General Information

Digi-Sign carries on the business of a Recognized Certification Authority. It issues certificates for the purpose of supporting digital signatures that serve to confirm the identity of the holder of a particular certificate.

As a Recognized Certification Authority, Digi-Sign issues certificates recognized by the GCIO under section 22 of the Electronic Transaction Ordinance (Cap. 553) and certificates not recognized by the GCIO.

The following Digi-Sign certificates are recognized by the GCIO of the Government of the Hong Kong Special Administrative Region, in accordance with section 22 of the Electronic Transactions Ordinance (Cap. 553) of Hong Kong:

  • ID-Cert Root CA Certificate
  • ID-Cert Root CA Certificate 1
  • ID-Cert Root CA Certificate 2
  • ID-Cert Signing CA Certificate
  • ID-Cert Signing CA Certificate 1
  • ID-Cert Signing CA Certificate 2
  • ID-Cert Root CA Certificate - GOVT
  • ID-Cert Signing CA Certificate - GOVT
  • ID-Cert Root CA Certificate - BANK
  • ID-Cert Signing CA Certificate - BANK
  • Personal ID-Cert Class 1 Certificate
  • Organizational ID-Cert Class 2 Certificate
  • Encipherment ID-Cert Class 3 Certificate
  • Organizational ID-Cert Class 5 Certificate
  • Governmental ID-Cert Class 6 Certificate
  • Governmental ID-Cert Class 7 Certificate
  • Personal ID-Cert Class 8 Certificate
  • Organizational ID-Cert Class 9 Certificate
  • Personal (Banking) ID-Cert Class 10 Certificates
  • Organizational (Banking) ID-Cert Class 11 Certificates
The issuance of these recognized certificates is governed by the Certification Practice Statement that Digi-Sign publishes from time to time. The current and the preceding versions of the Certification Practice Statement can be read from this Website. For identification purpose, Digi-Sign's Certification Practice Statement for these Recognized Certificates bears the Object Identifier (OID) 1.3.6.1.4.1.8420.1.x.x, the last two digits denoting the version number.

In addition to Recognized Certificates, Digi-Sign also issues the following types of Certificates not recognized by the GCIO using separate Private Keys:

The issuance of Super SSL Certificates on or before March 21, 2004 is governed by the OmniRoot SSL Certification Practice Statement while the Super SSL Certificates issued thereafter are governed by the Super SSL Certification Practice Statement that Digi-Sign publishes from time to time.

The issuance of Premium Certificate is governed by the General Purpose Certification Practice Statement that Digi-Sign publishes from time to time.

The current and the preceding versions of these statements can be read from this Website. For identification purpose, Digi-Sign's OmniRoot SSL Certification Practice Statement bears the Object Identifier (OID) 1.3.6.1.4.1.8420.2.x.x, where the last two digits denoting the version number and Digi-Sign's General Purpose Certification Practice Statement bears the Object Identifier (OID) 1.3.6.1.4.1.8420.4.x.x, where the last two digits denoting the version number.

For Recognized Certificates, a set of rules in the Digi-Sign's Certification Practice Statement governs the issuance of ID-Certs. This set of rules also provides the applicability of an ID-Cert to a particular community and / or class of application with common security requirements. It is the responsibility of a user (relying party) of the ID-Cert to decide whether to accept an ID-Cert issued by Digi-Sign to:

  • Authenticate the identity of the person named therein, in the case of a Personal ID-Cert Class 1
  • Authenticate the identity of the organization named therein, and identify the Authorized Delegate named therein, in the case of an Organizational ID-Cert Class 2
  • In the case of an Encipherment ID-Cert Class 3:
- Send encrypted electronic messages to the subscriber
- Decrypt encrypted electronic messages as they are received by the subscriber
- Issue acknowledgement by the subscriber upon the receipt of the encrypted
  electronic message
  • Authenticate the identity of the organization named therein, and identify the Authorized User named therein, in the case of an Organizational ID-Cert Class 5
  • Authenticate the identity of the person named therein, in the case of a Governmental ID-Cert Class 6
  • In the case of a Governmental ID-Cert Class 7:
- Send encrypted electronic messages to the Subscriber;
- Decrypt encrypted electronic messages as they are received by the Subscriber;
- Issue acknowledgment by the Subscriber upon the receipt of the encrypted
 electronic message; and
- Authenticate the identity of the Subscriber named therein for renewal
 of the existing Governmental ID-Cert Class 7
  • Authenticate the identity of the person named therein, in the case of a Personal ID-Cert Class 8
  • Authenticate the identity of the organization named therein, and identify the Authorized User named therein, in the case of an Organizational ID-Cert Class 9
  • Authenticate the identity of the person named therein, in the case of a Personal (Banking) ID-Cert Class 10
  • Authenticate the identity of the organization named therein, and identify the Authorized User named therein, in the case of an Organizational (Banking) ID-Cert Class 11

These rules provide a useful means for the relying parties or potential relying parties of an ID-Cert to determine whether it is sufficiently trustworthy for a particular use.

The Digi-Sign Certification Practice Statement shall not be treated as, or deemed to be, any offer to the Public. Digi-Sign reserves its absolute right to refuse any subscriber application, or issue of ID-Cert pursuant to its Certification Practice Statement, without giving any reasons.

IMPORTANT NOTICE:

ID-Cert subscribers are bound by the Subscriber Terms and Conditions and provisions of the Digi-Sign Certification Practice Statement, which prescribe, among others, that Digi-Sign:

  • Shall not be responsible for the contents of any transmission, message, contract adopted by or signed by the subscriber using keys and ID-Certs provided by Digi-Sign
  • Shall not be responsible for the use of the subscriber's private key and ID-Certs by the subscriber
  • Shall publish the subscriber's public key and ID-Certs in the Digi-Sign Certificate Directory
  • Reserves its absolute right to amend the provisions of the CPS from time to time
  • Reserves its absolute right to revoke key and ID-Certs and to publish them in the Certificate Revocation List where
- Digi-Sign suspects a compromise of the subscriber's key or ID-Certs
- Such compromise is proven
- Digi-Sign is properly requested to do so under the CPS

Relying parties and others may rely on an ID-Cert only after confirming that the ID-Cert and its issuer's certificate have not been revoked or suspended, and the ID-Cert and its issuer's certificate have not expired. Relying parties and others are requested to check the details in the Digi-Sign Certificate Directory and the Certificate Revocation List at <ldap.dg-sign.com>

Back Back to top