Generic Questions

  • 1. I plan to purchase a digital certificate, what shall I do?

    First, you have to identify which type of digital certificate you need. For such, you may use the set of questions available in Footer

  • 2. To which address do I have to send the documentation?

    MULTICERT

    Avenida Sidónio Pais, 379

    Edifício Hoechst A, Piso 3, Direito

    4100-468 Porto

    Portugal

  • 3. I have already paid my Certificate through ATM reference, but when I check the status of my order, it appears as still not having "Payment Confirmation". Is there something wrong?

    Multicert's confirmation of payment receipt is an automated process, but is not processed in real time.

    Multicert does not have access to this information immediately after payment but at regular intervals of time.

    Please check the status of your order later.

  • 4. Besides the amount presented on the price list, is there any additional cost, as for example, annuity?

    There is no additional cost during the validity period of the Certificate.

  • 5. What email and password shall I insert in the first step of the certificate request?

    That is the access data to your client area.

    First of all, you shall verify if you already have a client area. For this, you shall:

    • Access to https://www.multicert.com/3ws/pwRecovery
    • Enter the email address that you think is the one which identifies you as client of Multicert
    • Press the button “Password Recovery”
      • If Multicert finds a client registered with that email address, a new password will be sent. In that situation, you shall enter your email address and password in the fields at the beginning of the online form.
      • Otherwise, the message “Error sending credentials” will be displayed. You shall create a client account, by pressing the button “Yes” on the right side of the form
  • 6. I am already a customer of Multicert. How do I check if I have a personal customer area?

    Click on https://www.multicert.com/3ws/login and try to enter the e-mail that identifies you as a Multicert client and its password:

    • If you can authenticate, it means that you have a client area and your credentials are valid
    • If you can not authenticate:
      • Click on https://www.multicert.com/3ws/pwRecovery
      • Insert the e-mail address that you think is what identifies you as a Multicert client
      • Press the button “Recover Password”
        • If Multicert finds a registered customer with this email, it will send you a new password
        • Otherwise, you will resceive the message "Error sending credentials”
  • 7. What are the benefits of registering in the client area?

    In your Client Area you may:

    • Request new certificates faster, with autofill of form fields
    • Manage the entire life cycle of your digital certificates
    • Request your credentials to access your certificates
    • Update your personal information and addresses
    • View the status of your payments
  • 8. By filling in the online form, I clicked on “Next” and nothing happens.

    Verify if all required fields were filled in. You shall also verify if there is some error in completing a field of the form presented.

    Errors will appear in red on the line below the space to fill in.

  • 9. The data entered while requesting the digital certificate is wrong. Can you cancel the request?

    If you have not made the payment or sent the documentation yet, the request will not be processed. You only have to make a new request.

    If you have already made the payment, please contact Multicert’s Client Support. We will verify the best way to transfer the amount to another purchase. 

    If you sent the documentation but did not made the payment, start a new request and send all documentation that was changed. On the same email or letter, please write the reference of your former request and state that the documentation which was sent before shall be used in the current request.

  • 10. My Digital Certificate already expired or is about to expire. May I renew it?   

    Yes. If it has already expired, you may perform an effective renewal at our website. If it has not expired yet and you have had your USB token or smartcard for less than two years, you may perform a simplified renewal.

    You will find the instructions here

  • 11. What are the office hours of Multicert?

    Business days from 9h to 18h, without lunch break

  • 12. I did not keep the ATM data for the payment. How can I recover it?

    You may recover them through your Client Support. After your authentication, the list of pending payments is displayed. Click on the ATM symbol to access payment data.

    If you do not have client area, you shall contact Multicert’s Client Support, through email cliente@multicert.com , indicating the reference of the digital certificate and/or the name of its titleholder.

Qualified Digital Certificates

  • 1. Does the data concerning the Holder or the Entity to which he/she belong have changed since the issue of the Certificate?

    If there is a change in the name of the Holder or the name of the associated Entity, you must select the New Issue option in the "Issue Type" section of the online application form. After this step your Qualified Digital Certificate for Collective Person Representation will be updated.

    If you wish to change the associated Entity with your Digital Certificate, Multicert does not consider this case to be a renewal, so you must request a new certificate issue, with reissue costs.

  • 2. By requesting a Qualified Digital Certificate, Multicert requires my mobile phone number. Why do you need this information?

    Multicert needs your mobile phone number in order to send you through SMS the access credentials (reference of the Certificate, PIN and PUK if applicable) to the chosen secure signature creation device, USB Token or card (Smartcard).

  • 3. My Digital Certificate already expired or is about to expire. May I renew it?

    In Portugal it is the Attorney General's Office. In other countries you shall contact the Portuguese Embassy to know the procedure to place an Apostille on documents, so they are accepted in Portugal.

