Page tree

Page Contents

Related Content


What is DCS?

DCS stands for Digital Certificate Service. This services allows a user to install a Medium Level of Assurance Digital Certificate to their computer or to a token which then can be used to sign documents.

How do I obtain a hardware token?

You will need to obtain a hardware token from your Organization Administrator.

Can I share my token with someone else?

Tokens cannot be shared. Each user needs their own token.

Do I always have to use my Phone OTP credential to access my application?

Yes, you will always need to access the DCS application using Phone OTP.

What is the difference between Medium Level of Assurance Hardware and Software?

Software certificates are stored on a computer. Hardware certificates are stored on an external token that you will need to plug into your computer to use them.

How do I configure my browser settings for DCS?

To add Exostar as a Trusted Site, click here.

How do I log into my Exostar Secure Access Management (SAM) account with my Phone OTP credential?

Step 1.  Launch Internet Explorer.

Step 2.  In the URL bar, enter

Step 3.  On the login screen, enter your user ID and password.

Step 4.  Click Login.

Step 5.  The login options screen displays. Select the One Time Password radio button and click Continue.

Step 6.  You are prompted to enter the One Time Password associated with the phone you registered on your account. Select the phone code and click Send.

Step 7.  You receive the One Time Password to the phone number you selected. Enter the code you received and click Submit.

Step 8.  You are now logged into your SAM account with your Phone OTP. The Credential Strength should say Phone OTP (located in the right hand corner).

How can I determine if my computer is configured properly to download the certificate?

You must run the system check. This diagnostic check ensures your computer is configured properly and there are no hidden issues. You can access the system check at

I am trying to download the certificates and receive an error message: “The ActiveX Control is not installed or is not running. You need to install it or run it before you can proceed”. Why am I receiving this error and what should I do?

This error displays when you attempt to download the digital certificates and the Exostar ActiveX control is blocked/cannot be downloaded. The most common causes for this error are Internet Explorer settings and/or system level permissions that are not set correctly, and therefore do not allow the download and use of Exostar’s ActiveX control.

Why don’t I see the Enroll option in DCS to obtain Medium Level of Assurance certificates?

  • If you previously had certificates installed or revoked, the Enroll button will be unavailable.
  • To obtain certificates, click Reapply to request new certificates. Select the certificate type, validity period, and access reason. If you are unsure of what to enter, select Unknown. This information can be modified by the DCS Administrator.

What if I see Elevate under the actions column next to DCS?

If you do not see Open Application for DCS, but see Elevate, click Elevate to upgrade your credential strength from username and password to Phone OTP.

  • You are prompted to log in with the Phone OTP credential to upgrade your credential strength to Phone OTP.
  • Once you successfully log in with your Phone OTP, your credential strength changes from username and password to Phone OTP. Elevate changes to Open Application

Why was I directed to the mail option during my Phone OTP activation process?

If you do not answer the questions correctly, but Experian can locate you, you receive your activation code via postal mail in four business days.

I get an error screen with only 'Yes' or 'No' options when I attempt to download the certificates? What happens when I click on 'No'?

Due to a known Microsoft issue (documented in the Microsoft Knowledge Base article # 940275), the dialog box does not contain the intended informational message that is supposed to display. When you encounter this error, select Yes.

  • If you click on No, you receive the following message and must restart the download process: Error! Filename not specified.

I have a digital certificate. I am trying to download the certificates and receive an error message: “Automation server can't create object”

This error displays when you attempt to download the digital certificates and the Exostar ActiveX control is blocked or cannot be downloaded. The most common causes for this error are Internet Explorer settings and/or system level permissions that are not set correctly, and therefore do not allow the download and use of Exostar's ActiveX control.  

I am attempting to download my Medium Level of Assurance Certificates. I receive the error message: 'Exostar FIS Medium Software Encryption Certificate Error: Failed to set key archival certificate with error code # 2146885613

This error message is received when either the Exostar Certificate Revoke List URL is blocked by the proxy/corporate policies. To confirm the issue, try to access the following two sets of URLs. If either of these URLs fails, contact IT Support within your organization to ensure the host name is added to the list of "allowed" URLs. FIS/DCS URLS: (Host URL:

  • FIS Root CA 2.crl
  • FIS Root CA 2.p7c
  • FIS Signing CA 2.crl
  • FIS Signing CA 2.p7c
  • DCS Signing CA 1.crl
  • DCS Signing CA 1.p7c

How do I backup my DCS Certificates?

Please see the Export and Import Certificates section on Manage Certificates FIS page.

How do I import my MLOA/BLOA certificates to a Windows Vista machine (exported from Windows XP or older versions)?

Microsoft has identified an issue with importing certificates to Windows Vista machines (exported from Windows XP or Windows 2000). To successfully use the certificates backed-up from an older version to Vista, follow the steps below:

Step 1.  Download the Microsoft patch to the Windows Vista machine and follow the details provided under the Resolution section. Please review all information on the site to appropriately download the patch:

Step 2.  Download the exported certificates to your Windows Vista machine. Refer to the Export/Import guide on the DCS Training Documentation page.

How do I enable strong private key protection for Medium Level of Assurance Certificates?

If you have existing certificates for which you would like to enable strong authentication, you must back-up and import the certificate. Refer to the Export/Import guide on the DCS Training Documentation page.

IMPORTANT: For MLOA certificates, ensure you back-up your certificate appropriately. If the certificate is corrupted/lost during this process, re-apply for the certificate.

How can I use my MLOA digital certificates to digitally sign my email?

Refer to your email client documentation for details. e.g., Microsoft Outlook.

Can I use my digital certificates after leaving my job at my current employer?

Your certificate contains attributes that uniquely associate you to your employer. If you leave this employer, the certificate information will not be valid.

How can my organization designate multiple FIS administrators?

During the DCS subscription process, one user can be assigned the DCS Administrator role. To add an additional DCS Administrator, the Organization Administrator can upgrade a user account as follows:

Step 1.  Designate a user to assign the DCS Administrator role and access their SAM details page by going to the Administration tab.

Step 2.  If the user has an existing SAM account, search for the user. When the users displays, click the hyperlinked user ID.

Step 3.  Scroll to the Application to Administer section and select Application Admin from the Role drop-down list.

Step 4.  An application list is now available for selection. Select Digital Certificate Service (DCS).

Step 5.  Click Continue and review the changes you made.

Step 6.  Click Submit to save the changes. The user receives an email providing information that their account has been upgraded to the DCS Administrator role. This process may be utilized to upgrade a user to an administrator role for any other application.

NOTE: The Organization Administrator can also set-up a new user account with the administrator roles by selecting the appropriate role from the Role drop-down list. Refer to the SAM Admin Guide.

How useful was this content?

Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 3 rates