Digital Certificates and Authentication

Digital Certificates and Authentication

  • Q1.
    What is a digital certificate?
    Ans

    A digital certificate is an electronic file issued and digitally signed by a certification authority that vouches for the identity of the certificate holder. It provides a means of authentication for conducting online transactions.

    For more information about digital certificates and certification authorities, you may refer to the Hongkong Post website:

  • Q3.
    What is the Hongkong Post e-Cert (Personal) for the Smart ID Card? Where can I get more information about it?
    Ans

    The Hongkong Post e-Cert (Personal) for the Smart ID Card is a personal digital certificate issued by the Hongkong Post Certification Authority. This e-Cert is embedded in your Hong Kong smart identity card and contains the following information:

    • your name as it appears on the Hong Kong Identity Card;
    • your Hong Kong Identity Card number (in encrypted form);
    • your email address (optional); and
    • your unique Subscriber Reference Number (SRN) assigned by Hongkong Post.

    This is the only digital certificate that can be loaded onto the Hong Kong Identity Card. More information, such as application details, renewal information, user guides and other technical specifications, is available on the Hongkong Post website:

  • Q4.
    I am using Windows 7/Vista and Internet Explorer to access an online service that requires user authentication. During user authentication, the screen displays security warnings – "Windows needs your permission to continue" and "A website wants to open web content using this program on your computer". What should I do?
    Ans

    You have probably logged on Windows 7/Vista with an administrator account. To enhance system security, Windows 7/Vista imposes restrictions on the administrator account and may ask for permission before certain actions are executed.

    Security warning (1):

    Sample screen for security warning (1)

    Security warning (2):

    Sample screen for security warning (2)

    Please log on Windows 7/Vista with a standard user account before using the online service. In addition, because of changes in the security features of Windows 7/Vista, you must install Java 8 if you need to use the e-Cert in your smart identity card for authentication.

  • Q5.
    I am using Windows 7/Vista to access an online service that requires user authentication and I want to authenticate using the e-cert in my smart identity card, but the online service does not allow me to select the smart card reader. What should I do?
    Ans

    You have probably logged on Windows 7/Vista with an administrator account. To enhance system security, Windows 7/Vista imposes restrictions on certain actions by the administrator account and therefore the online service cannot provide the option of using a smart card reader. 

    Please install Java 8 and log on Windows 7/Vista with a standard user account before using the online service.

  • Q6.
    When I tried to use my Digi-Sign Personal ID-Cert to log into a GovHK online service, I got an error message saying that the certificate could not be found. What should I do?
    Ans

    The problem probably occurs after the password of the certificate has been changed. If you encounter this problem, please import the certificate into Internet Explorer or Firefox and export a backup copy. You should be able to use the backup copy to log into the online service. Please refer to the Subscriber Operation Manual in Digi-Sign website on how to import and export the ID-Cert.

  • Q7.
    I am using Mac OS X and Safari to access an online service that requires user authentication, but the online service does not allow me to specify the location of the digital certificate media for authentication. What should I do?
    Ans

    Sample screen for Mac OS X and Safari

    GovHK online services use Java plug-ins for user authentication, and Safari runs plug-ins in “Safe Mode” by default. “Safe Mode” protects the user by blocking contents with potential security risks to run, including file browsing on your computer. Please visit the following page on the Apple website to allow Java plug-in runs in “Unsafe Mode” in Safari:

Last review date:June 2016