Google+
ITS and UVa logos for printed output

Personal Digital Certificates

Frequently Asked Questions (FAQs)

Frequently Asked Questions about Personal Digital Certificates

If you have a question that this document does not address, please contact the ITS Help Desk.

Answers to Frequently Asked Questions about Personal Digital Certificates

Why do I need a Personal Digital Certificate?
A personal digital certificate identifies you to the UVA Network and authenticates you as a member of the UVA community. Applications such as UVA Anywhere or services such as the encrypted wireless network present this certificate to a server on your behalf, rather than your having to submit a login ID and password.
Can my certificate be revoked or cancelled?

Revoking a certificate is the process for making an existing certificate unusable for authentication. There is generally no need for a user to revoke any of their certificates. If you leave the University, you can simply wait for your certificates to expire—you do not need to revoke them.

That said, there are two reasons when revoking a certificate is advisable or necessary:

  1. If you have a reason to believe that a copy of your certificate has been obtained via unauthorized access to your computer. This is analogous to changing your password when you have reason to believe that someone has somehow obtained a copy of your password.
  2. System administrators who use UVA SSL certificates will find that they need to revoke their old server certificate before they can obtain a new one unless the old certificate has expired.

Certificates can be revoked on the UVA Standard Assurance Certificate Revocation page.

When does my certificate expire?
Personal digital certificates are valid for 14 months. Approximately 1 month prior to the expiration date, you will receive a notification reminder that you have a certificate about to expire. When this happens, simply get a new certificate as described in the instructions to replace your expiring one.
Can I encrypt my email with my certificate?
Although this is possible with some email applications, ITS strongly advises against using your certificate to encrypt email. If you are using a digital certificate to identify yourself for things like VPN login (UVa-Anywhere), wireless connections to cavalier, and signing email, there is no reason to be concerned about having multiple certificates on different machines or in different applications. The only case where you need to have a single certificate in different locations is if you are sending and receiving encrypted email. In that case you will need to maintain a copy of the digital certificate you use for that purpose, both to allow you to copy it to multiple locations, and because losing that certificate will result in the loss of access to mail encrypted based on the private key associated with that certificate.
Why can't I get a certificate?
  • Name/DOB Mismatches
    Your name and date of birth (DOB) must be in the University's database, and you must be able to verify this information. Are you supported by a grant or department? The University's database may not contain your birth date. Please contact the UVA Help Desk at 4-HELP (434-924-4357) for assistance.
  • Incorrect Password: Locking Yourself Out
    If you type an incorrect password too many times, you may be locked out of the account needed to identify yourself to get a digital certificate. You can check if that's the case, and possibly fix it yourself.
    1. Exit and restart your browser.
    2. Log in to https://netbadge.virginia.edu using the user ID and password option.
    3. If the first entry in the log of recent logins says the credential used is Permanent Password, either you have not completed the ID verification process, or you have used an incorrect password too many times, or something may need to be changed in your account settings.
    What to do if you're locked out:
    1. Log in to the password management page at https://whois.virginia.edu/password
    2. Provide your ID number and security question answer.
    3. Change your password at the bottom of the page. You can re-use the current password if you wish, provided it meets complexity rules.
    4. Wait a minimum of 15 minutes without trying to log in to any UVA accounts.
    5. Restart your browser and try the login at https://netbadge.virginia.edu again.
    6. If it still indicates Permanent Password as the credential used, contact the UVA Help Desk. Tell them you have tried resetting your password so you could get a new digital certificate and the reset process didn't work for you. The Help Desk will submit a request to have your account settings verified.

  Page Updated: 2017-11-21