Electronic Certificate and Digital Signature

The electronic certificate in a nutshell

An electronic certificate is a digital file issued by a certification authority (CA) that associates a public key with the identity of its holder. It is the cornerstone of digital signature — the technical implementation of electronic signature.

Asymmetric cryptography

Digital signature is based on public/private key cryptography:

• Private key: kept secret by the signer, used to sign

• Public key: distributed in the certificate, used to verify

Anyone can verify with the public key that a signature was indeed produced with the corresponding private key.

The role of the certificate

The electronic certificate:

• attests that the public key belongs to a specific person or organization

• is signed by the certification authority (CA) that issued it

• has a limited validity period (typically 1-3 years)

• can be revoked in case of compromise

The PKI: public key infrastructure

The set of hardware components, software, procedures and policies for issuing, managing and revoking certificates forms a PKI (Public Key Infrastructure).

A modern PKI includes:

• root certification authority (CA-R)

• intermediate authorities

• revocation servers (CRL, OCSP)

• enrollment procedures

Qualified certificate vs simple certificate

• Simple certificate: issued by any authority, standard use

• Qualified certificate: issued by a QTSP (qualified trust service provider) registered on the EU trust list. Mandatory for qualified signature (QES).

See the 3 levels of signature.

Digital signature vs electronic signature

• Electronic signature: legal concept (eIDAS). Three levels.

• Digital signature: technical implementation through asymmetric cryptography.

An electronic signature can be based on a digital signature, but not necessarily. A simple AES (OTP) does not use a personal certificate.

When a personal certificate is necessary

A personal certificate is only required for:

• QES (qualified signature)

• certain specific procedures (e-greffe, online tax declarations)

For SES and AES, no personal certificate is needed — the platform manages cryptography in the backend.

How to obtain a qualified certificate

• Choose a QTSP (Docaposte Certigna, Universign/Oodrive, CertEurope…)

• Pass identity verification (face-to-face or video KYC)

• Receive the certificate on a device (YubiKey, smart card) or as software

• Valid for 1-3 years, renewable

Cost: typically €50-200 per year.

How Certyneo helps you

Certyneo manages cryptography in the backend for SES and AES signatures — you don't need any personal certificate. For QES cases, we interface with several European QTSPs to trigger qualified signature without complexity.

Discover the Certyneo electronic signature solution

FAQ

Do I need a certificate to sign?

No for SES/AES. Yes for QES.

How much does a qualified certificate cost?

€50-200 per year from French QTSPs.

How do I renew it?

Streamlined procedure (identification already done), usually online.

Can a certificate be revoked?

Yes, by the CA in case of compromise. Consult the CRL or OCSP.

Does ANSSI certify certificates?

No, it qualifies the QTSPs that issue qualified certificates.

Conclusion

The electronic certificate is the foundation of qualified digital signature. For most uses (SES/AES), the platform manages everything in the backend — you don't need to install anything.

Try Certyneo to send, sign and track your documents online simply, quickly and securely.