Registration Authorities: These are the lowest level of the hierarchy and are responsible for issuing certificates to individuals or entities for use in specific transactions or applications. The E-CSP  can delegate the role of registration and issuance to selected entities.

The National Public Key Infrastructure (PKI) ecosystem is  used to manage and secure digital communication within a country. It typically consists of a hierarchy of certification authorities (CAs) that issue and manage digital certificates, which are used to verify the identity of individuals or entities and establish trust in online transactions.

There is a root CA that provides a chain toward the subordinate CAs for purposes of Trust, the subordinate CA delegates the role of registration and issuance to a Registration Authority.

A public entity can contact GovCA and make a request to be onboarded, the entity once onboarded will be delegated as an RA and subsequently identify and issue digital certificates to the subscribers.

A digital signing certificate is a type of digital certificate that is used to verify the identity of an individual or entity and to sign electronic documents. Digital signing certificates use public key cryptography to create a secure and tamper-proof way to sign electronic documents. Digital signing certificates provide a secure and tamper-proof way to sign electronic documents, helping to establish trust and ensure the authenticity of the documents.

Overall, digital certificates help to establish trust and secure communication between parties by using a trusted third party to verify identities and a combination of public and private keys to encrypt and decrypt messages.

Contact an authorized E-CSP directly or through their delegated Registration Authorities(Agent)

Each E-CSP publishes their prices independently.

Digital  signature can be incorporated with the service delivery applications with the help of an API to facilitate to sign the document electronically.

Registration Authorities: These are the lowest level of the hierarchy and are responsible for issuing certificates to individuals or entities for use in specific transactions or applications. The E-CSP  can delegate the role of registration and issuance to selected entities.

There are several steps that can be taken to verify the authenticity of a digital signature:

Check the certificate: Before verifying the signature, it's important to check the authenticity of the certificate used to create the signature. The certificate should be issued by a trusted certificate authority (CA) and should be current and not expired.
Verify the digital signature: To verify the digital signature, a receiving party can use the public key from the certificate to decrypt the signature and recreate the original hash value. They can then compare this hash value with the hash value generated from the original document to ensure that the document has not been tampered with.

Check the certificate revocation list (CRL): A certificate revocation list (CRL) is a list of certificates that have been revoked by the issuing certificate authority (CA) before their expiration date. It's important to check the CRL to ensure that the certificate used to create the signature has not been revoked.

Verify the signer's identity: It's also important to verify the identity of the person or organization who created the signature. The signer's identity can be verified by checking the information provided in the certificate, such as name and address, and by contacting the certificate authority (CA) that issued the certificate.

Validation of the Signature by timestamp : Signature validation by timestamp allows to confirm the authenticity of digital signature over a specific time, which helps to confirm that the signature was created at the time it was claimed to be, and whether or not it was altered after the signature was applied

It varies depending on the Certificate Policy of the issuing Certificate Authority.The period can vary between one to five years.

YES.To renew you contact your registration Authority for the renewal  to be initiated.This should be done prior to the expiry.