A digital signature (or DS), which acts as e-signature for obtainment of various online services (from obtaining certificates to taking part in public procurement), contains confidential information about its holder. Therefore, for security reasons, the validity of the DS should be renewed on an annual basis. By doing so, you confirm that the certificates have not been lost and that they are in your possession and not in the hands of any unauthorised person.
Notification on DS expiration
The validity term of registration certificates of the NCA of the Republic of Kazakhstan issued in the file system is 1 year. The validity term of registration certificates of the NCA of the Republic of Kazakhstan issued on cryptokey devices (identity card, Kaztoken, eToken, aKeu, JaCarta) is 3 years. The system of the National Certification Authority of the Republic of Kazakhstan has the capability to automatically send two types of notifications about the impending expiration of the DS with an offer to renew it online.
- Multiple e-mail notifications: 1 month before, 2 weeks before, 7 days before. To get the notifications, specify your e-mail in the personal account of the NCA RoK.
- SMS notification 10 days prior to the expiry date of the DS. The SMS is sent to the phone number registered in the Mobile Citizens Database, i.e. to the phone number indicated in the eGov personal account.
How can I extend the validity of DS intended for legal entities?
On the homepage of the National Certification Authority website, go to "Personal account" section, then log in to the personal account. (Рicture 1).
Рicture 1
Sign in to your personal account . (Picture 2).
Picture 2
In the window that opens, select "Keystore" from the list - Personal computer, eToken PRO 72K, JaCarta, Kaztoken, AKey. (Picture 3).
Рicture 3
In the "Path to the keystore" field, specify the path to your registration certificates. (Picture 4).
Рicture 4
In the dialogue box that appears, enter your password for the keystore. Note! The default password for Kaztoken is: 12345678; for eToken PRO (Java, 72K), JaCarta, AKey: 1234567890. Click "Open" button. (Picture 5).
Рicture 5
If the password is correct, the DS key will be displayed. Click "Sign" button. (Picture 6).
Рicture 6
Sign in to an employee`s personal account has been performed.
Working with a personal account
The "Surname" menu contains information about the registration certificates profile of the NCA RoK user. ((Picture 7).
Рicture 7
The profile contains the user's personal information. In the settings, you can select the interface language and disable e-mail notifications. (Picture 8).
Рicture 8
"My DS keys" menu
To work with the DS keys, go to "My DS keys" tab. (Рicture 9).
Select one of the sub-items from the drop-down menu:
• Re-issuance of DS keys – provides a capability to submit a request online (subject to the availability of valid DS keys), without confirming the request at the Registration Center;
• Revocation of DS keys - provides a capability to revoke registration certificates;
• List of DS keys – displays the available registration certificates;
• Tracking the request status – provides a capability to track the request status and install registration certificates;
• Change of DS key password – provides a capability to change the DS keys password.
Picture 9
Checking the Application Status
To check the request status, go to "My DS keys" tab – "Tracking the request status" section. In the "Request number" field, enter the unique request number you received and click "Search" button. (Picture 10).
Picture 10
Information about your request will be displayed.
The "Request status" field will indicate at what stage the submitted request is.
Upon successful issuance of the registration certificate, the status will be as follows - "Registration certificates have been issued on request".
Note! If the key generation was performed on one of the supported secure media: identity card, eToken 5110, Kaztoken, AKey, connect the device to the computer before installing the registration certificate.
If you are using a personal computer as the keystore, the password fields will appear. To install the registration certificate, specify the folder where your private key is saved by clicking the search icon. Specify where you want to store the private key generated upon request. Click "Open" button.
Create and enter a password for your DS key and click "Download certificates" button (Picture 11).
Picture 11
Note! The password should contain Latin characters and digits. Password length: from 6 to 32 characters. Also, the password may include: uppercase Latin letters and special characters "#$^+=!*()@%&_?-.".
Memorize the password! Password recovery will not be possible! The NCA RoK does not store your passwords, and in the event of password loss, the DS key should be revoked.
Click "Confirm" button (Picture 12).
Picture 12
Upon installation of registration certificate, a window will open indicating the request status - "Certificates installed" (Picture 13).
Picture 13
Re-issuance of DS keys
In this section, you can apply online (subject to the availability of valid DS keys), without confirming a request at the Registration Center.
Note! To activate the request, the confirmation of senior manager is required.
The main fields will be filled in automatically based on the existing registration certificate. Specify an e-mail (if necessary).
Next, click"Select storage and submit a request" button. (Picture 14).
Picture 14
Next, you need to specify the path to the registration certificate.
Note! The "Personal Computer" storage is not secure. We recommend using a secure cryptokey device to reduce the risk of DS keys being compromised.
Check the box confirming the correctness of the submitted request and click "Confirm" button. (Picture 15).
Picture 15
Enter the password and click "Sign" button. (Pic. 16). (Picture 16).
Picture 16
Memorize the request number. Upon approval of the request by the senior manager, install the registration certificates according to the "Tracking the request status" section. (Picture 17).
Picture 17
Source: http://pki.gov.kz
