Qualified certificate for electronic signature

A qualified electronic signature certificate is your “personal identification document in the electronic world”.
A qualified certificate for electronic signature enables you to:

  • access to secure websites (ssl/tls authentication),
  • electronic signing of documents and electronic mail,
  • electronic signature verification.

The certificate can be issued with or without a registered personal number of a user. Only the electronic signature certificate that contains the user’s personal number can be used for work with state authorities.

The procedure for issuing a certificate for an electronic signature depends on whether the applicant for issuance is a legal or natural person, that is, whether the user of the certificate identifies himself as a natural person belonging to a legal entity or an independent natural person.

It is necessary to announce the arrival by sending an email to info_qca@e-smartsys.com and wait for confirmation of the appointment.

Below you can read more about the procedures for submitting a request and issuing a certificate, activation, unlocking, changing the PIN, but also other important information such as: the price of the certificate and the method of payment, documentation, depending on whether you are in the process of issuing or have a certificate for the electronic signature of the ESS QCA certification authority.

If you are interested in the service of issuing a qualified certificate for electronic signature and agree to the conditions of issuing and using the qualified certificate defined in the documents Certificate Policy (CP) and Certification practice statement (CPS), you can submit a request for the issuance of a qualified certificate by filling out the online form on the page Submitting a request.

To begin with, it is necessary to verify the e-mail address that will be entered in the qualified certificate you are applying for. You will receive a one-time link to the entered e-mail address from which you can continue the data entry process for issuing the desired certificate.

Entering information about the applicant for a qualified electronic signature certificate differs depending on whether you are applying as a natural person, a member of a legal entity, or an independent natural person. When entering, pay attention to the explanations on the online form itself and enter all the necessary data, taking care of their accuracy.

After clicking Submit request, depending on whether the request is validly filled out, you will receive instructions on the further steps of the process to your email address.

A qualified electronic signature certificate is issued only to a successfully identified user. In the process of issuance, a qualified certificate for electronic signature is entered on the previously prepared QSCD device (smart card) in the ESS QCA certification authority.
If the user declares that he will wait for the issuance of the qualified certificate, along with the certificate on the selected device, the user is given an envelope with the PIN code used to activate the private key of the qualified certificate and the PUK code used to unblock the PIN code. Otherwise, the certificate will be delivered by a courier service that delivers the certificate to the user only after confirming the user’s identity, and an envelope with PIN and PUK codes will be delivered by regular mail.
When downloading, the user signs Confirmation of acceptance.

The prices of electronic signature certificates depend on the type of device and the duration of the certificate that the subscriber/user chooses. The prices of all varieties can be seen in the Price List.

The ESS QCA certification authority issues qualified certificates for electronic signature with a duration of one to five years. In the case of foreign nationals (to whom the qualified certificate is issued on the basis of a passport), the duration of the certificate is limited by the duration of the passport (if the duration of the passport is shorter than the duration of the certificate).

For legal entities, it is possible to pay by invoice, as well as cash and payment cards in the registration body itself. On that occasion, a cash invoice is issued to legal entities.

Natural persons can pay for certificates with cash or payment cards.

Whether the user collects the certificate from us or the certificate is delivered to his address, personal collection is mandatory and the only possible.

Complete documentation regarding the conditions for issuing and using qualified certificates for electronic signature can be read on the website of the Certification authority. The documentation is divided into General documentation (applies to all) and documentation for the user of the electronic signature certificate, which is different for legal and natural persons.

In order for the qualified certificate for electronic signature to work properly, it is necessary to follow the guidelines given in the document Instructions for the use of the qualified certificate for electronic signature. The download page contains all necessary certificate and software installations.

The certification authority ESS QCA, upon issuing a qualified certificate for electronic signature, suspends it. The suspension after issuing the certificate is a protection measure against the compromise of the QSCD device during transport to the user.

The user via the online service, on the Activation link, activates the certificate using two parameters:

• a one-time activation code (JAK) that was sent directly to the user via SMS and
• unique user identifier (UIK) printed on the QSCD device that was handed over.

