Hongkong Post e-Cert
Home Contact Us Sitemap 繁體中文 简体中文 Text Mode
A A A


Certizen Limited

Hongkong Post

Level Double-A conformance, W3C WAI Web Content Accessibility Guidelines 2.0

 

Hongkong Post e-Cert (Server)

Hongkong Post e-Cert (Server) certificate is issued to Bureaux and Departments of the Government of Hong Kong SAR, organisations that hold a valid business registration certificate issued by the Government of the Hong Kong SAR and statutory bodies of Hong Kong whose existence is recognized by the laws of Hong Kong SAR (a "Subscriber Organisation"); and that wish to have a certificate issued in a server name, or multiple server names, owned by that organisation.

With effect from 15 May 2013, two optional features are available to the e-Cert (Server) – "Wildcard" feature and "Multi-domain" feature. Applicants may choose the following options during the application:

  1. e-Cert (Server)
  2. e-Cert (Server) with "Wildcard" feature
  3. e-Cert (Server) with "Multi-domain" feature

An e-Cert (Server) certificate contains the following information of the Subscriber Organisation:

  • The Server name(s) (including domain name of the server(s)) owned by the Subscriber Organisation;
  • Subscriber Organisation's name;
  • Branch name or department name of the Subscriber Organisation;
  • Subscriber Organisation's company/business registration number; and
  • A unique Subscriber Reference Number.

Summary of Hongkong Post e-Cert (Server) Features

    e-Cert (Server) (without "Wildcard" feature and
"Multi-domain" feature)
e-Cert (Server)
with
"Wildcard" feature
e-Cert (Server)
with
"Multi-domain" Feature
Validity Period 1-year
2-year
Certificate Features Support "OCSP"


"digital signature"
Key Usage#



Support "Wildcard" server name


Identify multiple server names



(Maximum 50)
Support display of organization name in Chinese or English language on e-Cert


Support Chinese domain name


# Note: The "digital signature" Key Usage is to be used only for server authentication and for establishment of secure communication channels with the server.

Subscription Fees of Hongkong Post e-Cert (Server)

New / Renewal
Subscription Fee
1-year validity period
(HK$)
2-year validity period
(HK$)
e-Cert (Server)
(without "Wildcard" feature and
"Multi-domain" feature)
** HK$2500 per certificate
Promotional Offer:
HK$2250 per certificate
** HK$5000 per certificate
Promotional Offer:
HK$4500 per certificate
e-Cert (Server)
with "Wildcard"
feature
$8,700
+
Each
Additional Server
$500
$17,400
+
Each
Additional Server
$1,000
An e-Cert (Server) with "Wildcard" feature can be used in one server by default. Extra fee per additional server applies if it is to be used in more than one server, and that the extra fee per additional server shall be applied for the whole validity period of the certificate regardless of when the certificate is to be used in the additional servers.
e-Cert (Server)
with
"Multi-domain"
feature
$3,000
+
Each Additional
Server Name
$2,500
$6,000
+
Each Additional
Server Name
$5,000
An e-Cert (Server) with "Multi-domain" feature identifies one server name by default. Extra fee per additional server name applies if more than one, but not more than 50, server names are to be identified in the certificate.

With effective from 1 July 2019, Sub CA "Hongkong Post e-Cert SSL CA 3 - 17" of Root CA3 will be used for the issuance of all types of e-Cert (Server) (including e-Cert (Server), e-Cert (Server) with "Wildcard" feature and e-Cert (Server) with "Multi-domain" feature). For details, please refer to the relevant announcement.

With effective from 30 July 2018, Hongkong Post Certification Authority will communicate directly with the Domain Name Registrant using telephone number provided by the Domain Name Registrar to obtain a response confirming the application of e-Cert (Server).

With effective from December 2017, the e-Cert (Server), e-Cert (Server) with "Wildcard" feature, and e-Cert (Server) with "Multi-domain" feature issued by Hongkong Post Certification Authority will support Certificate Transparency. For details, please refer to the relevant announcement.

With effective from 1 December 2017, Hongkong Post Certification Authority ceases to issue certificates with 3-year validity period for (i) e-Cert (Server) with "Wildcard" feature, and (ii) e-Cert (Server) with "Multi-domain" feature. For details, please refer to the relevant announcement.

With effect from 1 September 2015 to 31 August 2016, e-Cert (Server) supporting Online Certificate Status Protocol ("OCSP") will be issued by default. e-Cert (Server) not supporting OCSP with only 1-year validity period will only be issued upon written request. With effect from 1 September 2016, only e-Cert (Server) supporting OCSP will be issued with all validity periods. For details, please refer to the relevant announcement.

**With effect from 1 April 2015, the subscription fee discount for e-Cert (Server) (without "Wildcard" feature or "Multi-domain" feature) will be offered until further notice. For details, please refer to the relevant announcement.

e-Cert (Server) is issued only with 2048-bit RSA key length. For details, please refer to the relevant announcement.

With effect from 1 January 2015 to 31 December 2015, SHA-256 e-Cert (Server) will be issued by default. SHA-1 e-Cert (Server) with only 1-year validity period will only be issued upon written request. With effect from 1 January 2016, only SHA-256 e-Cert (Server) will be issued with all validity periods. For details, please refer to the relevant announcement.

To apply for Hongkong Post e-Cert (Server), please complete and submit the application form.

Reliance Limit of Hongkong Post e-Cert (Server)

The "Reliance Limit" as defined under the Electronic Transactions Ordinance in respect of one e-Cert (Server) certificate is HK$200,000.

Certification Practice Statement

To know more about our practices in issuing the e-Cert (Server), please view the e-Cert Certification Practice Statement (CPS).

Pre-production CPS for EV e-Cert (Server)

In addition to the existing features on e-Cert (Server), HKPCA plans to issue e-Cert (Server) with Extended Validation ("EV e-Cert (Server)") that supports the Extended Validation Guidelines ("EVG") published by CA/Browser Forum. A pre-production CPS for e-Cert (Server) and EV e-Cert (Server) is ready for public review at here (Available in English only).

A disclosure record of WebTrust for Extended Validation SSL CA Operations for HKPCA is available at here.

Support by Common Web Browsers

Common web browsers such as Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Google Chrome now come with the Hongkong Post Certification Authority root certificate included or available. Users of these web browsers visiting websites that are installed with the Hongkong Post e-Cert (Server) certificate will be free from certain alert messages or manual intervention when their browsers establish a secure connection to these websites.

Apply for e-Cert
Usage of e-Cert
e-Cert User Guide
Related Links