WebMoney

Wiki

Personal certificate

Personal (private, client) digital certificates on the WMT system are designed for protecting, identifying and transmitting data during internet connections in WM Keeper WebPro (Light).

Authentication is ensured by using a private key generated on the user's computer during the registration process. It is stored only by the owner of the WM Keeper WebPro (Light) personal digital certificate and is never transmitted over the network.

A personal digital certificate authenticates the owner of the WM identifier on sites belonging to WMT services and also on other sites where the WMT authentication system is installed.

The installation of a personal certificate is part of the WM Keeper WebPro (Light) registration process and can be completed in any browser.

See also: Obtaining the client certificate in WM Keeper WebPro.

Personal certificates are valid for two years, after which the user must renew (prolong) it. To do so, at www.wmcert.com the user must perform the same actions for obtaining and installing the certificate as during registration. Detailed information about how to correctly renew personal certificates is given in the article Renewing personal certificate.

The process of installing a personal certificate consists of three steps:
  1. Generating a private key and a request for a certificate (public key) on the user's computer;
  2. Registering and signing the certificate on the WMT server;
  3. Obtaining the certificate and installing it in the browser.

If the certificate generated by the server has not been saved to the browser's storage for whatever reason, then the user can complete the registration process independently. The certificate, registered and signed on the server (a file with the .cer extension), can be sent to the user's e-mail address. For some browsers (Internet Explorer and Opera) it is enough simply to import the certificate received by e-mail to the browser's storage. For Firefox, the installation procedure is more complex.

Immediately after the registration (renewal) process, the certificate and private key are stored in so-called exportable mode, which allows creating copies of them. It is unsafe to store the private key in such a form for an extended period, so after installing the personal certificate, users should perform the following:

  1. Create a backup copy of the certificate (see Keeper WebPro key export) on a reliable removable disk;
  2. Delete the certificate from storage;
  3. Install the certificate to storage from the backup copy by disabling the option allowing the export of the private key (see Keeper WebPro key import). In IE, it is better to enable heightened certificate protection mode.
  4. To increase the security of WM Keeper WebPro (Light), it is recommended to install the certificate on a secure device such as the eToken or RuToken.

See also:
Renewing personal certificate
Renewing personal certificates in Internet Explorer
Recommendations for WebMoney Keeper WebPro secure operation
WebMoney root certificate
WM Transfer Wiki