Skip to main content

Order your EU Qualified Personal certificate

CertCentral Europe: Learn how to order an EU Qualified Personal certificate

An EU Qualified Personal is an eIDAS certificate issued to a natural person and used to apply electronic signatures. You can get one that applies Qualified electronic signatures or applies advanced electronic signatures.

The EU Qualified Personal certificate is only available in DigiCert's European instance of CertCentral, where we store your data in our Europe data centers. To learn more about DigiCert privacy policy and data collection, see EU (eIDAS) products.

Before you begin

When ordering your EU Qualified Personal certificate, you must choose your provisioning method and certificate use. The provisioning method refers to where you will store the certificate's private key. The certificate use refers to what you want to use the certificate for.

Key provisioning methods and associated certificate uses

  • Qualified signature/seal creation device (QSCD) key provisioning method

    Certificate use: Apply Qualified electronic signatures.

    • DigiCert sends the subject individual an email to verify their shipping address.

    • DigiCert generates the private key on the QCSD hardware token and ships it to the subject individual.

    • Use the DigiCert Trust Assistant to initialize your token and install your certificate on it. See Certificate issuance below.

  • Certificate signing request (CSR) key provisioning method

    Certificate uses: Apply advanced electronic signatures. We also offer advanced authentication and encryption options.

    • DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate. See Certificate issuance below.

Order an EU Qualified Personal certificate

  1. In CertCentral Europe, in the left menu, go to Request a Certificate > EU (EIDAS) > EU Qualified Personal.

  2. On the Request an EU Qualified Personal page, in the For menu, select the division to manage the certificate.

    The For menu only appears if your account uses Divisions.

  3. Certificate validity

    In the Certificate Settings section, under Certificate validity, select a validity period for the certificate: 1 year, 2 years, 3 years, Custom expiration date, or Custom length.

  4. Key provisioning method

    Select the key provisioning method for your EU Qualified Personal certificate.

    The provisioning method refers to where you will store the certificate and its private key. The provisioning method determines what you can use the certificate for.

    • Qualified signature/seal creation device (QSCD)

      Select this option to apply Qualified electronic signatures, where your private key and certificate must be stored on a QSCD.

      Then, select a Shipping Method, and under Shipping address, add the subject individual's shipping information: recipient's name and the address where you want us to send the hardware token.

    • Provide certificate signing request (CSR)

      Select this option to apply advanced electronic signatures or for an advanced authentication or encryption certificate, where you submit your CSR and are responsible for securely storing the certificate and its private key.

      DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate.

  5. Certificate uses

    Select a use for your certificate. You can only select one certificate use per certificate.

    • EU Qualified Electronic Signature

      Get an eIDAS Qualified certificate issued to a natural person and used to apply a Qualified Electronic Signature (QES). The only "certificate use" available with the Qualified signature/seal creation device (QSCD) key provisioning method.

    • Advanced Electronic Signature

      Get an eIDAS Qualified certificate issued to a natural person for advanced electronic signatures. Available with the Provide certificate signing request (CSR) key provisioning method.

    • Authentication

      Get an eIDAS certificate issued to a natural person for authentication. Available with the Provide certificate signing request (CSR) key provisioning method.

    • Encryption

      Get an eIDAS certificate issued to a natural person for encryption. Available with the Provide certificate signing request (CSR) key provisioning method.

  6. Additional certificate options

    Signature Hash

    By default, DigiCert issues RSA certificates with a SHA-256 signature hash and RSA signing algorithm. We recommend using the default RSA settings unless you have specific reasons for using a different key size or signing algorithm (for example, company policy requires an RSASSA-PSS signature).

    In the menu, select the signature hash and signing algorithm you want DigiCert to use for your certificate:

    • sha256WithRSA

    • sha256WithRSAPSS

  7. Certificate details

    Add the information about the subject individual to be included on the certificate. The subject individual is the holder of the certificate. Specific information about the individual will be included on the certificate. You can add a new subject individual or an existing subject individual used previously.

    Under Certificate details, select Add subject individual. In the Add subject individual window, complete the tasks below as needed.

    Add a new subject individual

    DigiCert must validate the subject individual before we can issue your certificate. Accurate information makes validating the individual easier, leading to faster certificate issuance. Verify that the details are correct, including spelling and punctuation.

    1. Select Create new subject individual and then Next.

    2. In the Add subject individual window provide the individual's name.

      Given name

      You may include a middle name and initials. Do not include titles or prefixes, such as "Dr.".

      Surname

      You may include generational suffixes, such as “Sr.” and “III”.

    3. Select the Common Name to be included on the certificate:

      • Given name + Surname (recommend)

        You may include the given name + surname as the common name.