  • 4. I want to renew my Certificate and I delivered a power of attorney in the past, do I have to send a new power of attorney?

    If the power of attorney is still valid, you do not.

  • 5. The first time I requested the Certificate I chose a validity of one year, may I request the renewal for a longer period or does it have to be one year?

    Yes, if you have originally requested your certificate for one year, you may now renew it for two years.

  • 6. I want to change the power of attorney associated with my Qualified Digital Certificate, may I do it when renewing it?

    In that case, it is not a renewal; it is a new issuance, once the data on the digital certificate is going to be changed. ular do Certificado ou da entidade associada ao mesmo.

  • 7.  What is the difference between standard, urgent and in 1 hour issuance?

    The difference between the three issuance types is about two factors: issuance time and value:

    • Standard issuance type, 4 business days, after Multicert has all the correct and complete documentation, the payment value is the digital certificate's price
    • Urgent issuance type, 1 business day,
      • upon payment of an urgency fee - 100 euros,
      • all the documentation must be sent by email to documentacao@multicert.com or uploaded in the client area (you must warn Multicert that you have requested an urgent issuance using the phone number 217 123 010)
      • the signed contract must be sent by email to documentacao@multicert.com
      • the urgent issuance involves going to Multicert in order to deliver the original documentation and receiving the digital certificate
    • In 1 hour issuance type, 1 hour
      • upon payment of an urgency fee - 250 euros,
      • all the documentation must be sent by email to documentacao@multicert.com or uploaded in the client area (you must warn Multicert that you have requested an urgent issuance using the phone number 217 123 010)
      • the signed contract must be sent by email to documentacao@multicert.com
      • the urgent issuance involves going to Multicert in order to deliver the original documentation and receiving the digital certificate

Application/Services Digital Certificates

  • 1. How to generate a CSR file to perform a request for a digital certificate for application, electronic invoicing or web server, using OpenSSL? 

    By purchasing a Digital Certificate for web server, application or CodeSigning it is required to upload a .CSR file (Certificate Signing Request) to the certificate request interface. 

    1. Before you start, make sure you have OpenSSL software installed on your computer.
    2. If you don't, you can download OpenSSL (for MSWindows) at https://slproweb.com/products/Win32OpenSSL.html.
    3. Install the openssl application
    4. If using Microsoft Windows:
      1. Open the Command Prompt
      2. In directory c:\openssl\bin run the following Openssl command:
        openssl req -nodes -keyout chavepriv_certificado.key -out pedido_certificado.csr -newkey rsa:2048
    5. If using Linux:  
      • In the directory where you want to generate the keys (Ex: /etc/apache2/ssl/) run the following OpenSSL command:
        openssl req -new -nodes -keyout chavepriv_certificado.key -out pedido_certificado.csr -newkey rsa:2048
    6. At the end of the transaction, the private key will be stored on file "chavepriv_certificado.key" and the public key (which corresponds to the CSR to be sent to Multicert) will be issued afterwards by our services. The private key is essential for the use of your digital certificate, if it is lost, a new digital certificate must be purchased.

      It is advisable to protect your private key according to the following command: "openssl rsa -in chavepriv_certificado.key -des3 -out chavepriv_certificado_segura.key" 

    Notice: in both situations, while running the command, a series of data about the certificate will be required, thus being necessary to fill in the "Common Name (eg, YOUR name) []:"with the desired domain name (Ex: www.multicert.com) and the "E-mail Address []:"with the email address of the Technical Manager. 

  • 2. How to generate a CSR file to perform a request for a digital certificate for web server, using IIS6? 

     1.  Open the window Internet Information Server (IIS), through Start-->Programs-->Administrative Tools-->Internet Services Manager

     2.  Select the site on which you want to install the certificate

     3. Right-click this and select "Directory Security" on "Properties". The following window is displayed:

     

     4. On "Secure Communications", click "Server Certificate" (if you have never used this option before, button [Edit] will be inactive) and a Wizard window is displayed. On this new screen select "Create a new Certificate". Click [NEXT]

     

    1.  Select option "Prepare the request now, but send it later". Click [NEXT]
    2.  On the next screen, fill in the required fields. The field "Name" shall be filled in with the name of the Certificate. This name shall be similar to the name of the website to be more easily identifiable. The field "Bit length" indicates the size of the key which will be generated. It is advisable to choose length not lower than 2048 bit, the latter being appropriate for web servers. Click [NEXT]
    3. Fill in the field "Organization" with the name of the company/institution and the field "Organization Unit" with the name of the Department of the Company responsible for the website. Click [NEXT]

     

        8. Fill in the field "Common Name" with the domain name of your website, i.e., in case we are dealing with a              domain whose name is www.abcd.pt, the field "Common Name" shall be filled in with the              name www.abcd.pt .  Click [NEXT]

             

         9.  The fields shall be filled in with information according to the current address of the company (see figure                 below).

