Frequently Asked Questions (FAQ)
Account & Finance
Should you wish to cancel your order, please login to the TrustFactory Self Service portal https://portal.trustfactory.net/ and navigate to the support tab within the menu. Please log a ticket with your request.
Should you wish to print the order invoice, please login to the TrustFactory Self Service portal https://portal.trustfactory.net/ and navigate to the payment history tab where you will find the invoice for the settled order.
When completing the billing and shipping details during an order, choose “billing type”: company. The “Company VAT Number” is the field that can be used to enter the tax/VAT number. This number will then appear on your invoice
Logon to the partner application with your registered details. Navigate to the dashboard or detailed transactions tab to obtain all the calculated commission details
Select the contact us tab from the website https://www.trustfactory.net/contact-us/ and complete an enquiry
General
Use the rekey feature when you need to change the private key associated with your certificate. This may be the case due to any of the following reasons:
- Your server crashes.
- You lose your private key.
- You move your website to a new server.
- You change your SSL’s domain
Login to the TrustFactory Self Service portal https://portal.trustfactory.net/ and navigate to the certificates tab.
- Beneath the list of certificates, you will see a rekey button.
- Select the certificate you would like to rekey and click on the rekey button.
- Follow the prompts to complete the certificate rekey.
- You will be required to enter your New CSR and agree to the term and conditions.
- Click the Rekey button
- Your request will be processed. If all is in order your new certificate will be generated and you may download and install this certificate.
- You will receive an email notifications from TrustFactory when your certificate is up for renewal.
- To renew your existing certificate, login to the TrustFactory Self Service portal https://portal.trustfactory.net/ and navigate to the certificates tab.
- Select the certificate that you would like to renew
- Click on the renew button beneath the list of certificates
- Follow the prompts to renew your certificate.
- Once your renew request is lodged, a new order will be generated where the details of your existing certificate will be carried over
- You will need to complete this renewal order by completing the prompted steps
- Once the certificate is issued you will be notified via email and may navigate to the certificates tab to download the new certificate
- You may reissue a certificate when there is any change to the common name that appears in the certificate. Thus may be due to any of the following reasons:
- Change in domain name (SSL certificates)
- Change in email address (Individual certificates)
- You had purchased additional sans and have the domain name that you would like to add to your certificate
- Login to the TrustFactory Self Service portal https://portal.trustfactory.net/ and navigate to the certificates tab.
- Select the certificate that you would like to reissue
- Click on the reissue button beneath the list of certificates
- Follow the prompts to reissue your certificate.
- Once your reissue request is lodged, a new order will be generated you may amend the common name or add /edit any additional sans
- You will need to complete this reissue order by completing the prompted steps
- Once the certificate is issued you will be notified via email and may navigate to the certificates tab to download the new certificate
- Login to the TrustFactory Self Service portal https://portal.trustfactory.net/ and navigate to the certificates tab.
- Select the certificate that you would like to revoke
- Click on the revoke button beneath the list of certificates
- Follow the prompts to revoke your certificate.
Should you face any problems for which you need support, please login to the TrustFactory Self Service portal https://portal.trustfactory.net/ and navigate to the support tab within the menu. Please log a ticket with your request/issue.
Document Signing
The Personal Pass certificate:
- Is an AATL (Adobe Approved Trust List) enabled Digital Certificate.
- This certificate can be used to sign documents.
- This certificate conveys trust around the identification of the signing party as well as authenticity through encryption of the document.
- Only a recipient of the document holding the public key may decrypt the contents of the document.
- The private key is stored on a NIST FIPS 140-2 Level 2 compliant token
- This is the link to the list of approved trust list members https://helpx.adobe.com/africa/acrobat/kb/approved-trust-list1.html
The National Institute of Standards and Technology (NIST) set the FIPS 140-2 standard which is an information technology security approval program for cryptographic modules produced by private sector vendors who seek to have their products certified for use in government departments and regulated industries (such as financial and health-care institutions) that collect, store, transfer, share and disseminate sensitive but unclassified (SBU) information.
Tamper evident FIPS 140-2 security labels are utilized to deter and detect tampering of modules.
I token that is complaint with the above standard, needs to be used to store the private key of the certificate holder
TrustFactory offers their customers the option to purchase either
- A physical token- a TrustFactory branded smart card token that can be shipped to the customer
A digital token – that is cloud based and can be purchased from CloudKey (not available as yet but coming soon to the market)
Only your private key and certificate are saved on your token. Signed documents can be saved to your computer
It is advisable to generate the CSR on the physical token as far as possible. However in the event that this is not feasible, you may generate a CSR using the windows store provided you do a rekey of the certificate once the physical token arrives.
Please refer to the TrustFactory Support page where you may navigate to the category titled Installation of TrustFactory certificates and refer to the document titled “Installation-of-Certificate-for-Smart-Card.pdf”
Please refer to the TrustFactory Support page where you may navigate to the category titled “Using Your TrustFactory Personal Pass Certificate / AATL / Adobe Approved Trust List Certificate” and selecting the document titled “How-to-digitally-sign-a-pdf-document-in-Adobe-using-your-TrustFactory-Personal-Pass-certificate”
When you use email security (SMIME), the established certificate chain (including the intermediate CA certificate) will be sent to the recipient in the SMIME envelope so that the user can validate the signature on the email message against the TrustFactory root which is embedded into the Microsoft root store and distributed to their computer through Microsoft Update; refer to https://docs.microsoft.com/en-us/security/trusted-root/august2019.
For document signing this is much the same process whereby the certificate chain is embedded into the signature on the document (Microsoft Office, PDF etc). Trustfactory is also embedded into the Adobe Trust List; refer to https://helpx.adobe.com/africa/acrobat/kb/approved-trust-list1.html.
So in summary, once the setup is completed successfully on your computer and you use the certificate to sign documents and emails, the recipient will be able to validate the signature without the need to install the intermediate CA certificate on their side.
Yes the token is supported on Windows, Linux and MacOS. As this is a FIPS certified token there is no way of exporting the private key from the token; all signing operations occur within the security boundary of the token wherein the private key resides.
Email Security
Sender and Receiver of email both have email certificates:
With the email security certificate one can sign and encrypt emails and email attachments. The receiver of the email can decrypt the email and view its contents being assured that the email has not been tampered with and is from an authentic and trusted source
Sender only has an email certificate
With the email security certificate one can sign emails. The receiver of the email will have assurance that the email is from a trusted source and has not been tampered with.
The email cannot be encrypted and the receiver will not be able to decrypt the email in the absence of an email certificate
Do the sender and receiver both have to have TrustFactory email certificates for encryption to work?
It is not necessary for both parties to have email certificates from TrustFactory. The main requirement for encryption is that both sender and receiver certificates are chained to trusted root CAs. These can be different CAs
First the public key needs to be shared between the sender and receiver of an email. This is done by initially sending a signed email to each other. Each recipient will need to save the sender’s email address and certificate into their address book. Once this is completed encrypted emails may be sent between both recipients.
For more information please navigate to the https://www.trustfactory.net/support/ page and refer to the document titled “How to sign and send an encrypted email using Outlook”
Currently email certificates are compatible with Outlook and most other SMIME capable email clients as they comply with the X.509 digital certificate standard
Please refer to the TrustFactory Support page where you may navigate to the category titled Installation of TrustFactory certificates and refer to the document titled “Installation-of-Certificate-for-Windows.pdf”.
Please refer to the TrustFactory Support page where you may navigate to the category titled “Using your TrustFactory Email Certificate” and refer to the document titled “How to setup your email certificate within Outlook”.
SSL
- TrustFactory’s SSL Standard certificate secures one domain/common name
- TrustFactory’s SSL Premium certificate secures your domain/common name and multiple subdomains (depending on the number of additional SAN domains purchased)
- TrustFactory’s SSL Wildcard certificate secures your domain/common name and unlimited subdomains
- SSL certificates secure your website by providing end-to-end security between users and your website.
- When a user initiates a secure session to your web server, the web server presents its digital certificate to the user’s browser to verify the identity of the website (authentication). Thereafter, an SSL/TLS handshake occurs between the browser and the web server whereby a shared session key is securely established for the session. This session key is used to encrypt all of the communication between the browser and the server for the duration of the session (confidentiality). Furthermore, data integrity is maintained throughout the session through the use of secure hash functions.
- Domain certificates :
- Are certificates that are checked against the domain registry.
- There is no identifying organizational information for these certificates
- Fast almost immediate issuance
- Usually used on internal servers and non-ecommerce websites
- Organisation Certificates:
- Are trusted certificates.
- The organisation applying for the certificate is authenticated by validation specialists against valid business registry databases hosted by governments or similar.
- Documents are uploaded and vetted
- Personnel may be contacted during validation to prove the right of authority.
OV certificates therefore contain legitimate business information. This is the standard type of certificate required on a commercial or public facing website
Qualified Certificates
- Is an Advanced Electronic Signature Digital Certificate
- It has all the benefits as the personal pass certificate that is:
- This certificate can be used to sign documents.
- This certificate conveys trust around the identification of the signing party as well as authenticity through encryption of the document.
- Only a recipient of the document holding the public key may decrypt the contents of the document.
- The private key is stored on a NIST FIPS 140-2 Level 2 compliant token
- This is the link to the list of approved trust list members https://helpx.adobe.com/africa/acrobat/kb/approved-trust-list1.html
- As well as the benefit in that it can be used to sign legally binding contracts. The face to face validation of the certificate holder gives added assurance around the identity of the signer and thus may be used to sign in place of a hand written signature, where permitted by the law
- Personal Pass Premium is TrustFactory’s SAAA-accredited qualified certificate product
Root Certificates
Yes. TrustFactory is included in the Microsoft root certificate store
We are in the process of applying for inclusion in the Mozilla root certificate store.
TrustFactory is currently an Adobe Approved Trust List (AATL) member. Refer to https://helpx.adobe.com/africa/acrobat/kb/approved-trust-list2.html for further details.
As the TrustFactory Root certificate for SSL is already included in the Microsoft root store, it will automatically download and install into your local repository when you use Microsoft Edge browser to access a site protected with a TrustFactory SSL certificate. Try visiting https://valid.trustfactory.net/ with your Microsoft Edge browser. Alternatively, you can manually download and install the SSL root certificate into your local root store.
You may navigate to the https://www.trustfactory.net/repository/#ca_certificates page where you will find the root certificates for download.
“CA CERTIFICATES SECTION”
There will be one root certificate for SSL and one root certificate for Client:
- Root CA – SSL
- Root CA – Client
For further instructions on how to install these certificates, navigate to the support page https://www.trustfactory.net/support/ and refer to relevant installation guides under the Installation of TrustFactory certificates category.
Intermediate Certificates
You may navigate to the https://www.trustfactory.net/repository/#ca_certificates page where you will find the intermediate certificates for download under the “CA CERTIFICATES SECTION”
There will be one issuing/intermediate certificate for SSL and one issuing/intermediate certificate for Client:
- Issuing CA – SSL
- Issuing CA – Client
For further instructions on how to install these certificates, navigate to the support page https://www.trustfactory.net/support/ and refer to relevant installation guides under the Installation of TrustFactory certificates category.