1. General

Q: What is PKI??

A: PKI stands for Public Key Infrastructure: a system which ensures reliable electronic communication (e.g. with and within public-sector organisations).

Q: How long will it take to activate my certificate?

A: This depends on how quickly you complete the application process, allowing the validation of the information to start. Assuming you submit all information at the same time, you will generally be able to use the certificate within two working days. 

Q: Who is the ‘contact person’.?

A: The contact person is a director or other authorized signatory representing the organization for which the certificate has been requested. 

Q: Who is the ‘subscriber organization’

A: In this case, the subscriber organization is TenneT. 

Q: Who is the ‘certificate administrator’??

A: The certificate administrator is the person who installs the certificate on your system and is responsible for its use and subsequent updates. In most cases, this role is filled by the existing systems administrator. The certificate administrator is also responsible for submitting the application and downloading the certificate. 

Q: How can I renew my certificate??

A: The certificate is valid for a period of three years. You will receive notification twelve weeks before it expires so that you can request a new certificate from the Certificate Store.

Q: Can I obtain other types of certificate from Digidentity? ?

A: Yes. Digidentity issues various types of certificate, including professional accreditations. Further information can be found on the Digidentity SSL website at: https://www.digidentity.eu/static/nl/digidentity-ssl/index.html

2. Security and privacy

Q: Is my information safe with Digidentity??

A: All information in your Digidentity account is fully secure. Digidentity is a recognized Trusted Third Party (TTP): an independent organization which guarantees the integrity and reliability of electronic transactions. 

Q: What is Digidentity’s privacy policy??

A: Digidentity is certified to ISO and ETSI standards. Our privacy and security arrangements are subject to an annual independent audit by KPMG, in which our compliance with the government’s PKI regulations is also assessed. 

Q: How does Digidentity protect itself and its customers against phishing, social engineering and malware attacks??

A: Digidentity has implemented adequate technical, procedural and organizational measures to prevent phishing, social engineering and malware attacks. You can be confident that Digidentity offers the highest possible level of reliability ?

3. Testing during the trial period

Q: I have not received an e-mail with a test certificate

A: Please contact the Digidentity support desk (e-mail PKI-CPS@digidentity.eu, phone +31 88 778 7888). Staff will arrange for the certificate and accompanying documentation, including the full user’s manual, to be sent to you as soon as possible. 

Q: I cannot open the file containing the certificate.

A: First, check that you have: 
- entered the correct password: demo1234, 
- imported the certificate into your browser, 
- selected the right certificate. 

If this does not resolve the problem, please contact the Digidentity support desk (email PKI-CPS@Digidentity.eu, phone +31 88 778 788). We will arrange for a replacement certificate to be issued as soon as possible. 

Q: I have lost or forgotten the log-in details for the mailbox(es).

A: Please contact the TenneT Customer Support Center, email tennetccc@tennet.eu.

Q: My mail is not being encrypted (no padlock icon) or is not being signed (no envelope icon with red dot).

A:You should be using the testextra mailbox. Please contact Digidentity to ascertain whether this is the case. 

Q: My return mail can be signed but cannot be encrypted.?

A: The mail address is a “testfac” address, which means it is not possible to encrypt or sign messages. Digidentity can check whether you are using the appropriate mailbox.

Q: I cannot send mail. What should I do??

A: Contact the Digidentity support desk, email PKI-CPS@digidentity.eu, phone +31 88 778 78 88. Digidentity will then check the configuration to ascertain that: 
- the SMTP server is cps.testfac.tennet
- the email address is ean@cps.testextra.tennet
- the mailbox user name is ean_testextra.

Q: I am not receiving return mail (replies).

A:Contact the Digidentity support desk, email PKI-CPS@digidentity.eu, phone +31 88 778 78 88. We will investigate the problem. 

Q: The Root certificate is not recognized.

A: ?This problem is almost always due to the P12 files not being “unpacked” properly. Contact the Digidentity support desk, email PKI-CPS@Digidentity.eu, phone +31 88 778 78 88, and we will send a replacement root certificate set. 

4. Requesting a certificate from the Certificate Store

Q: I cannot complete my request because I have forgotten my password.

A: The Certificate Store web page includes a link marked ‘forgotten password’. Enter the requested information and a new password will be sent to your registered email address. 

Q: What information is needed to complete a request??

