Electronic Certificate and Digital Signature

The electronic certificate in a nutshell

An electronic certificate is a digital file issued by a certification authority (CA) that associates a public key with the identity of its holder. It is the cornerstone of the digital signature — the technical implementation of electronic signature.

Asymmetric cryptography

Digital signature relies on public/private key cryptography:

• Private key: kept secret by the signer, used for signing

• Public key: distributed in the certificate, used for verification

Anyone can verify with the public key that a signature was indeed produced with the corresponding private key.

The role of the certificate

The electronic certificate:

• attests that the public key belongs to a specific person or organization

• is signed by the certification authority (CA) that issued it

• has a limited validity period (typically 1-3 years)

• can be revoked in case of compromise

PKI: Public Key Infrastructure

The set of hardware, software, procedures and policies for issuing, managing and revoking certificates forms a PKI (Public Key Infrastructure).

A modern PKI includes:

• root certification authority (CA-R)

• intermediate authorities

• revocation servers (CRL, OCSP)

• enrolment procedures

Qualified certificate vs simple certificate

• Simple certificate: issued by any authority, standard use

• Qualified certificate: issued by a QTSP (qualified service provider) registered on the EU trust list. Mandatory for qualified signature (QES).

See the 3 levels of signature.

Digital signature vs electronic signature

• Electronic signature: legal concept (eIDAS). Three levels.

• Digital signature: technical implementation through asymmetric cryptography.

An electronic signature may be based on digital signature, but not necessarily. A simple AES (OTP) does not use a personal certificate.

When a personal certificate is necessary

A personal certificate is mandatory only for:

• QES (qualified signature)

• certain specific procedures (e-greffe, online tax filings)

For SES and AES, no personal certificate needed — the platform manages cryptography in the backend.

How to obtain a qualified certificate

• Choose a QTSP (Docaposte Certigna, Universign/Oodrive, CertEurope…)

• Undergo identity verification (face-to-face or KYC video)

• Receive the certificate on a device (YubiKey, smart card) or in software

• Valid for 1-3 years, renewable

Cost: typically 50-200 € per year.

How Certyneo helps you

Certyneo manages cryptography in the backend for SES and AES signatures — you don't need any personal certificate. For QES cases, we interface with several European QTSPs to trigger qualified signature without complexity.

Discover the Certyneo electronic signature solution

FAQ

Do I need a certificate to sign?

No for SES/AES. Yes for QES.

How much does a qualified certificate cost?

50-200 € per year from French QTSPs.

How do I renew it?

Streamlined procedure (identification already done), generally online.

Can a certificate be revoked?

Yes, by the CA in case of compromise. Check the CRL or OCSP.

Does ANSSI certify certificates?

No, it qualifies the QTSPs that issue qualified certificates.

Conclusion

The electronic certificate is the foundation of qualified digital signature. For most uses (SES/AES), the platform manages everything in the backend — you don't need to install anything.

Try Certyneo to send, sign and track your documents online simply, quickly and securely.