Root certificates and Cookies

Disclaimer

We do not guarantee the accuracy of this copy of the CRA website.

Scraped Page Content

Root certificates and Cookies

Root certificates

Secure Internet transactions are based on Web sites identifying themselves with digital IDs known as certificates. For a Web site's certificate to be widely recognized as valid it should be issued by an established certifying authority (CA). Dozens of CAs have been established since they first came into existence. Each CA has its own certificate, which contains its digital ID or signature. Web browsers come with a pre-installed list of CAs that they trust to vouch for the identity of Web sites. When the Web site presents your browser with a certificate signed by one of these CAs, the browser will look up the authority's signature in its predefined list.

If the browser finds the signature and it matches, it will allow the TLS session to continue.

If the CA is not listed, or the signature for a listed CA does not match, the browser will display a dialog box indicating the certificate authority has expired. A CA or root certificate works like a credit card, which is only valid for a limited period and expires on a certain date. When a credit card expires, the issuing credit card company revokes the old card and issues a new card to the customer. Certificate authorities work similarly by issuing a CA certificate for a limited period of time and issuing another one when it expires.

If you do see the dialog box, click the appropriate box to continue with the EFILE session. The Transport Layer Security (TLS) session that secures your transaction with our site is not affected. All information sent between the browser and the Web site server will still be encrypted. However, you should upgrade your browser to the most recent version as soon as possible.

Cookies

Like with many Internet websites, cookies help the CRA to establish a secure session between you and us. Using cookies for this purpose does not put your computer or personal information at risk. We do not store any personal information in the cookies.

A cookie is a packet of data containing information that intermittently travels between your computer and us. When you log onto our Web site, your browser will be asked to accept a cookie—a small string of text that has a session identification number. We use the cookie as a session management method, and only people with a valid cookie in their browser can do business on our pages. Anyone without the ability to accept a cookie will be directed to this page.

As stated, the cookie has a session identification number, but this is not your EFILE number or password. That means that someone examining your cookie would not be able to sign on to the Web site as you. Our cookies are not disk-resident. They're stored in the browser only for the extent of the session.

Your session will expire after 15 minutes of inactivity. If your session expires, you have to log on again to verify your identity.

Turning cookies on and off

Most browsers can be set to accept a range of options, from accepting no cookies to accepting only certain types of cookies, to allowing all cookies.

Some browsers can also be configured to alert you before a cookie is placed on your computer and ask if you wish to accept it or not.

To decide how you can enable or disable cookies and activate any special alerts, click on the "Help" option in your web browser toolbar and search the help index using the word "cookies."

There are also inexpensive software programs available that can help you manage your cookies and enable you to easily turn them on or off and to delete them. These features are often part of software that allows easy and safe deletion of applications and files on your computer.

Date modified:
2016-08-11