The PIN change procedure can be performed through the QCA QSCD Manager application by following the simple instructions on the application itself. You need to have your QSCD device with a qualified certificate with you – smart card (and appropriate reader) or token, as well as the PIN code you received in the PIN envelope. You can find an explanation of this procedure in the document Instructions for using a qualified certificate for electronic signature.

The user can submit a request to unlock the device with a qualified electronic signature certificate. The request must be submitted in person at the RA . When submitting a request for unblocking, it is necessary to attach the blocked device. After the identification of the user, the device is unlocked and then a PIN envelope is printed, which is delivered to the user together with the unlocked device.

For certificates issued after 04/05/2021.
The PIN unblocking procedure can be performed independently by the user through the QCA QSCD Manager application following simple instructions on the application itself or explanations from the document Instructions for using a qualified electronic signature certificate. In case of entering the wrong PUK in the PIN unblocking process two (2) times, independent PIN unblocking is no longer possible. In this case, device unlocking can only be performed by the ESS QCA Certification authority. The use of other application solutions for changing/unblocking is not recommended, as the card may be permanently destroyed in this way.

Users can check the current status of their certificate on the following link – Status.
By entering one of the two possible parameters – the user’s unique identifier or the serial number of the certificate and clicking on the Check status button, you will see information about the status of the certificate, the validity dates of the certificate – valid from and valid until, as well as the date from which the current status of the certificate is in effect.

If during the validity period of the qualified certificate for electronic signature, there is a change in the data entered in the certificate, the subscriber/user submits to the registration authority ESS QCA a request to change the data.
The data for which the change is requested is the name or surname or e-mail address.

The procedure for changing the data entered in the certificate is identical to the procedure for issuing a new qualified certificate for electronic signature. An existing qualified certificate is revoked upon activation of a new one. Issuance of a new qualified electronic signature certificate is at the expense of the subscriber/user.

The subscriber/user is obliged to inform the ESS QCA certification body in the form of an official letter if there have been changes in the identification data.
If the subscriber/user does not want to issue a new certificate with changed data, he submits a request for revocation.

Suspension
The subscriber/user, if necessary, can submit a request for the suspension of the qualified electronic signature certificate.
In the request, it is necessary to state the reason for suspension and the desired number of days of suspension. The maximum number of days of suspension is 30. After the suspension expires, the status of the qualified electronic signature certificate automatically changes to active.
Revocation
The subscriber/user may submit a request for revocation of a qualified electronic signature certificate. The reason for revocation may be withdrawal of consent, loss of QSCD device or something else. Revoking a qualified electronic signature certificate is a permanent action and it is impossible to change the status of a revoked qualified electronic signature certificate to active.
In the request, it is necessary to state the reason for revocation.

The results of the suspension/revocation request processing are visible by publishing the CRL. The CRL is published every day at 8:00 AM.

The reissuance of a qualified certificate can be done if the existing qualified certificate is valid for a period of 30 days until the expiration of the active certificate.

In the case of reissuing a certificate for an individual member of a legal entity entity, the following documentation must be submitted to the ESS QCA certification body at the e-mail address info_qca@e-smartsys.com:

  • Consent for issuance completed and signed by the legal representative and authorized person,
  • OP form in case there was a change of legal representative.

Based on the submitted consent, a preliminary invoice is created and delivered to the legal entity, the subscriber, via e-mail address. After recording the subscriber’s payment, the user will be sent an email with a query regarding the proposed arrival date. The further procedure is identical to the procedure for issuing a certificate for an electronic signature.

In the case of reissuing a certificate for an electronic signature for an independent natural person, it is necessary to send an inquiry to the e-mail address info_qca@e-smartsys.com with a proposal for an arrival date in order to obtain a new certificate.

It is necessary for the natural person, the applicant, to bring a valid identification document: an identity card for citizens of the Republic of Serbia or a passport for foreigners.

Change of data

Submit a request

*applies only to qualified certificates issued in ESS QCA. Changing data implies issuing a new certificate. The cost of production falls on the user.

Reissue

Submit a request

*only if the existing qualified certificate is valid/active in the period of 30 days until the certificate expires. Re-issuing means issuing a new certificate. The cost of production falls on the user.

SEE MORE

Price list for electronic signature