certification issuing in 2k3

7/29/2019 certification issuing in 2k3

1/25

PKWARE, the PKWARE Logo, and PKZIP are registered trademarks of PKWARE, Inc. SecureZIP is a trademark of PKWARE, Inc.Trademarks of other companies mentioned appear for identification purposes only and are the property of the respective companies.

1.7/12/05

Configure a PKI Using MicrosoftWindows

Server 2003fyoudonotalreadyhaveapublickeyinfrastructure(PKI)inplacewithin

yourorganizationandyouwouldliketotakeadvantageoftheSecureZIP

featuresthatusedigitalcertificates,hereshowtoconfigurethetoolsfor

creatingaPKIthatMicrosoftincludeswithWindowsServer2003.

Apublickeyinfrastructureisasystemtosupportissuing,using,andmanagingdigitalcertificatesthatusepublickeycryptographytovalidateandsecure

electronictransactions.

WithaPKI

in

place,

SecureZIP

can

use

digital

certificates

to

strongly

encrypt,

digitallysign,andauthenticatefiles.YoucanevenattachthefilestoMicrosoft

OutlookemailmessagesdirectlyfromSecureZIP.

TomakefulluseofSecureZIPscertificatebasedsecurityfeatureswith

WindowsServer2003,youmustfirstdeployMicrosoftActiveDirectoryor

anotherLDAPcompliantdirectoryservicetoprovideaccessiblelocationsfor

storingcertificates,andyoumustinstallCertificateServices.Certificate

Servicesenablesyoutosetupanenterprisecertificationauthorityfromwhich

torequestcertificates.CertificateServicesalsohelpsyoumanagecertificates.

Note : To access certificates stored in Active Directory, SecureZIP requiresthe Directory Integration module, a separately licensed add-on to

SecureZIP.

SecureZIP uses certificates stored on an Active Directory server only for

encrypting. SecureZIP does not use certificates in a directory to digitallysign files or to authenticate digital signatures.

ThisbriefguidedescribeshowtoinstallActiveDirectoryandCertificate

ServicesonWindowsServer2003,EnterpriseEdition,andhowtouse

CertificateServicestosetupyourowncertificationauthority(CA).Onceyou

havethe

CA

set

up,

you

can

begin

making

certificate

requests.

ThisguideassumesthatyouhavetheIISWebserverinstalled.Youmusthave

IISinstalledtousetheWebenrollmentfeaturesofMicrosoftCertificate

Services.

I


2/25

HOW TO CONFIGURE A PKI USING MICROSOFT WINDOWS SERVER 2003

2

FormorecomprehensiveinformationaboutActiveDirectoryandCertificate

Services,seethetopleveltopicsActiveDirectoryandSecurityonthe

MicrosoftWindowsServer2003TechCenterWebsite:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba1a0942b581c83ecca4ddde5e.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba-1a09-42b5-81c8-3ecca4ddde5e.mspx


3/25


3

Contents

Configure a PKI Using Microsoft

Windows Server 2003....................................1Install Microsoft Active Directory ............................................................................... 4Install Certificate Services as an Enterprise Root Certification Authority.................. 9

Request and Install User Certificates......................................................................14Use the Web Enrollment Form ................................................................................ 14Use the Certificate Management Console............................................................... 17

Configure SecureZIP for WindowsTo Access Your Certificates ......................... 21Point SecureZIP to Active Directory Certificate Stores ........................................... 21Specify Default Certificates in SecureZIP ............................................................... 23Turn On Encryption and/or Signing in SecureZIP ................................................... 24


4/25


4

Install Microsoft Ac tive Directory

ThefollowingstepsdescribehowtoinstallActiveDirectoryonWindows

Server2003,

Enterprise

Edition.

Active

Directory

provides

aplace

to

keep

the

publickeyportionofacertificatewhereitcanbeaccessedforasymmetric

encryption.Yourpersonalcertificate(s)withtheirprivatekeysareinstalledon

yourownmachine.

ThestepsbelowdescribehowtoinstallActiveDirectoryinanewdomain.

1. LogintotheWindows2003serverthatyouwanttomakethedomain

controllerforanewdomain.

2. OpentheActiveDirectoryInstallationwizard:FromtheStartmenu,

selectRun

.

