DokuWiki

Site Tools

Trace: entrust_certificate_installation
guides:entrust_certificate_installation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
guides:entrust_certificate_installation [2017/09/11 21:24] administratorguides:entrust_certificate_installation [2017/09/11 23:07] (current) administrator
Line 5: Line 5:
 The Entrust certificates that are installed on your USB token and your G2G workstations use a 3-tier architecture that is structured as follows: The Entrust certificates that are installed on your USB token and your G2G workstations use a 3-tier architecture that is structured as follows:
  
-Root Certificate +   Root Certificate 
-Intermediate Certificate +      Intermediate Certificate 
-End User Certificate+         End User Certificate
  
 Most of the CeRTNA End User Certificates have been distributed in the past and as a consequence the Intermediate and Root Certificates are already installed on the end-user workstation so existing certificates and renewed certificates typically have the correct hierarchy in place. Most of the CeRTNA End User Certificates have been distributed in the past and as a consequence the Intermediate and Root Certificates are already installed on the end-user workstation so existing certificates and renewed certificates typically have the correct hierarchy in place.
Line 25: Line 25:
  
 Click mmc.exe and the following window will be displayed: Click mmc.exe and the following window will be displayed:
 +
 +**Note:** I have my Actions pane visibility turned off. Your window might contain 3 panes instead of the 2 that these screenshots show.
  
  
 {{ :guides:images:mmc010.png |}} {{ :guides:images:mmc010.png |}}
  
- + 
 Select the File / Add-Remove snap in… menu option. Select the File / Add-Remove snap in… menu option.
  
Line 51: Line 54:
  
  
-{{ :guides:images:mmc040.png |}}+{{ :guides:images:mmc055.png |}}
  
  
Line 59: Line 62:
  
  
-{{ :guides:images:mmc050.png |}}+{{ :guides:images:mmc060.png |}}
  
  
Line 71: Line 74:
  
  
-{{ :guides:images:mmc060.png |}}+{{ :guides:images:mmc070.png |}}
  
  
-The certificates in the middle pane should reflect your identity.+The certificates in the right pane should reflect your identity.
  
 Double-click either certificate and the following window is displayed: Double-click either certificate and the following window is displayed:
  
  
-{{ :guides:images:mmc070.png |}}+{{ :guides:images:mmc080.png |}}
  
  
Line 85: Line 88:
  
  
-{{ :guides:images:mmc080.png |}}+{{ :guides:images:mmc090.png |}}
  
  
Line 97: Line 100:
  
 Windows supports user-level certificate stores and computer-level certificate stores. If you need to manually install the Entrust Intermediate or Entrust Root certificates on your computer, CeRTNA recommends installing these certificates in the computer-level certificate store. Windows supports user-level certificate stores and computer-level certificate stores. If you need to manually install the Entrust Intermediate or Entrust Root certificates on your computer, CeRTNA recommends installing these certificates in the computer-level certificate store.
 +
 +Depending on your IT security policy your Windows userid may not have access to the computer-level certificate store. If this condition exists, you should install your certificate into the user-level certificates store.
  
 Before you can install the Entrust Intermediate and Entrust Root certificates you will need to download them from the following URL: Before you can install the Entrust Intermediate and Entrust Root certificates you will need to download them from the following URL:
Line 116: Line 121:
    
 To install the Entrust Intermediate and Entrust  Root certificates complete the following steps: To install the Entrust Intermediate and Entrust  Root certificates complete the following steps:
 +
 Click the Windows Start button and enter mmc.exe in the Search field. Click the Windows Start button and enter mmc.exe in the Search field.
 +
 You should see mmc.exe listed at the top of the results list. You should see mmc.exe listed at the top of the results list.
 +
 Click mmc.exe and the following window will be displayed: Click mmc.exe and the following window will be displayed:
  
 +
 +{{ :guides:images:mmc010.png |}}
    
 +
 Select the File / Add-Remove snap in… menu option. Select the File / Add-Remove snap in… menu option.
 +
 The following window is displayed: The following window is displayed:
 +
    
 +{{ :guides:images:mmc020.png |}}
 +
 +
 Select Certificates in the left panel and click the Add button. Select Certificates in the left panel and click the Add button.
 +
 The following window is displayed: The following window is displayed:
 +
 +
 +{{ :guides:images:mmc030.png |}}
 +
    
 My user account should be already selected. (If not select it.) My user account should be already selected. (If not select it.)
 +
 Click the finish button. You will be returned to the following updated window: Click the finish button. You will be returned to the following updated window:
 +
 +
 +{{ :guides:images:mmc040.png |}}
    
