A method and computer program in which a user (132) may access the registration web server for the purpose of creating and utilizing a role certificate. This role certificate has policies associated with it and may be utilized for both encryption and as a digital signature. Individuals in a group share the same role certificate and can sign on behalf of the group. Further, individuals may decrypt messages sent to the group or any member of the group which have been encrypted using the role certificate. This method and computer program utilizes a directory (108) to maintain a list of all role certificates, their respective role administrators and all members of the organization that may utilize them. A key recovery authority (114) is utilized to recover expired role certificates. A certificate authority (110) is utilized to create and delete these role certificates. Further, a registration authority (112) is utilized to add and remove a previously created role.