A digital certificate is a virtual "identity card", which allows for unambiguous identification on the Internet. Digital certificates and PKI technology guarantee that a certain action on the Internet was performed by a specific person, machine or web server.
The guarantee is ensured by the fact that the certificate has the electronic signature of the certification authority, whose certificate also has the electronic signature of another certification authority, creating the so-called chain or hierarchy of trust.
The digital certificate itself consists of a suite of attributes and information about the person you identify.
The qualified certificate , or the certificate of the qualified electronic signature, is that certificate issued in accordance with the regulations of the directive EU / 99/93 and the law 455/2001 regarding the electronic signature.
The main difference between a simple certificate and a qualified certificate is that a qualified certificate cannot be exported in any way to the associated private key. In addition, the Certifying Authority is the one who assumes responsibility for the correspondence between the digital certificate and the person to whom it belongs. From this point of view, Law 455/2001 provides that the certificates for the electronic signature issued in Romania have the private key generated and stored on a secured device (D.S.C.S.), which corresponds to the FIPS 140-1 Level 2 or ITSEC E4 security norms. This device can be in the form of a smartcard or e-token .
Qualified digital certificates are issued by the DigiSign Certification Authority, officially registered as a Certification Service Provider complying with Law no. 455/2001, Directive EU / 93/99 and the specifications of the Government Decision no. 1259/13 December 2001 regarding the approval of the Technical and Methodological Norms for the application of the electronic signature.