      • Preferred name

        You may include a preferred name as the common name. You may include titles, prefixes, professional and academic suffixes, abbreviations, and accreditations.

        Note: Adding a preferred name requires additional validation and may delay certificate issuance.

    4. Enter the following information about the subject individual as required:

      Job title (optional)

      You may include the subject individual's job title on the certificate.

      • Adding a job title is optional, and you can leave this field empty.

      • Including a job title requires additional validation and may delay certificate issuance.

      Country code

      Country code for the individual's phone number.

      Phone number

      Phone number for the individual.

      Country

      Country where the individual resides.

      City

      You may include the city where the individual resides.

      • Adding a city is optional, and you can leave this field empty.

      • Including a city requires additional validation and may delay certificate issuance.

      State, province, or region

      State, province, or region where the individual resides.

      Postal code

      Postal code where the individual resides.

      Approval email

      DigiCert uses this email address to process your request.

      Note: This email does not appear on the certificate.

    5. When ready, select Add.

    Add an existing subject individual

    1. Select Use previous subject individual.

    2. In the menu, select the subject individual.

    3. Under Common Name, select the name to include on the certificate:

      • Given name + Surname

      • Preferred name

    4. Select Add.

  8. Additional emails (optional)

    Enter the email addresses of the people you want to receive the certificate issuance, expiring certificate, and expiring order notifications. Use a comma to separate addresses or enter them on separate lines.

    These recipients don't manage the order. They only receive all the certificate-related emails.

  9. Additional order options – Order Specific Renewal Message

    To create a renewal message for this certificate, enter a renewal message with information that might be relevant to the certificate’s renewal.

    Note: Comments and renewal messages are not included in the certificate.

  10. Select payment method

    Under Payment information, select a payment method to pay for the certificate.

  11. Master Services Agreement and Qualified Certificate Terms of Use

    Read the Master Services Agreement and the Qualified Certificate Terms of Use and select the following options to continue:

    • I have read and agree with the Master Services Agreement

    • I have read and agree with the Qualified Certificate Terms of Use that apply to the eIDAS, PKIoverheid, or Swiss Qualified Certificate requested.

  12. Select Submit request.

What's next

CertCentral takes you to the certificate’s Order # details page, where you can see the status of your certificate order.

Complete the individual identity validation

Before we can issue you certificate, DigiCert must validate the subject individual on the certificate using one of the identity verification processes below.

  • Remote Identity Verification (RIV)

    The RIV method allows you to complete the identity validation process at your convenience. Only available with some certificate issuance processes.

  • Face-to-face

    The face-to-face method requires you to meet in person with an authorized professional who can verify you are who you say you are. The professionals authorized to verify your identity differ depending on where you reside.

Certificate issuance

Once the validation process is complete, we will issue your certificate.

  • eIDAS Qualified certificate (QCP-n-qscd) to apply a Qualified Electronic Signature (QES)

    If you ordered an eIDAS Qualified certificate (QCP-n-qscd) to apply a Qualified Electronic Signature (QES), DigiCert sends an email to the subject individual to verify their shipping address.

    After verifying the shipping address, we create the private key on the hardware token and ship it to the subject individual. On your certificate's order details page, you can track your QSCD token shipment.

    After receiving the qualified signature/seal creation device (QSCD) and getting the PIN for it, return to CertCentral and download and install the DigiCert Trust Assistant. Then use the DigiCert Trust Assistant to unlock and install the certificate on your QSCD token.

    Why do I need to install DigiCert Trust Assistant?

    The DigiCert Trust Assistant ensures that the public key in your certificate matches the private key in your QSCD token. If the keys don’t match, DigiCert Trust Assistant won’t install the certificate on the token, adding another layer of security to your certificate process. Learn more about the DigiCert Trust Assistant.

  • Advanced certificate: Apply advanced electronic signature

    If you ordered an eIDAS Qualified certificate (QCP-n) to apply advanced electronic signatures or for authentication or encryption, DigiCert sends the subject individual an email with instructions and a link for providing a CSR and getting their certificate

    They must do one of the following:

    • Use the DigiCert key-gen tool to create a CSR and generate the certificate.

      With this option, our key-gen tool creates and downloads a .p12 file containing the private key and certificate on the computer used to access this page. We will also email you a copy of the certificate.

    • Upload a CSR and generate the certificate.

      With this option, you provide the CSR. DigiCert then issue your certificate and downloads it as a .p7b file on the computer used to access this page. We will also email you a copy of the certificate.

    You can only use your certificate when installed on the computer where you generated the CSR and securely stored your private key.

: