RCMP Certificate Services Program - FAQs

Q1: How do I obtain access to applications that require a token or a smart card?

A: To get access to these applications you must first have a valid digital certificate. A valid digital certificate requires the user to have an activated cryptographic module. Your organization will have to supply you with a cryptographic module. If you have not activated your cryptographic module or if it has expired, you must contact your organization’s Local Registration Authority (LRA). Once your LRA has processed your request the RCMP will send a reference number to the end-user and an encrypted authorization code to the LRA.

If you require more detailed information on how to obtain a digital certificate, please refer to How do I obtain a digital certificate?

Q2: What is a digital certificate?

A: A digital certificate is an electronic “passport” that is used to uniquely identify a person within a public key infrastructure. The information on it identifies the user and provides confidence to others that the user’s identity has been confirmed. In a public key infrastructure trust between parties is critical to ensure secure and confidential communication. Digital certificates are a way of establishing that trust.

Q3: What is a Certificate Authority?

A: The Certificate Authority (CA) is responsible for binding the user’s public keys and personal information in the form of digital certificates. The CA is also responsible for managing all issued certificates.

Q4: What is an LRA?

A: A Local Registration Authority (LRA) is the person who performs certificate duties for their agency on behalf of a Certificate Authority. For police agencies outside of Ontario and Quebec LRAs perform the certificate duties on behalf of the RCMP CA. The duties of the LRA include identifying and authenticating new certificate users, recovering the profiles of existing users and authorizing the revocation of a user’s certificate. These duties can only be carried out by an accredited LRA.

Q5: How do I find out if my organization already has an LRA?

A: To find out if your organization has an LRA, please contact your local RCMP detachment to obtain the phone number of the Central Helpdesk or contact the NPS application policy centre. Technical support is available for members of the policing community only.

Q6: How does an organization obtain an LRA?

A: Police agencies must first identify a full time employee who has a security clearance equivalent to the RCMP’s enhanced reliability clearance. The employee must be able to receive external e-mail. The employee must complete the LRA Training Registration Form and receive LRA training.

Q7: What happens if I lose my token or smart card (cryptographic module)?

A: Contact your LRA. The LRA will contact the RCMP and inform them of your lost cryptographic module. You will then need to go through the process of recovering your profile.

Q8: The Entrust login screen is telling me my account has expired, what do I do?

A: Contact your LRA to have your Entrust profile recovered. This process may take some time.

Q9: Who is responsible for obtaining a token or smart card (cryptographic module)?

A: Police agencies are responsible for obtaining the cryptographic modules for their employees. See details on cryptographic module.

Q10: I can access my Entrust profile but can't log into the application, what do I do?

A: Contact the policy centre of the application you wish to access.

Q11: Can I share the passphrase for my token or smart card (cryptographic module).

A: Sharing your passphrase is a serious security breach and is grounds for the revocation of your digital certificate. Remember that your passphrase provides access to your secure electronic identity and you are responsible for any actions performed under your electronic identity.

Q12: Can I have more than one person share a token or smart card (cryptographic module)?

A: Cryptographic modules are personal and provide access to your secure electronic identity and you are responsible for any actions performed with your cryptographic module. They must not be shared.

Q13: Can I reuse a previously owned token or smart card?

A: A cryptographic module can be reused if the previous owner no longer requires it. It is important that the information from the previous owner be deleted before passing it on to a new user. This can be done by “initializing” the token. For information please consult your LRA for the Entrust On-line Guide.

Q14: Where can I find a copy of the Entrust On-line Guide?

A: Please contact your LRA. The guide was provided at their LRA training session.

Q15: Which applications require a digital certificate?

A: Please contact the RCMP Certificate Services Program for the PKI Enabled NPS Application List.

Q16: What is strong two-factor authentication?

A: Strong two-factor authentication is a security process ensuring users` secure digital identities by requiring users to identify themselves using something they know such as a passphrase, and something they have such as a cryptographic module.

Passwords alone are easily compromised and are widely regarded as the weakest link in any given security system.

Q17: What is Entrust?

A: Entrust is the brand name of the software tool purchased by the RCMP to meet police needs for secure digital identities and electronic document security. It allows users to encrypt, decrypt, digitally sign and authenticate electronic transactions across all applications with certified security.

Date modified: