Digital Certificates and Authentication
Digital Certificates and Authentication
Q1.What is a digital certificate?Ans
A digital certificate is an electronic file issued and digitally signed by a certification authority that vouches for the identity of the certificate holder. It provides a means of authentication for conducting online transactions.
For more information about digital certificates and certification authorities, you may refer to the Hongkong Post website:
Q2.Which types of digital certificates do GovHK online services support?Ans
The following digital certificates are generally supported by GovHK online services:
Personal Digital Certificates
- Hongkong Post e-Cert (Personal) for Smart ID Card
- Hongkong Post e-Cert (Personal)
- Digi-Sign Personal ID-Cert Class 1
Organisational Digital Certificates
- Hongkong Post e-Cert (Organisational)
- Digi-Sign Organisational ID-Cert Class 2
- Digi-Sign Organisational ID-Cert Class 5
Each GovHK online service has its own requirements for digital certificate support. Please refer to the FAQs of individual services for details.
Q3.What is the Hongkong Post e-Cert (Personal) for the Smart ID Card? Where can I get more information about it?Ans
The Hongkong Post e-Cert (Personal) for the Smart ID Card is a personal digital certificate issued by the Hongkong Post Certification Authority. This e-Cert is embedded in your Hong Kong smart identity card and contains the following information:
- your name as it appears on the Hong Kong Identity Card;
- your Hong Kong Identity Card number (in encrypted form);
- your email address (optional); and
- your unique Subscriber Reference Number (SRN) assigned by Hongkong Post.
This is the only digital certificate that can be loaded onto the Hong Kong Identity Card. More information, such as application details, renewal information, user guides and other technical specifications, is available on the Hongkong Post website:
Q4.I am using Windows 7/Vista and Internet Explorer to access an online service that requires user authentication. During user authentication, the screen displays security warnings – "Windows needs your permission to continue" and "A website wants to open web content using this program on your computer". What should I do?Ans
You have probably logged on Windows 7/Vista with an administrator account. To enhance system security, Windows 7/Vista imposes restrictions on the administrator account and may ask for permission before certain actions are executed.
Security warning (1):
Security warning (2):
Please log on Windows 7/Vista with a standard user account before using the online service. In addition, because of changes in the security features of Windows 7/Vista, you must install Java 8 if you need to use the e-Cert in your smart identity card for authentication.
Q5.I am using Windows 7/Vista to access an online service that requires user authentication and I want to authenticate using the e-cert in my smart identity card, but the online service does not allow me to select the smart card reader. What should I do?Ans
You have probably logged on Windows 7/Vista with an administrator account. To enhance system security, Windows 7/Vista imposes restrictions on certain actions by the administrator account and therefore the online service cannot provide the option of using a smart card reader.
Please install Java 8 and log on Windows 7/Vista with a standard user account before using the online service.
Q6.When I tried to use my Digi-Sign Personal ID-Cert to log into a GovHK online service, I got an error message saying that the certificate could not be found. What should I do?Ans
The problem probably occurs after the password of the certificate has been changed. If you encounter this problem, please import the certificate into Internet Explorer or Firefox and export a backup copy. You should be able to use the backup copy to log into the online service. Please refer to the Subscriber Operation Manual in Digi-Sign website on how to import and export the ID-Cert.
Q7.I am using Mac OS X and Safari to access an online service that requires user authentication, but the online service does not allow me to specify the location of the digital certificate media for authentication. What should I do?Ans
GovHK online services use Java plug-ins for user authentication, and Safari runs plug-ins in “Safe Mode” by default. “Safe Mode” protects the user by blocking contents with potential security risks to run, including file browsing on your computer. Please visit the following page on the Apple website to allow Java plug-in runs in “Unsafe Mode” in Safari: