Electronic certificate and digital signature

The electronic certificate in brief

An electronic certificate is a digital file issued by a certification authority (CA) that associates a public key with the identity of its holder. It is the cornerstone of digital signature — the technical implementation of electronic signature.

Asymmetric cryptography

Digital signature is based on public/private key cryptography:

• Private key: kept secret by the signer, used to sign

• Public key: distributed in the certificate, used to verify

Anyone can verify with the public key that a signature was indeed produced with the corresponding private key.

The role of the certificate

The electronic certificate:

• attests that the public key belongs to a particular person or organisation

• is signed by the certification authority (CA) that issued it

• has a limited validity period (typically 1-3 years)

• can be revoked in case of compromise

PKI: public key infrastructure

The set of hardware, software, procedures and policies for issuing, managing and revoking certificates forms a PKI (Public Key Infrastructure).

A modern PKI includes:

• root certification authority (AC-R)

• intermediate authorities

• revocation servers (CRL, OCSP)

• enrolment procedures

Qualified certificate vs simple certificate

• Simple certificate: issued by any authority, standard use

• Qualified certificate: issued by a QTSP (qualified trust service provider) listed on the EU trust list. Mandatory for qualified signature (QES).

See the 3 levels of signature.

Digital signature vs electronic signature

• Electronic signature: legal concept (eIDAS). Three levels.

• Digital signature: technical implementation through asymmetric cryptography.

An electronic signature can rely on a digital signature, but not necessarily. A simple AES (OTP) does not use a personal certificate.

When a personal certificate is necessary

A personal certificate is mandatory only for:

• QES (qualified signature)

• certain specific procedures (e-greffe, online declarations)

For SES and AES, no personal certificate is needed — the platform manages the cryptography in the backend.

How to obtain a qualified certificate

• Choose a QTSP (Docaposte Certigna, Universign/Oodrive, CertEurope…)

• Undergo identity verification (face-to-face or video KYC)

• Receive the certificate on a device (YubiKey, smart card) or in software

• Valid for 1-3 years, renewable

Cost: typically €50-200 per year.

How Certyneo helps you

Certyneo manages cryptography in the backend for SES and AES signatures — you don't need any personal certificate. For QES cases, we interface with several European QTSPs to trigger qualified signature without complexity.

Discover the Certyneo electronic signature solution

FAQ

Do I need a certificate to sign?

No for SES/AES. Yes for QES.

How much does a qualified certificate cost?

€50-200 per year from French QTSPs.

How to renew?

Streamlined procedure (identification already done), generally online.

Can a certificate be revoked?

Yes, by the CA in case of compromise. Check the CRL or OCSP.

Does ANSSI certify certificates?

No, it qualifies the QTSPs that issue qualified certificates.

Conclusion

The electronic certificate is the foundation of qualified digital signature. For most uses (SES/AES), the platform manages everything in the backend — you don't need to install anything.

Try Certyneo to send, sign and track your documents online simply, quickly and securely.