     

          10. You may select a location on disk to save the certificate request to be sent to Multicert, as well as the file                 name. Click [NEXT]

     

          11. Verify data entered so far. If it is correct, click [NEXT]

     

          12. The certificate request is completed. Click [Finish].

     

  • 3. How to generate a CSR file to perform a request for a digital certificate for web server, using IIS7? 
    1. Open IIS 7 (Internet Information Services) through:Start -> Administrative Tools -> Internet Information                Services Manager
    2. On the left pane click the corresponding server
    3. On the central pane double-click “Server Certificates
           

           4. On the right pane click “Create Certificate Request

           5. On the next screen it will be required to enter information about the company.

     

    • Notice: The Common Name should be composed of the FQDN (Full Qualified Domain Name) for which you are performing the request. (Ex:.www.multicert.com ,exemplo.pt, smtp.multicert.com)

           6. The key length shall be 2048 bits and the Cryptographic Service Provider shall remain as “Microsoft RSA                 Schannel Cryptographic Provider

           7. Then, save the generated file in a folder on your computer and send it to the technical services of Multicert.

     

     

     

     

  • 4. How to generate a CSR file to perform a request for a digital certificate for web server, using IIS8?    
    1. Open IIS 8 (Internet Information Services) through: Start -> Administrative Tools -> Internet Information Services Manager
    2. On Internet Information Server (IIS) select the server and access to 'Server Certificates' (Figure 1: Configuration Panel IIS 8),by double-clicking Server Certificates

           3. Select the option 'Create Certificate Request'

    1. Fill in:
    • the field'Common name'  with the domain name of the 'website', i.e., in case we are dealing with a domain whose name is exemplo.pt, the field ‘Common Name’  shall be filled in with the name www.exemplo.pt.
    • the field‘Organization’ with the name of the company/institution,
    • the field‘Organization Unit’  with the name of the Department of the Company responsible for the website and 
    • the remaining fields'City/locality', 'State/province' and 'Country/region' with the location of the Company.
    • Click the button [NEXT].

          5. On field'Cryptographic service provider' select the cryptographic service provider 'Microsoft RSA SChannel                 Cryptographic Provider'. The field ‘Bit length’ shows the key length that will be generated. Select length                     of 2048 bit. Click [Next].

          6. Select the location on the disk where you want to store the Certificate request. This is the file that shall be                 sent to Multicert.

          7. To conclude press button [Finish].

     

     

  • 5. How to generate a CSR file to perform a request for a digital certificate for application, electronic invoicing or web server, using JBoss/Tomcat?
    1. Creation of the new keystore

    To create a new keystore it will be required to resort to the following keytool command:

    keytool -genkey -alias servidor -keyalg RSA -keysize 2048 -keystore oseudominio.jks

    Notice: oseudominio.jks is the domain name that you want to link to the certificate.

    Afterwards, a series of questions are displayed. It is important to take into account when questioned about "First and Last name", that this is not your first and last name but the domain and extension (example: www.multicert.com). When questioned, confirm the data entered through the abbreviation "y" or "yes"

    1. Create the CSR request

    To create the certificate request (CSR) it will be required to use the following keytool command:

    keytool -certreq -alias server -keyalg RSA -file oseudominio.csr -keystore oseudominio.jks

    Notice: once more, oseudominio.jks is the domain name that you want to link to the certificate.
    Send the file oseudominio.csr to certificados.avancados@multicert.com

  • 6. Foreign documentation
    1. I plan to buy an SSL certificate, but the entity to which I belong is foreign. What is the required documentation?

    If the entity is foreign, the following documents must include an Apostille (an Apostille is a document that has a universal format, resulting from an international agreement, the Hague Convention of 1961. The model of an Apostille can be found at http://hcch.e-vision.nl/upload/apostille.pdf):

    • The contract signed by those who are empowered to bind the entity (one or more people). The signature must be authenticated as we are legally obliged to validate the identity.
    • Copy of the commercial register (or similar) of the entity, indicating who is empowered to bind the entity. This document has to be authenticated.
      • If this document is not written in English, French or Spanish, a translation for Portuguese is needed, provided by an authorized translator. This document has to be authenticated.

    You must also provide a copy, without Apostille, of the following documents:

    • Copy(ies) of the Identity Card, Citizen Card or Passport of the representatives of the entity who sign the Contract
    • If the domain registration server has no active WHOIS service, it will be required a receipt of the domain registration
    • If the Applicant Entity is not the Entity recorded in the domain registration server, it is required a statement Authorizing the Use of the Domain. This statement must be made by the Entity registered in the domain server, specifying the domain in question and the Entity to which it is being assigned
    • Copy of the entity’s tax card

     

    1. I plan to buy a certificate for Application/CodeSigning/electronic invoicing, but the entity to which I belong is foreign. What is the required documentation?

