16 “ivan vazov” str., floor 6, sofia 1000 , bulgaria, tel ... · another step sequence: tools...
TRANSCRIPT
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Instructions for installing and using
electronic signature certificates
Version 1.0
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 2 от 21
MICROSOFT PRODUCTS INSTALLATION AND USE.................................................................... 3
1. HOW TO INSTALL THE INFONOTARYCERTIFICATION CHAIN................................................................. 3
1.1. Microsoft Internet Explorer ........................................................................................................ 3
1.2. Microsoft Outlook ...................................................................................................................... 7
2. MICROSOFT OUTLOOK USER PROFILE SETTINGS.................................................................................. 7
MOZILLA PRODUCTS INSTALLATION AND USE....................................................................... 11
1. HOW TO INSTALL THE INFONOTARYCERTIFICATION CHAIN............................................................... 11
1.1. Installation in Mozilla Firefox .................................................................................................. 11
1.2. Installation in Mozilla Thunderbird .......................................................................................... 15
2. INSTALLATION OF THE HARDWARE ENCRYPTION MODULE ................................................................. 15
2.1. Installation in Mozilla Firefox .................................................................................................. 16
2.2. Installation in Mozilla Thunderbird .......................................................................................... 19
3. HOW TO SET UP YOUR USER PROFILE INMOZILLA THUNDERBIRD ....................................................... 20
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 3 от 21
Microsoft products installation and use
1. How to install the InfoNotary Certification chain
Before you can use your electronic signature certificate, you must install the
InfoNotary root certificates. You can locate the Certification chain either from the directory
“certificates” by inserting the installation disk or on the following web address:
http://www.infonotary.com/site/files/INotaryCertChain.p12
1.1. Microsoft Internet Explorer
Microsoft Windows is software operating system that applies central depository for
secure storage and rapid retrieval of electronic signature certificates (digital certificates). All
programs using encryption techniques do have access to this central depository. The
certificate installation is performed for the current Windows user. If two or more users work
with one system, then the installation must be performed individually for every user.
To install the InfoNotary root certificates for an active MS Windows user, follow these
steps:
Open the file “INotaryCertChain.p12” from the installation disk or log in our web site
and open the URL http://www.infonotary.com/site/files/INotaryCertChain.p12. A program
for certificate installation is started; the screen that is displayed is similar to the one shown
on the next page.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 4 от 21
Click the Next button to continue.
Click the Next button again.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 5 от 21
Leave the field Password blank and select Next.
Leave by default the ticked off option for automatic selection of the depository for
storage on the basis of the specific type of the certificate and just click on the Next button.
The program will install automatically all certificates from the chain and will ask you
for confirmation only for the root certificates:
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 6 от 21
The thumbprints (that are the encryption control sums) displayed in these dialog
boxes could be compared with the ones posted on the InfoNotary web page:
To complete the installation process, select Finish.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 7 от 21
Note: The installation of your certificate in the Microsoft Windows depository is
automatically triggered once you insert the smart card into the reader so you do not need to
install it manually.
1.2. Microsoft Outlook
Microsoft Outlook uses the standard Microsoft Windows depository for certificates. If
you have finished successfully the operations described step by step in item “1. Microsoft
Internet Explorer”, then there is nothing else you must do; otherwise now is the time to
complete them.
2. Microsoft Outlook user profile settings
To be able to sign your outgoing emails, you must first assign your user profile
(account) to your electronic signature certificate, written on the smart card. Here is how:
Start the Microsoft Outlook. From menu Tools select Options, then the Security
tab and click on the Settings button.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 8 от 21
In the field Security Settings Name type your email address
Click on the Choose button and select the certificate type with which you want to
sign your correspondence. Confirm with OK.
If you tick off the Add digital signature to outgoing messages check box, every
message you send would be signed automatically with the certificate chosen by you.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 9 от 21
Furthermore, you could apply exactly the same certificate to decrypt the messages
sent to you. Keep in mind that not all certificates could be used for encryption and
decryption. It depends on the type of your certificate.
You can not only set up the application to automatically sign your messages but
choose to do it manually on a casebycase basis. If you want to create a new message but
you have not selected in the Settings the default option for sending a signed certificate,
every time you will have to add your electronic signature to the certain message. Here is
how:
You must be in “create new message” regime (button New). From the tool bar or
from the dropdown menu View select Options. Click on the Security Settings button.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 10 от 21
Select the Add digital signature to this message check box and confirm with ОК.
Every time you are sending a signed message you need to make sure that your
smart card is inserted in the reader. The system will ask for your smart card PIN code.
