Spojeni s důvěrou

Spojenie s dôverou

Connected with trust

D. Trust
Certifikačná Autorita a.s.

Spojeni s důvěrou

Spojení s dôverou

Connected with trust

Skip Navigation Links > Support > For your help > Frequent asked questions

Frequent asked questions

 I have a new computer; how can I reinstall the certificate?

If you have a backup of the private key of your certificate, then just import it using the Windows wizard. If you do not have a private key backup, you need to issue a new certificate. The email in which we send you the certificates does not contain the private key.

 I changed my place of residence, company seat, name ... How do I reflect changes to an existing certificate?

If any of the information in the certificate has changed, a new certificate needs to be issued. The items in the certificate cannot be changed.

 Can I own multiple personal certificates?

The number of certificates is not limited, so a natural / legal person can hold an unlimited number of issued certificates.

 What should I do if my private key is lost or deleted?

The private (private) key is available only to the user, unless the private key has been backed up in case of the STANDARD certificate (.PFX file) from which the certificate can be re-imported into the storage (private key stored in MS Windows storage). issuing a new certificate.

 How to verify that your electronic signature is not compromised by the vulnerability of the RSA keys?

The Ministry of the Interior recommends that users who have doubts about whether their "electronic signature" can not be compromised by the vulnerability of RSA keys can verify by using the on-line test whether their "electronic signature" is affected by a discovered error. These are RSA keys that were created through cryptographic libraries of Infineon Technologies AG (eID Slovakia, Estonia, Austria). The Ministry of the Interior further recommends that if the test result shows that RSA keys are affected by the error found, contact the resource vendor or the manufacturer of the resource through which RSA keys were generated for further action. It is recommended to revoke invalid qualified certificate. Information from the Ministry of Interior is available here .

Chip cards provided by I.CA as qualified electronic signature creation device (QSCD) and identifiable by OID (QCP-nqscd):, ie the private key is generated and stored on the QSCD in the appropriate certificate, they are not threatened with the above threat. You can find more information here .

  How to renew a certificate?

The procedure for the renewal of a certificate is described here

  How to revoke a certificate?

The procedures for the revocation of a certificate are defined in the I.CA Certification Policy:

  • Submission of an electronic application – using the form available here  
  • electronically at the e-mail address: revoke@ica.cz - this message must be electronically signed
  • Personal handover of an application to the RA
  • Sending by post

  Can I use a certificate on multiple computers?

Yes, it is possible to use a certificate on multiple computers. Installation of a certificate on a PC where the application for the certificate was not generate is possible from the certificate backup (PFX file); the procedure for the creation of the backup is described here .
However, we recommend that a secure private key storage location, i.e. a certificate stored on a smart card or USB token (A8) to be used for the transfer of certificates between individual PCs.

  What is a Qualified Certificate for Electronic Seal?

Based on the qualified certificate for electronic seal is according to eIDAS Regulation, is advanced electronic seal, which can be of two types:

  • advanced electronic seal based only on qualified certificate for electronic seal,
  • a qualified electronic seal, ie a advanced electronic seal that is based on a qualified certificate for electronic seal and is created using the QESCD (Qualified Electronic Secure Creation Device).

It is intended for legal entities only. To ensure the integrity of the data and the correctness of the origin of the data to which the qualified electronic seal is attached.

  What is the “MLSA Identifier”?

The MLSA Identifier provides a unique identification of a client with respect to the MLSA, TO, CSSA and LO. I.CA allows its clients to get this identifier for free as a part of the service of issuance of a qualified certificate. It is necessary to apply for it directly at the workplace of the registration authority before the submission of an application for a certificate.

  How to get an issued certificate?

The issued certificate is usually sent to the certificate applicant to his e-mail box at the time of its issuance. It is also possible to search for public certificates on the list of public certificates and save them in selected formats - DER, PEM, TXT.

  How to install a certificate?

To install a personal certificate in the Windows (Internet Explorer) operating system, click here . The displaying of the website then allows the certificate to be stored onto a Starcos smart card or downloaded in different formats… To install in another application (SCP, RM-S, …), install according to the instructions supplied together with the respective product using certificates. If you want to install a certificate without visiting the above URL address, it is possible to use the DER certificate format (this format was sent to you by e-mail at the time of the issuance of the certificate, or you can get it from the list of public certificates .

Registration authorities