Type:dcpromo

.

ClickOK

.

3. SelecttheoptionDomaincontrollerforanewdomain,asshownabove,andchooseNext.


5/25


5

Adialogopensinwhichtoselectatypeofdomain.

4. SelectDomaininanewforest,asshownabove,andchooseNext.Thisopensadialoginwhichtospecifyanameforthenewdomain.

5. Enteranameforthedomain.Microsoftrecommendsusing.localor

.domfor

internal

domains,

but

you

may

use

any

domain

name

you

like.ChooseNext.


6/25


6

AdialogopensinwhichtospecifyaNetBIOSnameforthedomain.

6. AccepttheproposedNetBIOSnameorenteradifferentoneand

chooseNext.

AdialogopensinwhichtospecifyfolderlocationsfortheActive

Directorydatabaseandlogfiles.


7/25


7

7. SelectlocationsfortheActiveDirectorydatabaseandlogfile.Choose

Nexttoopenadialoginwhichtospecifyafoldertobesharedasthe

systemvolume.

8. SpecifyalocationforthesharedsystemvolumeandchooseNext.

ThefollowingdialogappearsifDNSisnotalreadyinstalledonthe

localcomputer.

ToinstallDNS,selectInstallandconfiguretheDNSserver,asshowninthescreenshotabove,andchooseNext.


8/25


8

Adialogopensinwhichtospecifythetypeofpermissionsyouwant

ActiveDirectorytouse.

9. SelectwhethertoinstallActiveDirectorytousepermissions

compatiblewithpreWindows2000operatingsystems(mixedmode)

orpermissionscompatibleonlywithWindows2000orWindows

Server2003operatingsystems(nativemode).

MixedmodesupportspreWindows2000domaincontrollers;native

modedoesnot.Nativemodeispreferableifyoudonotneedto

supportprogramsrunningonpreWindows2000operatingsystems.

ChooseNexttodisplayasummaryofyoursettings.


9/25


9

10.ChooseNexttoinstallActiveDirectory.

AfterActiveDirectoryisinstalled,youarepromptedtoreboot.Youcanthen

logintothedomain.Atthispoint,youcanconfigureworkstationstojoinand

login

to

the

domain.

For clients to find the new domain, you must update any lookup zones on

your internal DNS servers to point to the new domain controller.Alternatively, you may point clients to the new domain controller for DNS.

If clients require Internet name resolution, you will need to configure this

on the forwarders tab on the new domain controllers internal DNS server.

FormoreinformationaboutworkingwithaDNSserver,seethetopic,DNS

serverrole:ConfiguringaDNSserver,ontheMicrosoftWindowsServer

2003TechCenterWebsite:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S

erverHelp/4e1c7b1716ab4e7da33315befb15c82e.mspx

Install Cert ificate Services as an Enterprise Root Cert ificat ion

Authority

ThefollowingstepsdescribehowtoinstallCertificateServicesonWindows

Server2003,EnterpriseEdition,andhowtosetupanenterpriseroot

certificationauthority.CertificateServicesenablesyoutorequestandmanage

certificates.

ThesestepsassumethatActiveDirectoryisalreadydeployed.

1. Logintoadomaincontrollerormemberserverwithanaccountthatis

amemberofboththeEnterpriseAdminsgroupandtheDomain

Adminsgroup.

Note : If your organization has, or has ever had, any Windows 2000

Certificate Authorities, you must install the new Windows 2003 certificatetemplates before proceeding. See Install new templates and upgrade

existing templates on the Microsoft Windows Server 2003 TechCenter Website:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library

/ServerHelp/9944aee5-cd81-4f4a-8e4c-109e913a0d79.mspx

2. OpentheAdd/RemoveProgramsapplicationintheControlPanel.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9944aee5-cd81-4f4a-8e4c-109e913a0d79.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9944aee5-cd81-4f4a-8e4c-109e913a0d79.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9944aee5-cd81-4f4a-8e4c-109e913a0d79.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9944aee5-cd81-4f4a-8e4c-109e913a0d79.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9944aee5-cd81-4f4a-8e4c-109e913a0d79.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/4e1c7b17-16ab-4e7d-a333-15befb15c82e.mspx


10/25


10

3. SelectAdd/Remove Windows Components.

4. IntheWindowsComponentswizard,highlightCertificateServicesandchooseDetails.SelectboththeCertificateServicesCAandWebEnrollment

Support.

