Skip to main content
Please wait...

FAQs

1. Root Certification Authority:

This is the  top level of the hierarchy and is responsible for issuing certificates to other Certification Authorities.The Kenya Root CA function is performed by the Communications Authority of Kenya (CA) (hyperlink to root portal https://www.ca.go.ke)

2. GovCA

GovCA is Government Certification Authority , a role played by ICT Authority(ICTA) . The Root CA  has licensed ICTA as  an Electronic Certification Service Provider (E-CSP) .

 

Registration Authorities (RAs) are trusted entities designated by the GovCA to perform the subscriber’s identification and authentication. The RA can be Government or private institutions that are granted the rights to operate as Registration Authorities under the Registration Charter agreement.

The National Public Key Infrastructure (PKI) ecosystem is  used to manage and secure digital communication within a country. It typically consists of a hierarchy of certification authorities (CAs) that issue and manage digital certificates, which are used to verify the identity of individuals or entities and establish trust in online transactions.

There is a root CA that provides a chain toward the subordinate CAs for purposes of Trust, the subordinate CA delegates the role of registration and issuance to a Registration Authority.

 

A public entity can contact GovCA and make a request to be onboarded, the entity once onboarded will be delegated as an RA and subsequently identify and issue digital certificates to the subscribers.

As per KICA Act Cap 411A of 1998, A Digital Certificate has to meet the following requirements to be legally recognized in Kenya

(a) is uniquely linked to the signatory;

(b) is capable of identifying the signatory;

(c) is created by means that the signatory can maintain under his sole control; and

(d) is linked to the data to which it relates in such a manner that any subsequent change to the data is detectable.

 

Overall, digital certificates help to establish trust and secure communication between parties by using a trusted third party to verify identities and a combination of public and private keys to encrypt and decrypt messages.

 

Contact an authorized E-CSP directly or through their delegated Registration Authorities(Agent)

Each E-CSP publishes their prices independently.

This is a commercial arrangement between the subscriber and the Registration Authority (RA). Please contact your RA for more information.

Digital signature can be incorporated with the service delivery applications with the help of an API to facilitate signing the document electronically.

Kenya Information and Communications Act (KICA) CAP 411A of 1998.

Both electronic signatures and digital signatures are used to sign documents and authenticate the identity of the signer, but they function in slightly different ways.

An electronic signature, also known as an "e-signature," is any digital mark or symbol that is used to indicate the intent to sign a document. This can include a typed name, a scanned image of a signature, or a simple checkmark. Electronic signatures are often used in electronic contracts and forms.

On the other hand, a digital signature is a specific type of electronic signature that uses cryptography to provide a higher level of security and authenticity.

There are several steps that can be taken to verify the authenticity of a digital signature:

Check the certificate: Before verifying the signature, it's important to check the authenticity of the certificate used to create the signature. The certificate should be issued by a trusted certificate authority (CA) and should be current and not expired.

Verify the digital signature: To verify the digital signature, a receiving party can use the public key from the certificate to decrypt the signature and recreate the original hash value. They can then compare this hash value with the hash value generated from the original document to ensure that the document has not been tampered with.

Check the certificate revocation list (CRL): A certificate revocation list (CRL) is a list of certificates that have been revoked by the issuing certificate authority (CA) before their expiration date. It's important to check the CRL to ensure that the certificate used to create the signature has not been revoked.

Verify the signer's identity: It's also important to verify the identity of the person or organization who created the signature. The signer's identity can be verified by checking the information provided in the certificate, such as name and address, and by contacting the certificate authority (CA) that issued the certificate.

Validation of the Signature by timestamp : Signature validation by timestamp allows to confirm the authenticity of digital signature over a specific time, which helps to confirm that the signature was created at the time it was claimed to be, and whether or not it was altered after the signature was applied

It varies depending on the Certificate Policy of the issuing Certificate Authority.The period can vary between one to five years.

The Certificate can no longer be used for transactions. The subscriber may request for a re-key of the certificate.

YES. To renew your certificate, access the portal and submit the renewal request before expiry of the validity period. 

Support Contacts

Physical Address

Teleposta Towers,12th Flr,

Kenyatta Ave., Nairobi, Kenya

Phone Numbers:(+254) 20 667 6999

 Email:govcasupport@icta.go.ke