This support article provides a list of Frequently Asked Questions (FAQs) for PersonalSign Certificates. Aside from this, we also have support articles for the following specific services as listed below:
Frequently Asked Questions
Our PersonalSign Certificates can be used for multiple purposes:
- Microsoft Office Document Signing - Digitally Sign Microsoft Office Documents
- Secure Email (S/MIME) - Digitally Sign & Encrypt Email
- Two Factor Authentication (2FA) - Strong Authentication to networks, VPNs, cloud services and more
Microsoft Office Document Signing
GlobalSign PersonalSign Certificates are trusted by Microsoft Office systems and allow you to create digital signatures. Applying a digital signature to a document proves the information originated with the signer and that the document has not been altered since the document was signed, ensuring document integrity. This allows for secure electronic document work flows and eliminates time and resources spent by replacing paper-based work flows. It also meets compliance requirements associated with electronic work flows. When applying a digital signature, you can choose to insert an image file containing a handwritten signature or other image of your choice.
Secure Email (S/MIME)
PersonalSign Certificates use Secure/Multipurpose Internet Mail Extensions (S/MIME) technology to allow users to digitally sign and encrypt email. Digitally signing emails protects the origin and authenticity of an email. A digital signature (different from a “message signature” or customizable salutation) adds a unique code to a message which only comes from the Certificate of the original sender. It also confirms that the content of the email has not been altered in transit. Encrypting email ensures message privacy.
Encrypting email converts the message into (scrambled) ciphertext.
Digital signatures ensure the confidentiality of the data of an encrypted email – Only the intended recipient (who is the owner of the corresponding private key*) can “unlock” the message and view the content in clear text.
Technically, a digital signature includes a hash of the overall document being signed. Any change to the document after it is signed invalidates this digital hash.
Note: Both the sender and the recipient must have a Digital Certificate to use email encryption.
Two Factor Authentication (2FA)
Client Authentication is the process by which users securely access a server or remote computer by exchanging a Certificate. Networks and web services can be configured to only allow access to particular Certificates. Authentication prevents unauthorized access and enhances current security. It can be used for in-browser client authentication to VPNs, smart card technology, cloud applications, and mobile devices. PersonalSign Certificates are approved Digital Certificates for various online services including the FDA ESG and NAESB Electronic Industry Registry.
Learn more about the various uses of GlobalSign's PersonalSign Certificates by visiting the PersonalSign Certificates page on GlobalSign.com.
2. How do I order a PersonalSign Certificate?
If you are a new customer, you can place your order here:
If you are an existing customer with a GlobalSign account, you can order by logging in to your account. You may follow the guidelines found here: https://support.globalsign.com/customer/en/portal/articles/2826999-how-to-order-a-new-client-certificate
3. I entered the incorrect approval email, can this be changed?
Since the approval email cannot be changed, we recommend that you reorder the Certificate using this guide:
Note: If you reorder, you may contact GlobalSign with your new order number to help expedite it.
4. I have forgotten my pick-up password, please could you provide it to me?
Due to our security processes, the pickup password you created during the ordering process is not visible in our system.
Instead you will need to cancel and reorder using this guide:
Note: If you reorder, you may contact GlobalSign with your new order number to help expedite it.
5. I have made a mistake during the ordering of my Certificate, how do I change the details?
The Certificate information is locked upon the order creation.
If your Certificate has not been issued or has been available for download for less than 7 days, you should have the option to cancel and reorder the Certificate with the correct information using the following guide:
If you do not have the option to cancel and reorder in your account, please check if you are the same user who placed the order, as you may not have permissions to complete this action.
If you are the user who placed the order however you still do not have the option to cancel and reorder, please contact GlobalSign Support.
6. How do I renew my PersonalSign Certificate?
You can renew your Certificate through your GCC account. Steps on how to do this can be found here:
There is also a how-to tutorial available here:
Note: The renew button is normally available in your account for 90 days prior to your Certificate expiring and 7 days after the Certificate has expired.
7. How do I reissue my PersonalSign Certificate?
You can reissue your Certificate through your GCC account using the following guide:
8. In which scenarios might I need to reissue my Certificate?
- If you need to install the Certificate on a new machine, however you have lost the original downloaded file to install.
- You cannot remember the password you created to protect the .pfx file when you downloaded and installed it originally.
- If the Certificate’s private key has become compromised; we advise that the compromised Certificate be revoked after reissuance.
- If you need to install the Certificate on a new machine but are unable to export it in a .pfx format (Including private key) from the machine where you installed it originally (Please refer to Question #13).
9. Will reissuing/renewing my Certificate cause me any problems?
When a PersonalSign Certificate is reissued/renewing a new private and public key pair is generated.
Our PersonalSign Certificates are used for three functions, which are affected in the following ways:
- Digitally signing an email: Using a reissued/renewed Certificate will not have any affect when signing new emails and old emails will still show as correctly signed.
- Encrypting an email: The reissued/renewed Certificate can be used to encrypt new emails. However, it cannot be used to decrypt old emails that were encrypted with the original Certificate as the original Certificate will have its own unique private and public key pair. The original Certificate will need to be used to decrypt any emails it was used to encrypt. For this reason, we recommend saving a copy of your original Certificate(s).
- Authentication: The public key of the reissued/ renewed Certificate will not match the public key of the original Certificate. This will mean that if you want to use your reissued/renewed Certificate for authentication, you will need to export your new public key and provide it to the service you are trying to authenticate to.
10. How do I cancel my PersonalSign Certificate?
Should you decide to cancel your Certificate, you can complete these steps by following:
If you do not have the option to cancel the Certificate from your account, please check you are the same user who placed the order, as you may not have permissions to complete this action.
If you are the user who placed the order however you still do not have the option to cancel, please contact GlobalSign Support. Note: Cancellation is only available within 7 days of issuance of the Certificate.
11. How do I export/back-up my Certificate?
Depending on what you’re trying to do, e.g. exporting your Certificate to install on to another machine or exporting your Certificate in a file which is required by a third-party website to authenticate, the following links should assist you.
To export your Certificate in a .pfx file, you can use this guide: https://support.globalsign.com/customer/en/portal/articles/1217629-export-client-digital-certificate-to-pkcs-12-pfx
To export your Certificate in a .cer file, you can use this guide: https://support.globalsign.com/customer/portal/articles/1358186
12. I have recently changed to a new computer. How do I get a copy of my Certificate for my new computer? Is it possible to use the original download link again?
The download link for a Certificate can only be used once. If you would like a fresh copy of your Certificate, you will need to reissue your Certificate which will provide you with a new link to download the reissued Certificate. Please refer to Question #7.
13. I can’t export my Certificate with the private key, how do I proceed?
If you are unable to export the private key, this means the option to make the private key exportable was not ticked during the initial installation of the Certificate. In this scenario we would recommend locating the downloaded file of the Certificate on your machine to install the Certificate again.
If you no longer have a copy of the original Certificate downloaded on your computer, then you will need to reissue the Certificate to receive a new .pfx file. Please refer to Question #7.
14. I’ve lost the original copy of my PersonalSign Certificate (the downloaded .pfx file), how can I get another copy of the original Certificate?
If you no longer have a copy of the original Certificate downloaded on your computer, then you will need to reissue the Certificate to receive in a new .pfx file. Please refer to Question #7.
15. Where can I find the PersonalSign Intermediate Certificates?
The PersonalSign intermediate Certificates can be found here: https://support.globalsign.com/customer/en/portal/articles/1211662-personalsign-intermediate-certificates
16. How do I download and install my PersonalSign Certificate?
You can download and install your PersonalSign Certificate using different browsers by following these instructions:
If you have opted for the advanced browser pick-up option during your initial order, please refer to the following page:
Other relevant PersonalSign installation articles:
- How to install PersonalSign with Windows Certificate Importer: https://support.globalsign.com/customer/en/portal/articles/2943275-how-to-install-personalsign-with-windows-certificate-importer-wci-
- Windows Mobile PDA - Install PersonalSign Certificate: https://support.globalsign.com/customer/en/portal/articles/1214870-windows-mobile-pda---install-personalsign-certificate
17. How do I configure PersonalSign Certificates in mail clients to sign and encrypt emails?
We have multiple articles available, links can be found below. If you notice any articles are missing or would like more articles created, please let GlobalSign Support know.
- Install Certificate – Mozilla Thunderbird: https://support.globalsign.com/customer/en/portal/articles/1214955-install-certificate---mozilla-thunderbird
- Configure Certificate – Outlook 2013: https://support.globalsign.com/customer/en/portal/articles/2181023-configure-certificate---outlook-2013
- Installing Your PersonalSign Certificate - Microsoft Outlook 2007: https://support.globalsign.com/customer/en/portal/articles/1214839-installing-your-personalsign-certificate---microsoft-outlook-2007
- Using Your PersonalSign Certificate - Microsoft Outlook Express: https://support.globalsign.com/customer/en/portal/articles/1214979-using-your-personalsign-certificate---microsoft-outlook-express
- Sign and Encrypt Lotus Notes 8.5 Email – PersonalSign: https://support.globalsign.com/customer/en/portal/articles/1231920-sign-and-encrypt-lotus-notes-8-5-email---personalsign
- Using Your PersonalSign Certificate - Microsoft Outlook 2003: https://support.globalsign.com/customer/en/portal/articles/1211712-using-your-personalsign-certificate---microsoft-outlook-2003
18. How can I sign documents with my PersonalSign Certificate?
Please refer to the following:
19. What is non-repudiation?
Please refer to the following for more information:
20. How long are PersonalSign Certificates valid for?
PersonalSign Certificates are valid for 39 months maximum. For more information, please refer to: