), enter the email addresses of the people you want to receive certificate issuance, expiring certificate, and expiring order notifications.
Use a comma to separate addresses or enter them on separate lines.
These recipients don't manage the order. They only receive certificate-related emails.
Under Additional order options, enter a renewal message if required.
Notice
Comments and renewal messages are not included in the certificate.
Under Payment information, select a payment method to pay for the certificate.
Read the Master Services Agreement and the Qualified Certificate Terms of Use and select the following options to continue:
I have read and agree with the Master Services Agreement
I have read and agree with the Qualified Certificate Terms of Use that apply to the eIDAS, PKIoverheid, or Swiss Qualified Certificate requested.
Select Submit request.
CertCentral opens the certificate's Order # details page, where you can see the status of your certificate order.
Complete the individual identity validation
Before we can issue you certificate, DigiCert must validate the subject individual on the certificate using one of the identity verification processes below.
Remote Identity Verification (RIV): The RIV method allows you to complete the identity validation process at your convenience. Only available with some certificate issuance processes.
Face-to-face: The face-to-face method requires you to meet in person with an authorized professional who can verify you are who you say you are. The professionals authorized to verify your identity differ depending on where you reside.
Complete organization validation
DigiCert must validate and authenticate your authority to order a certificate for the organization. DigiCert calls a verified phone number to speak with someone who represents you, such as the organization or technical contact.
To get organization consent for your certificate order:
Answer the organization validation phone call (preferred method):
After you submit your certificate order, ensure that the organization contact, technical contact, and company receptionist know you have ordered an EU Qualified Personal Organisation certificate.
Let them know DigiCert will call a verified phone number to speak with one of them to complete organization validation.
This phone call usually takes place within 24 hours of the order being placed.
Respond to the organization consent message:
If the DigiCert validation agent cannot reach someone at the verified phone number, they leave a message with a call-back phone number and a verification code.
The organization or technical contact must respond to the message and provide the verification code.
Certificate issuance
After validation is complete, DigiCert issues your certificate.
For a QSCD (Qualified Electronic Signature) certificate: If you ordered an eIDAS Qualified certificate (QCP-n-qscd) to apply a Qualified Electronic Signature (QES), DigiCert sends the subject individual an email to verify their shipping address.
After verifying the shipping address, DigiCert creates the private key on the hardware token and ships it to the subject individual. On the certificate's order details page, you can track the QSCD token shipment.
After receiving the QSCD and getting the PIN, return to CertCentral and download and install the DigiCert Trust Assistant. Use the DigiCert Trust Assistant to unlock and install the certificate on the QSCD token.
Why do I need to install DigiCert Trust Assistant?
The DigiCert Trust Assistant verifies that the public key in your certificate matches the private key in your QSCD token. If the keys don't match, the DigiCert Trust Assistant does not install the certificate on the token. See DigiCert Trust Assistant.
For a CSR (Advanced Electronic Signature, Authentication, or Encryption) certificate: If you ordered an eIDAS Qualified certificate (QCP-n) to apply advanced electronic signatures or for authentication or encryption, DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate.
The subject individual must do one of the following:
Use the DigiCert key-gen tool to create a CSR and generate the certificate.
With this option, the key-gen tool creates and downloads a .p12 file containing the private key and certificate on the computer used to access the page. DigiCert also emails a copy of the certificate.
Upload a CSR and generate the certificate.
With this option, you provide the CSR. DigiCert issues the certificate and downloads it as a .p7b file on the computer used to access the page. DigiCert also emails a copy of the certificate.
You can only use your certificate when installed on the computer where you generated the CSR and securely stored your private key.