  
 The certificate snap-in should be shown in the right pane. The certificate snap-in should be shown in the right pane.
 +
 Select the Certificates item in the left pane and click the Add button. Select the Certificates item in the left pane and click the Add button.
 +
 The following window is displayed: The following window is displayed:
 +
 +
 +{{ :guides:images:mmc050.png |}}
    
  
 Click the Computer account radio button to select it. Click the Computer account radio button to select it.
 +
 Click the Next button. The following window is displayed: Click the Next button. The following window is displayed:
  
Line 142: Line 173:
  
 Select Local computer and click the Finish button. Select Local computer and click the Finish button.
 +
 You are returned to the following updated window: You are returned to the following updated window:
    
Line 153: Line 185:
  
 The first item we are interested in verifying and/or installing is the Entrust Root certificate. The first item we are interested in verifying and/or installing is the Entrust Root certificate.
 +
 Review the following window: Review the following window:
  
 For each of the two certificate stores (highlighted) you should verify that you do NOT have an entry in the middle pane for ‘Entrust Managed Services Commercial Private Root CA’ (In my sample above, I have already imported my Root certificate.) For each of the two certificate stores (highlighted) you should verify that you do NOT have an entry in the middle pane for ‘Entrust Managed Services Commercial Private Root CA’ (In my sample above, I have already imported my Root certificate.)
 +
 If the Trusted Root Certificate is already installed in either of these two certificate stores, you should continue on and verify/install the Intermediate certificate. If the Trusted Root Certificate is already installed in either of these two certificate stores, you should continue on and verify/install the Intermediate certificate.
-If you discover that both the Trusted Root and Intermediate certificates are already installed on your ERDS workstation but you did not see a valid 3-tier certificate path as shown in section 4.1 then this is an indication of a more complex problem and you will need to contact CeRTNA support staff to address the issue.+ 
 +If you discover that both the Trusted Root and Intermediate certificates are already installed on your ERDS workstation but you did not see a valid 3-tier certificate path as shown in section Verifying PKI Certificate Installation then this is an indication of a more complex problem and you will need to contact CeRTNA support staff to address the issue. 
 If the ‘Entrust Managed Services Commercial Private Root CA’ certificate does not exist in the middle pane, you need to install the certificate carefully following steps outlined below: If the ‘Entrust Managed Services Commercial Private Root CA’ certificate does not exist in the middle pane, you need to install the certificate carefully following steps outlined below:
 +
 Right-click click the Certificates subfolder that is shown in the Certificates (Local Computer) / Trusted Root Certification Authorities path (as shown above) Right-click click the Certificates subfolder that is shown in the Certificates (Local Computer) / Trusted Root Certification Authorities path (as shown above)
 +
 Select All Tasks / Import… from the pop-up menu. Select All Tasks / Import… from the pop-up menu.
 +
 The following window is displayed: The following window is displayed:
    
Line 171: Line 210:
    
 Select the Token_Root.cer file and click the Open button. Select the Token_Root.cer file and click the Open button.
 +
 The following window is displayed: The following window is displayed:
    
Line 178: Line 218:
    
 Click the Next button. Click the Next button.
 +
 The following window is displayed: The following window is displayed:
    
 Click the Finish button. Click the Finish button.
 +
 A pop-up window indicating that the certificate was successfully installed should be displayed. A pop-up window indicating that the certificate was successfully installed should be displayed.
 +
 Click the Ok button to close the pop-up window. You will be returned to the Certificates list. Click the Ok button to close the pop-up window. You will be returned to the Certificates list.
-Select the Certificates folder in the Local Comptuer / Trusted Root Certification Authorities path and you should now have an ‘Entrust Managed Services Commercial Private Root CA’ certificate in the middle pane, as shown below:+ 
 +Select the Certificates folder in the Local Computer / Trusted Root Certification Authorities path and you should now have an ‘Entrust Managed Services Commercial Private Root CA’ certificate in the middle pane, as shown below:
  
    
Line 190: Line 234:
  
    
-4.2.2 Verifying / Installing the Entrust Intermediate Certificate+=== Verifying / Installing the Entrust Intermediate Certificate ===
  
 The next item we are interested in verifying and/or installing is the Entrust Intermediate Certification Authority certificate. The next item we are interested in verifying and/or installing is the Entrust Intermediate Certification Authority certificate.
 +
 Review the following window: Review the following window:
    
