University at Buffalo - The State University of New York
Skip to Content

Digital Signatures and Certificates for Email

A digital signature is an electronic, encryption-based, secure stamp of authentication on a message. This signature confirms that the message originated from the signer and has not been altered.

In order to fully trust the signature, the certificate used to sign the message must be vouched for. The vouching process adds an extra level of trust to the signature on the message. In some cases, the certificate is automatically vouched for by the company it’s purchased from. In other instances, the certificate must be vouched for by people who already hold confirmed certificates. Trust is transferred from one person to the next.

A digital signature for email allows you to prove to the recipient of your email that you were, in fact, the person that sent the email and encrypt the email for added security.

Encryption and Certificates

Encrypting a message ensures privacy by converting an email from plain, readable text into cipher (scrambled) text. Only the recipient, who has a private key to match the public key used to encrypt the message, can decipher it. This is a separate process from digitally signing a message.

Certificates are digital means of proving your identity, using a public and private key pair. The private key is kept on a computer that the sender will use to digitally sign messages to recipients, and decrypt (unlock) messages from recipients. Private keys should be password protected. The public key is sent to others or published in a directory, so that others can use it to send you encrypted messages.

If you’re a researcher at UB working with Department of Defense (DOD) grants, you may be required to obtain a certificate in order to process your grant. The process of obtaining this certficate (known as an “ECA”) is complex. The Information Security Office is available to assist you in obtaining the certificate.

Obtaining an ECA Certificate For Your DOD Grant (For Researchers)

Grants issued by the DOD (Department of Defense) will typically require you to obtain an External Certification Authority (ECA) Certificate. This allows for secure communication with the DOD regarding your grant. As a researcher, you have the option of obtaining the ECA Certificate on your own, or with the assistance of the Information Security Office.

If you wish to obtain the certificate on your own, you’ll need to bring your identity documents to a notary public, have a form notarized, and physically mailing that form to the company you’re purchasing the certificate from. Fortunately, the Information Security Office can also validate your identity documents and notify the company you are purchasing the certificate from (Verisign). This simplifies the process and makes your life easier.

The following definitions and instructions can be used when obtaining an ECA Certificate via the Information Security Office.


Verisign Revokation Passphase

This passphrase is needed if you lose your certificate (for example, your laptop is lost/stolen) and you need to cancel your certificate and have a new one issued. Do not lose this passphase.

Verisign Retrieval PIN

This will be in the confirmation email that you receive from Verisign once your certificate is ready to be downloaded. Do not lose this PIN. If you need to re-download your certificate (for example, if you buy a new laptop), you will need this PIN.

P12 File Passphrase

This is used to protect your key if you export it for back-up purposes, or when transferring the certificate to a new computer.


You must start and finish the enrollment process on the same computer.

1.       Visit (Note: the “https” is required!)

2.       Select Enroll for your certificate

3.       Click Continue

4.       Select Subscriber Enrollment using Notary

5.       Fill out the Subscriber Information fields

a.       For Organization, enter SUNY AT BUFFALO (ALL CAPS- this is very important and must be exactly as shown in this step. The Information Security Office will not be able to assist you otherwise.)

b.      Fill out the remaining fields that are marked with a red asterisk.

c.       You can leave optional fields (e.g. DUNS Number) blank.

6.       Select the duration of your certificate (1-3 years) based on the duration of your grant. If you grant exceeds three years, you’ll need to renew the certificate in the future.

7.       Enter your payment information.

8.       Enter a password. DO NOT lose this password.

9.       Click Accept & Purchase.

10.   Contact the UB Information Security Office at or 716-645-6977 to schedule a time to review your identity documents.

11.   Once reviewed, you’ll receive a confirmation email from Verisign, usually within a few days. Follow the instructions in that email to download your certificate. If you need help, feel free to contact the Information Security Office.

Contact the UBIT Help Center

Have a UBITName? You may also use the UBIT Help Center Online (login required).

(xxx) xxx-xxxx
Use your email, if known