[Skip navigation links]

Advanced plus certificates

What's a QuoVadis Advanced Plus certificate?
As outlined in the QV CP/CPS CA1/CA3, a QV Advanced Plus certificate is a high assurance certificate that can be issued to a person or an organisation.  To protect the private key, it is mandatory that these certificates be issued onto a SSCD.  QV Advanced Plus certificates can be used for signing, encryption and authentication.  Additionally, the QV Advanced Plus certificate is trusted in the Adobe Approved Trust List, which makes them ideal for signing PDF documents. Top
What's a secure signature creation device (SSCD)?
A SSCD is defined by QuoVadis in its CP/CPS is a secure container specifically designed to carry and protect a digital certificate, which meets specified requirements.  For further details see page 74 of CA1 CA3 CP/CPS version 14.15.  This device can be a hardware security module (HSM) set up as a server to sign documents; or more typically for people, is installed onto a Safenet eToken which is held in the possession of the person to whom the certificate has been issued. Top
What secure signature creation devices are recommended by QuoVadis?
QV recommends using the Safenet ikeys (4000 or 5100) or Alladin eTokens.  Both work well with TrustLink.  The SSCD chosen should meet the FIPS 140-2 level 3, or Common Criteria EAL4. Top
What's the procedure for obtaining a QV Advanced Plus certificate?
Currently, these are being offered on a trial basis only of 1 per Sub-LRA.  If there's sufficient interest, AusCERT will offer these as an additional optional service to be charged per certificate and SSCD.  You will need to factor the cost of obtaining a SSCD into the cost of the certificate.  If you are interested in one of these contact AusCERT.  Top
What vetting steps need to occur before a person can be issued with a QV Advanced Plus Certificate?
To comply with the CP/CPS, SubLRA's and applicants (end users) for QV Advanced Plus certificates must comply with the identity verification and documentation requirements.  This is necessary to comply with the high assurance features of the certificate necessary to be trusted in the Adobe Approved Trust List.  The form needs to be completed and submitted to QuoVadis.  Once the identity and authentication verification has been completed, AusCERT can arrange for the certificate to be issued to an end user via TrustLink. Top
How do I install the Safenet Authentication Client software?
Please refer to these instructionsTop
Can I use a S/MIME certificate to sign PDF documents?
Yes, this is possible, but the digital signature won't be trusted by Adobe and hence the signature will show a warning message to any party relying on the authenticity of the digital signature. In this situation the authenticity check fails as Adobe cannot provide assurance of the identity of the certificate holder who signed the PDF.  This level of assurance might be sufficient for signing PDF forms for internal use, but may not be sufficient for signing legal documents or for signing official documents which need to be publicly released. Top
When a user's QV Advanced Plus certificate expires, do we need to complete the QV Advanced Plus application form again before we can renew the certificate?
Yes you will need to complete and sign a new application form but if the identity document used to verify the certificate holder's identity has not yet passed its expiry date, you won't need to take a copy of that (or do a face-to-face meeting).
However, if the identity document has expired, then you will need to complete a new application form and verify the person's identity again, using new documentation.Top