Site icon SSL.com

FAQ: Getting Started With Your Business Identity Certificate

Now that you’ve received a new FIPS 140-2 validated security key USB token with your Business Identity email, client authentication, and document signing certificate in the mail, you may be wondering just what to do next. This FAQ answers common questions you may have about how to get started with your new certificate and USB token.

SSL.com’s Business Identity certificates offer secure S/MIME email protection, trusted digital signatures for Adobe PDF and Microsoft Office documents, and PKI-based client authentication, all for as low as $249.67 per year. They are delivered on secure FIPS 140-2 validated security key USB tokens with two-factor authentication.

ORDER NOW

How do I sign documents with my Business Identity certificate?

Creating trusted digital signatures in Adobe PDF and Microsoft Office documents is simple with your Business Identity certificate! You simply plug the YubiKey into your computer’s USB port, follow the application’s steps for digitally signing a document, and enter your YubiKey’s PIN.

For complete instructions, please refer to these SSL.com how-tos:
Sign a PDF in Adobe Acrobat Reader
Digitally Signing Microsoft Office 365 Documents

Note: macOS users will need to take some extra configuration steps before signing PDFs in Acrobat – please read this how-to.

How do I use my Business Identity certificate to sign and encrypt email?

For application-specific instructions on using your Business Identity certificate to sign and encrypt email messages, please refer to these SSL.com how-tos:
Using Your YubiKey for S/MIME Email with Outlook on Windows
Use Your YubiKey for S/MIME Email in Thunderbird

Note that you can start digitally signing email with your Business Identity certificate right away, but encrypting and decrypting email requires the separate installation of a second S/MIME certificate. This extra step is necessary for the protection of your personal data. The private signing key shipped on your YubiKey is not exportable from the device. Without a backup of your private encryption key outside of your YubiKey, accidental loss of the YubiKey would mean that you would never to be able to read mail encrypted with that key again! Therefore, each Business Identity certificate order also includes a credit for a separate Personal Pro certificate.

For instructions on installing this additional S/MIME certificate on your YubiKey for encryption, please refer to our how-to, Install an S/MIME Certificate on your YubiKey.

How do I use my Business Identity certificate for client authentication?

For most popular Windows and macOS web browsers, you can simply insert your YubiKey into a USB port on your computer, and the OS will provide access to the certificate and private key to your browser. Mozilla Firefox requires an additional configuration step before the browser can access the certificate and private key. (Note that versions of Firefox prior to 75 cannot access certificates and keys on smart cards via the OS.)

For more details, please see our how-to, Configuring Client Authentication Certificates in Web Browsers.

How can I order and install additional certificates on my YubiKey FIPS?

The 3.0 release of SSL.com’s SSL Manager gives Windows users the ability to securely generate key pairs, order EV Code Signing and Business Identity certificates, and install certificates directly on their YubiKey from the application.

If you’d like to generate key pairs and manage certificates on your YubiKey with Windows, macOS, and Linux computers, you can also use Yubico’s YubiKey Manager application via the instructions in the SSL.com how-to, Key Generation and Attestation with Yubikey.

What else can I do with my YubiKey?

Please read our blog post, Business Identity Certificate with YubiKey, for more details concerning your YubiKey’s capabilities and security features, including client authentication and single sign-on.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.
Exit mobile version