Personal Certificates

Do you need to sign documents electronically or encrypt e-mail communications? For example, you can prove your identity in e-mail communication using a personal certificate issued by a trusted certificate authority via the Trusted Certificate Service (TCS). A qualified personal certificate can be obtained for selected work duties at MU, which is also accepted by state administration bodies.

In What Cases can Certificates be Used?

Verification, in case the identity of a person or object needs to be verified,
privacy protection ensuring that information will be available only to designated persons,
encryption, in which information is hidden in a way that unauthorized persons cannot decipher it,
digital signatures ensuring the irrevocability and integrity of the message.

Comparison of Provided Certificates

	Qualified Personal certificate	Géant TCS Personal Certificate
Certification Authority
Usage	Communication with authorities, banks, state administration, electronic signing of documents.	Email signing and encryption, authentication to web or other servers.
Who is the Certificate intended for?	Only for certain employees and selected work duties.	For employees.
Obtaining a Certificate	via Personal Certificates application (INET)	via CESNET Portal
Price	issuance is charged (price list)	issuance is free of charge
Options for Documents Signing	directly in INET and in personal computer ¹	in INET

¹ For use on your personal computer, you need to install the Virtual Token supporting software.

Virtual Token

A virtual token is a software designed to make a personal qualified certificate available on a personal computer. It allows you to sign documents directly in applications such as Acrobat Reader or EZAK (not only in INET). Users do not need any special devices for signing (e.g., USB tokens, smart cards). You need only to install this software to use it on your computer.

Eligibility and Requirements for Virtual Token Obtaining

A virtual token can only be obtained by a user who is entitled to a qualified personal certificate, i.e. a MU employee.
You need to apply for a qualified personal certificate through the Personal Certificates application in INET. To obtain it, approval by a superior is required.

Installation and the Use of the Virtual Token

The installation needs to be done under the account of the user who will use the virtual token. A user identifier (UČO) is required during installation. Detailed installation instructions can be found here, which are available only for Windows for now. Virtual Token for Mac OS is currently offered in beta mode - if you are interested in participating in testing, let us know at it@muni.cz.
Each time the certificate is used, a security PIN is required, which is the same as the certificate password that the user enters when requesting its issuance.
An active network connection to the Internet is required for the virtual token to work properly.
Security mechanisms protect all communications in accordance with current security standards.

Certificate Revocation

In case the private key of your certificate falls into unauthorized hands, the certificate must be revoked.

A qualified personal certificate can be revoked directly from the Personal Certificates application (revocation will occur both in the certificate repository and at the Certification Authority).
You cannot revoke a TCS personal certificate directly, but only through an authorized MU representative. Contact him/her via e-mail at tcs-ra@muni.cz. Be sure to include the reason for revocation along with the certificate's serial number to avoid misunderstandings.