    If the entity is foreign, the following documents must include an Apostille (an Apostille is a document that has a universal format, resulting from an international agreement, the Hague Convention of 1961. The model of an Apostille can be found at http://hcch.e-vision.nl/upload/apostille.pdf):

    • The contract signed by those who are empowered to bind the entity (one or more people). The signature must be authenticated (it is a legal requirement to validate the identity)
    • Copy of the commercial register (or similar) of the entity, indicating who is empowered to bind the entity. This document must be authenticated.
      • If this document is not written in English, French or Spanish, a translation for Portuguese is needed, provided by an authorized translator. This document has to be authenticated.

    You must also provide a copy, without Apostille, of the following documents:

    • Copy(ies) of the Identity Card, Citizen Card or Passport of the representatives of the entity who sign the Contract
    • Copy of the entity’s tax card (or similar)
  • 7. Foreign documentation: I plan to buy a certificate for Application/CodeSigning/electronic invoicing, but the entity to which I belong is foreign. What is the required documentation?
    1. I plan to buy a certificate for Application/CodeSigning/electronic invoicing, but the entity to which I belong is foreign. What is the required documentation?

    If the entity is foreign, the following documents must include an Apostille (an Apostille is a document that has a universal format, resulting from an international agreement, the Hague Convention of 1961. The model of an Apostille can be found at http://hcch.e-vision.nl/upload/apostille.pdf):

    • The contract signed by those who are empowered to bind the entity (one or more people). The signature must be authenticated (it is a legal requirement to validate the identity).
    • Copy of the commercial register (or similar) of the entity, indicating who is empowered to bind the entity. This document has to be authenticated.
      • If this document is not written in English, French or Spanish, a translation for Portuguese is needed, provided by an authorized translator. This document has to be authenticated.

    You must also provide a copy, without Apostille, of the following documents:

    • Copy(ies) of the Identity Card, Citizen Card or Passport of the representatives of the entity who sign the Contract
    • Copy of the entity’s tax card
  • 8. Batch of simple SSL/TLS

     It implies the request of five or more digital certificates, thus benefiting from special conditions of purchase.

    Get five or more digital certificates for the same entity, in a simple and practical way!

    BUTTON LEARN MORE ABOUT THE PRODUCT

    • Create a .CSR file, for each certificate, following the instructions available at https://www.multicert.com/pt/suporte/apoio-tecnico/emissao-e-revogacao/geracao-csr-openssl/
    • Complete the form available at xxxxx
    • Collect the signature of all those empowered to bind the entity (according to the Commercial Register/Permanent Certificate or equivalent document)
    • Gather the following documentation:
      • The signed contract
      • Copy(ies) of the Identity Card, Citizen Card or Passport of the representatives of the entity who sign the Contract
      • Document certifying the way to bind the entity (see table https://www.multicert.com/fotos/editor2/tabela-tipos-entidade.pdf )
      • If the domain registration server has no active WHOIS service, it will be required a receipt of the domain registration
      • If the Applicant Entity is not the Entity recorded in the domain registration server, it is required a statement Authorizing the Use of the Domain. This statement must be made by the Entity registered in the domain server, specifying the domain in question and the Entity to which it is being assigned
      • Copy of payment confirmation (payment can be made by bank transfer to NIB 0035 0125 00001437330 45)
      • Send documentation to Multicert:

    MULTICERT

    Avenida Sidónio Pais, 379

    Edifício Hoechst A, Piso 3, Direito

    4100-468 Porto

    Portugal

    Afterwards you will be contacted by Multicert to let you know if all the documentation is correct and whether the digital certificates will be issued or if there is something missing which is preventing the issuance of the certificates.

    If everything is complete, the Technical Manager responsible for the digital certificates will receive the digital certificate in the email. He/she may import it on the web server or generate a .p12 file, following the instructions available at https://www.multicert.com/pt/suporte/apoio-tecnico/instalacao/criar-ficheiro-pfx/

     

     

  • 9. What is the difference between standard issuance and urgent issuance?

    The difference between the two issuance types is about two factors: issuance time and value:

    • Standard issuance type, 3 business days, after Multicert has all the correct and complete documentation, the payment value is the digital certificate's price
    • Urgent issuance type, 1 business day,
      • upon payment of an urgency fee - 55 euros,
      • all the documentation must be sent by email to documentacao@multicert.com or uploaded in the client area (you must warn Multicert that you have requested an urgent issuance using the phone number 217 123 010)
      • the signed contract must be sent by email to documentacao@multicert.com
      • the urgent issuance involves going to Multicert in order to deliver the original documentation and receiving the digital certificate, if it is in a cryptographic token