 For each of the two certificate stores (highlighted) you should verify that you do NOT have an entry in the middle pane for ‘Commercial Private Sub CA1’ (In my sample above, I have already imported my Intermediate certificate.) For each of the two certificate stores (highlighted) you should verify that you do NOT have an entry in the middle pane for ‘Commercial Private Sub CA1’ (In my sample above, I have already imported my Intermediate certificate.)
-If you discover that both the Trusted Root and Intermediate certificates are already installed on your ERDS workstation but you did not see a valid 3-tier certificate path as shown in section 4.1 then this is an indication of a more complex problem and you will need to contact CeRTNA support staff to address the issue.+ 
 +If you discover that both the Trusted Root and Intermediate certificates are already installed on your ERDS workstation but you did not see a valid 3-tier certificate path as shown in the section Verifying PKI Certificate Installation then this is an indication of a more complex problem and you will need to contact CeRTNA support staff to address the issue. 
 If the ‘Commercial Private Sub CA1’ certificate does not exist in the middle pane, you need to install the certificate carefully following steps outlined below: If the ‘Commercial Private Sub CA1’ certificate does not exist in the middle pane, you need to install the certificate carefully following steps outlined below:
 +
 Right-click click the Certificates subfolder that is shown in the Certificates (Local Computer) / Intermediate Certification Authority path (as shown above) Right-click click the Certificates subfolder that is shown in the Certificates (Local Computer) / Intermediate Certification Authority path (as shown above)
 +
 Select All Tasks / Import… from the pop-up menu. Select All Tasks / Import… from the pop-up menu.
 +
 The following window is displayed: The following window is displayed:
    
Line 210: Line 260:
    
 Select the Token_Intermediate.cer file and click the Open button. Select the Token_Intermediate.cer file and click the Open button.
 +
 The following window is displayed: The following window is displayed:
    
Line 217: Line 268:
    
 Click the Next button. Click the Next button.
 +
 The following window is displayed: The following window is displayed:
    
 Click the Finish button. Click the Finish button.
 +
 A pop-up window indicating that the certificate was successfully installed should be displayed. A pop-up window indicating that the certificate was successfully installed should be displayed.
 +
 Click the Ok button to close the pop-up window. You will be returned to the Certificates list. Click the Ok button to close the pop-up window. You will be returned to the Certificates list.
 +
 Select the Certificates folder in the Local Comptuer / Trusted Root Certification Authorities path and you should now have an ‘Commercial Private Sub CA1’ certificate in the middle pane, as shown below: Select the Certificates folder in the Local Comptuer / Trusted Root Certification Authorities path and you should now have an ‘Commercial Private Sub CA1’ certificate in the middle pane, as shown below:
  
    
  
-Once you have completed this process, you can return to section 4.1 and re-verify that your three-tier cerification path is displaying correctly. If the three-tier path is still not displaying correctly, you will need to contact CeRTNA support for additional assistance.  +Once you have completed this process, you can return to the section Verifying PKI Certificate Installation and re-verify that your three-tier cerification path is displaying correctly. If the three-tier path is still not displaying correctly, you will need to contact CeRTNA support for additional assistance. 
- +
- +
- +
-==== Revisions ==== +
- +
- +
-{{tablelayout?colwidth="100px,100px,100px,350px"&rowsFixed=1&rowsVisible=10&float=left}} +
-^ Date          ^ Version ^ Name           ^ Description     ^ +
-| 05-21-2009    | 1.0     | Brett Zamora   | Initial draft.        | +
-| 04-29-2011    | 1.1     | Brett Zamora   | Added updates based on knowledge gained during first year of operation. These include adjusting settings on the Java Runtime Environment and some additional FAQ’s.        | +
-| 05-10-2011    | 1.2     | Brett Zamora   | Updated graphic and text placement.        | +
-| 08-10-2015    | 2.0     | Brett Zamora   | Reworked look & feel of this document and updated content to reflect a more current set of software. Also added section about preparing the workstation for the initial security audit.        | +
-| 04-06-2016    | 2.1     | Brett Zamora   | (1) Added version to the cover page. (2) Removed reference to Internet Explorer 8. The only officially supported browser is Internet Explorer 11. (3) Updated Java Runtime section to provide information about support for JRE 8. (4) Updated the SafeNet Token installation section to include a comment regarding uninstalling existing SafeNet 7.x software and also updated the section heading to point out that the section only applies to ERDS platforms, not G2G platforms. (5) Updated Table Of Contents.        | +
-| 07-27-2017    | 3.0     | Brett Zamora   | (1) Converted Workstation Installation Guide to a wiki format. Versioning will now be managed via wiki engine. (2) Updated content so that this single document contains the installation requirements for the ERDS, G2G, and APEX platforms. | +
- +
- +
- +
- +
- +
  
  
guides/entrust_certificate_installation.1505165047.txt.gz · Last modified: by administrator