Note: The settings for Microsoft Outlook Express are analogous to the ones
described above. The only difference is that you select your certificate type by following
another step sequence: Tools à Accounts à tab Mail à Properties à Security.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 11 от 21
Mozilla products installation and use
Before you can use your electronic signature certificate, you must install the
InfoNotary root certificates. You can locate the Certification chain either from the directory
“certificates” by inserting the installation disk or on the following web address:
http://www.infonotary.com/site/files/INotaryCertChain.p12
1. How to install the InfoNotary Certification chain
The Mozilla products working under Windows do not apply the system central
depository for secure storage and rapid retrieval of electronic signature certificates. Every
software application uses its own depository. Therefore, in any particular case the
InfoNotary Certification chain must be installed individually for the specific Mozilla product
you use.
Get a copy of the file “INotaryCertChain.p12” from the installation disk or from our
web page.
1.1. Installation in Mozilla Firefox
Start the browser Mozilla Firefox. From menu Tools select Options.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 12 от 21
Select tab Advanced and then subtab Security, as it is shown on the picture; click
on the View Certificates button.
From this point on the installation process is analogous and for Mozilla Thunderbird.
Click on the Import button and indicate the path to the installation file of the
certification chain INotaryCertChain.p12
Leave the field Password blank and confirm with OK.
If the certificate chain is successfully completed, the following message will be
displayed:
You could see the newly installed certificates from tab “Authorities”:
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 13 от 21
In the Mozilla software applications for every certificate from a Certification Authority
(CA), the user must also select level of trust. To do so, you need to define first the
certificate and then to click on the Edit button.
Now follow these steps:
• For the certificate „iNotary TrustPath Validated Email CA” tick off the check
box „This certificate can identify mail users”.
• For the certificate „iNotary Personal Q Sign CA” select the option „This
certificate can identify mail users”.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 14 от 21
• For the certificate „iNotary Company Q Sign CA” select the option „This
certificate can identify mail users”.
• For the certificate „iNotary TrustPath Validated Domain CA” select „This
certificate can identify web sites”.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 15 от 21
1.2. Installation in Mozilla Thunderbird
Start the mail client Mozilla Thunderbird. From the menu Tools select section
Options.
Click on the Privacy tab to open the window and then select the subtab Security as
it is shown on the picture; select the View Certificates button.
From this point on, the installation process in Thunderbird is analogous to the one in
Firefox. Please, refer to the previous item „1.1. Installation in Mozilla Firefox”
2. Installation of the hardware encryption module
To use your electronic signature certificates in the Mozilla based applications such as
Firefox, Thunderbird, etc., you must register encryption PKCS#11 module corresponding to
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 16 от 21
your smart card. In order to set about the registration process, first it is necessary to install
a driver for the card.
2.1. Installation in Mozilla Firefox
Start Mozilla Firefox. From menu Tools select Options.
Now select tab Advanced à subtab Security, as it is shown on the picture and click
on the Security Devices tab.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 17 от 21
To add a new device, select the Load button.
Change the name of the module (Module Name) as you like.
Select PKCS#11 library corresponding to your smart card.
For Siemens this is the file WINDOWS\system32\siecap11.dll
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 18 от 21
If you have selected the right module, a dialog box similar to the one below would be
displayed:
Now select ОК to confirm the operation.
After you complete the process and conform it with the OK button, your smart card
will be visible in the accessible devices list.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 19 от 21
2.2. Installation in Mozilla Thunderbird
Start Thunderbird and from the menu Tools select Options.
Select tab Privacy, then subtab Security, as it is shown on the picture and click on
the Security Devices button.
From this point on, the installation process in Thunderbird is analogous to the one in
Firefox. Please, refer to the previous item „2.1. Инсталация в Mozilla Firefox”.
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 20 от 21
3. Mozilla Thunderbird user profile settings
To be able to sign your outgoing emails, you must first assign your user profile
(account) to your electronic signature certificate, written on the smart card. Here is how:
Select menu Tools à Account Settings à Security, as it is shown:
Now click on the Select button from the column Digital Signing.
A Select Certificate screen is displayed:
16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]
Стр. 21 от 21
Select the certificate you want to use from the smart card and confirm with OK.
If the option Digitally sign messages (by default) is checked, every message you
send will be automatically signed with the certificate you have selected.
Thunderbird will offer you to apply exactly the same certificate to decrypt the
messages sent to you. In case you decline to do so, you could assign a certificate for email
decryption from button Select in the column Encryption. Keep in mind that not all
certificates could be used for encryption and decryption. It depends on the type of your
certificate.