A: The following information is required (some fields will be automatically completed).
Subscriber organization details:
1. ‘Subscriber organization’: this is always TenneT
2. ‘Organization’: the name of your organization/division
3. ‘Address’: the (registered) address of your organization/division 
4. ‘KvK number’: the Chamber of Commerce registration number of your organization/division.
5. ‘Contact person’: the contact person within your organization.
6. ‘Account number’: the TenneT bank account number 
7. ‘Cost centre’: as notified by TenneT
8. ‘Budget holder’: as notified by TenneT
Contact person details:
1. Name
2. E-mail address
3. Telephone number 
Certificate administrator details:
1. Name
2. E-mail address
3. Telephone number
4. You must upload a copy of a valid form of ID for both the contact person and the certificate administrator.

Q: Can I amend the information I have entered??

A:? In some cases, but you cannot change all details yourself. You will see which fields can be changed.

Q: The uploaded ID has expired. Can I upload a new version??

A:? If necessary, Digidentity will contact you to request replacement proof of ID. This will be added to your file manually. 

5. Downloading the certificate

Q: I have forgotten my password for the P12 certificate. What should I do??

A: ?If you have not yet installed the certificate, you must request a replacement. A password is always required during the installation process. You are the only person who knows the password: it is not recorded anywhere else. Digidentity will revoke the old certificate when issuing a replacement. 

Q: I have downloaded the certificate but can no longer find it. What should I do??

A:?First, search your computer using the filename or “*.p12”. If you are still unable to locate the certificate, please contact the Digidentity support desk at PKI-CPS@digidentity.eu, phone +31 88 778 78 88. We will investigate as necessary and arrange for a new certificate and accompanying documentation to be sent to you by email. 

Q: My P12 password does not work/is not accepted. What should I do? ?

A: First, ensure that you are entering the correct password. Does that password meet all the requirements set by Digidentity: 8 characters, including at least one upper case letter, one lower case letter and two special characters? If so, please contact the Digidentity support desk.

Q: I cannot see whether the download has been successful.

A: Look in the ‘Downloads’ folder on your computer. If you cannot find the certificate there, please contact the Digidentity support desk.

6. Installing the certificate

Q: How do I install the certificate??

A:Installation involves the following steps. (Full instructions are given in the manual and can also be found on the website).

1. Log in to the Certificate Store using the link that has been sent to you by email. You will be asked to enter your email address and password. 
2. Click on ‘Download’. 
3. You will be asked to set a password, which will be used to encrypt the certificate. This password must meet a number of criteria, as explained on the site. You should write this password down before you submit it. 
4. Enter the password in the window that now appears. 
5. Click on ‘Confirm’ to begin the download. 
6. Select the ‘Save file’ option. 
7. Next, make a back-up copy of the certificate file on a USB stick or external hard drive.
8. Open the file and begin the installation process. In most cases, you will be asked for a password: this is the password that you set in Step 3. 

7. Using the certificate

Q: How do I check that the certificate has been properly installed??

A: Following the installation of the SHA-2 certificate on the planned migration date, a two-phase dialogue between Digidentity and the market party is implemented to check that the certificate is operational. If the migration has been successful, TenneT will issue the ‘GO’ instruction. 
The two phases of the dialogue are: 
1. Sending a signed message to Digidentity which has been encrypted using the Digidentity public key (CPS mailbox: 8716867393675@cps.tennet.org). The content of this test message must include an EDINE (.edn) attachment. On receipt, the message will be checked to ascertain that: 
- the signature can be verified. 
- the issuing authority can be verified.
- the content of the message can be read. 

2. Once these aspects have been checked, Digidentity will send a reply. This reply also has an EDINE (.edn) attachment which has been encrypted using your public key, and it is digitally signed by Digidentity. On receipt of the reply, you should check that: 
- the digital signature can be verified
- the issuing authority can be verified
- the content of the message can be read

You are requested to confirm receipt of the reply message by sending an e-mail to CPS or to the Digidentity support desk, pki-cps@digidentity.eu. 

8. Migration

Q: My organization will not be ready to migrate on the planned date.

A: Please contact Digidentity to discuss possible alternatives. 

Q: How do I obtain the (new) Public Keys of the parties with which I wish to communicate? ?

A: Following a successful migration, Digidentity will:
- Publish on the website a full list of the Public Keys in use.
- E-mail a list of all market parties which have successfully implemented the SHA-2 certificate to the certificate administrator. The email will have two attachments:  
- A file containing all Public Keys in use since the migration.
- A file containing a “Delta”, i.e. only the Public Keys of market parties which have recently migrated.