Questions
HKCA d-Cert certificates are X.509 v3 compliant (an international standard) and can, therefore, be used globally.
This is not possible. Web-based e-mail services such as Gmail, Hotmail and Yahoo Mail are not S/MIME compatible. For details, please see heading under S/MIME below.
Currently, very few e‑mail clients support the use of multiple e‑mail addresses within a single certificate. Therefore, HKCA adopts the policy of issuing one certificate per e‑mail address.
Currently, d-Cert (Personal) and d-Cert (Encipherment) certificates are issued in English language only. d-Cert (Organisational) certificates are issued in English language. However, if the organisation’s name and branch name in Chinese are provided in the application, these will also be included on the certificate.
ECC is not supported for the time being.
Object signing and authenticode are not supported for the time being.
You may apply for as many HKCA d‑Cert certificates as you wish. There is no limit to the number of certificates you can obtain.
Please refer to the Fees and Charges table at Fees and Charges.
Details of authentication procedures are available from the HKCA Certification Practice Statement.
The HKCA d-Cert certificate is a digital certificate that is issued, signed and managed by Hong Kong Certification Authority (HKCA) and is X.509 v.3 compliant. HKCA offers various types of digital certificates:
- HKCA d-Cert (Personal) Certificates: these are used in browsers and e-mail applications so that users can prove their identity to third parties;
- HKCA d-Cert (Organisational) Certificates: these are used by organisations, associations or Government departments which want to issue an organisation-based certificate to their members/employees to conduct secure message transmission; and
- HKCA d-Cert (Server) Certificates: these are to authenticate servers to users, enabling secure communication through Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
- HKCA d-Cert (Encipherment) Certificates: these are used for encryption and decryption of messages for confidentiality purposes only. This type of certificate is not to be used for message signing like d-Cert (Personal) and d-Cert (Organisational).
HKCA d-Cert are issued with 2048-bit RSA key length.
To comply with international standard, “subscriber organisation name” and “subscriber organisation branch/department” for digital certificates cannot exceed 64 characters. If the submitted “subscriber organisation name” or “subscriber organisation branch/department” exceeds 64 characters, HKCA will contact the applicant to abbreviate the name to no more than 64 characters in accordance to the following abbreviation table:
| Abbreviation table | |
| Glossary | Acronyms |
| Branch | Br. |
| Centre | Ctr. |
| Committee | Cmte. |
| Company | Co. |
| Department | Dept. |
| Hong Kong | HK |
| Incorporated | INC. |
| Limited | Ltd. |
| Management | Mgmt. |
| School | Sch. |
Reliance Limit means the monetary limit specified for reliance on a recognised certificate. The relevant sections of the Electronic Transactions Ordinance are Sections 41 and 42.
The HTML 4.01 standard has been applied to the webpages on the HKCA website, and users can access them with any browser that complies with the standard. But exactly how a webpage is displayed differs between browsers, computers and operating systems. User is also suggested to apply the latest patches to the browsers and operating systems before accessing the website.
The Subscriber Terms and Conditions will be presented to and confirmed by the applicant in the course of the certificate application process.