A digital certificate is an electronic “passport” that is used to uniquely identify a person within a public key infrastructure. The information on it identifies the user and provides confidence to others that the user’s identity has been confirmed. In a public key infrastructure trust between parties is critical to ensure secure and confidential communication. Digital certificates are a way of establishing that trust.
You will need to obtain a digital certificate if you need access to a PKI enabled NPS applications. You will also need a digital certificate if you have to encrypt or digitally sign electronic documents or emails.
A digital certificate consists of three things:
The RCMP Certificate Authority is responsible for issuing digital certificates to employees of Canadian police agencies outside of Ontario and Quebec . Other law enforcement agencies or government departments need to contact their certificate authority. Please see Support/Contact page for additional information.
The RCMP can issue two types of “Client User” Certificates:
This is the most commonly required certificate for clients. It allows the end user to access PKI enabled NPS applications and take advantage of the encryption, decryption and digital signature functionalities.
To obtain a Client User Certificate, please contact your agency’s LRA. If you do not know the identity of your LRA, please contact your local RCMP detachment to obtain the phone number of the Central Helpdesk. Technical support is available for members of the policing community only.
This certificate is available when multiple users require access to a specific profile for authentication or encryption functions. This type of certificate is granted on a case by case basis when necessary.
To obtain a Multi-User Certificate you must submit a formal e-mail request to RCMP_Certificate_Services@rcmp-grc.gc.ca. If permission is granted, a Multi-User Certificate applciation form will be sent and a Multi-User Usage Policy will need to be signed off by the custodian of the certificate.
A vital component of IT security is the ability to encrypt and decrypt information to provide confidentiality. A digital signature enables the recipient of information to verify the authenticity of the information's origin and verify the information is intact. Thus, digital signatures provide authentication and integrity and ultimately non-repudiation.
To obtain instruction how to use these functionality please request a copy of the Entrust On-line Help guide from your LRA for detailed instructions.
An Local Registration Authority (LRA) is the person who performs certificate duties for their agency on behalf of a Certificate Authority (CA). For police agencies outside of Ontario and Quebec LRAs perform the certificate duties on behalf of the RCMP CA.
The duties of the LRA include
These duties can only be carried out by an accredited LRA.
LRAs must be full time employees of a police agency, have a security clearance equivalent to the RCMP’s enhanced reliability and undergo training. The LRAs must also have a workstation that can receive external emails.
Encrypted authorization codes for digital certificates will only be sent to accredited LRAs. If your police agency does not have an accredited LRA or the LRA has an expired digital certificate an alternative means will be needed to send authorization codes which could delay the establishment of a user’s digital certificate.
Police agencies should have more than one LRA trained in case the primary LRA is not available for any reason. Larger police agencies might want to have a separate LRA for each PKI enabled NPS application. Also, since the LRA is required to hand deliver authorization codes within 48 hours, police agencies who have employees in several locations are encouraged to request a separate LRA for each building.
It is the police agency’s responsibility to inform the RCMP Certificate Services Program if additional LRA’s are required.
The RCMP Secure Access Portal is an electronic Privilege Management Infrastructure (PMI) use for authentication and authorization. It provides role-based access controls for web-based applications up to a Protected B level. The two primary products used to provide this functionality are Entrust GetAccess and Entrust TruePass.
TruePass is a Web portal security and privacy product that allows organizations to identify users through digital certificates.
GetAccess makes it possible to identify whom you are doing business with. It manages user identities and enables authentication and authorization across multiple applications.