Choose

OK.

Adialog

appears

with

anote

cautioning

that

the

local

machine

name

anddomainmembershipwillbeboundtotheCAinformation.


11/25


11

5. ChooseYes.Adialogopensinwhichtoselectthetypeofcertification

authoritytosetup.

6. SelectEnterpriseRootCA.InstallinganenterpriserootCAallowsallcomputersthataremembers

ofthetargetdomaintoautomaticallytrusttheCA.

IfyouknowhowtoconfigureaCA,youcanalternativelyselecta

standalonerootorsubordinateCA.SecureZIPworkswitheitherof

these

as

well.


12/25


12

ChooseNexttoopenadialoginwhichtodefinetheCA.

7. SpecifyanameandvalidityperiodfortheCA.ChooseNext.

Adialogopensinwhichtoenterlocationsforthecertificatedatabase

andlog.

8. Specifythelocationsforthecertificatedatabase,databaselog,andthe

sharedfolder(defaultsareacceptable).Choose:Next.

IfIISisrunning,apromptinformsthatitneedstoberestarted.Choose

OK.


13/25


13

Setupnowcompletes.YoumayberequiredtoinsertyourWindows

2003Serverinstallationmediaortopointtheinstallertoa.cabfileon

thenetwork.


14/25


14

Request and Install User Cer t ificatesNowthatCertificateServicesisinstalledandreadytouse,userscanrequest

certificatesfromtheenterprisecertificationauthority(CA)setupintheprecedingsteps.

Userscanrequestcertificatesintwoways:

UsingtheCAsWebenrollmentform

UsingtheCertificateManagementconsole

Bothmethodsinstalltherequestedcertificatesprivatekeyintotheloggedin

userspersonalstore.IftheCAhasbeenconfiguredasanenterpriseCA,the

CAautomatically

publishes

keys

into

Active

Directory.

Bothmethodsinstalltherequestedcertificatewithitsprivatekeyonthelocal

WindowscomputerandpublishthecertificatespublickeytoActive

Directory.

Use the Web Enrollment Form

UserscanenrollforpersonalcertificatesthroughtheCertificateServicesWeb

enrollmentformlocatedattheURL:

http://servername/CertSrv

whereservernameisthenameoftheWebserverrunningWindowsServer

2003wheretheCAyouwanttoaccessislocated.

Thefollowingstepsshowastraightforwardwaytorequestausercertificate

throughWebenrollment.Astheaccompanyingscreensindicate,theprocess

canbecustomizedinvariousways.

FordetailedinstructionsonrequestingcertificatesovertheWeb,seethetopic,

Submit

a

user

certificate

request

via

the

Web

to

a

Windows

Server

2003

CA,

ontheMicrosoftWindowsServer2003TechCenterWebsite,here:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S

erverHelp/b105bc5ddb4a457090f1873819d3a5cf.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/b105bc5d-db4a-4570-90f1-873819d3a5cf.mspx


15/25


15

TheTechCenterWebsitealsocontainsawealthofinformationon

administeringaCAandonmanagingcertificates.

TouseWebenrollmenttorequestausercertificate:

1. InyourInternetExplorerbrowser,navigatetotheURLoftheWeb

formfortheCAfromwhichyouwanttorequestausercertificate.For

example,foraCAlocatedonWebserverabc-corp-ca,navigateto:

http://abc-corp-ca/certsrv/

2. OntheWelcomescreenshownabove,choosethelink,Requestacertificate,

to

open

the

page

shown

below.


16/25


16

3. Choosethelink,UserCertificate,toopenthepageshownbelow.

4. ChoosetheSubmitbuttontosubmityourrequest.Thefollowing

messagedisplays.

5. ChooseYestocompleteyourrequest.Thefollowingconfirmation

screen

displays.


17/25


17

6. ChooseInstallthiscertificatetoinstallthecertificatewithitsprivatekeyonthelocalmachineandtopublishthepublickeytoActiveDirectory

whereitcanbeaccessedbyotherusers.

Use the Cert ificate Management Console

AsanalternativetorequestingacertificatethroughaCAsWebenrollment

form,asdescribedabove,userscanusetheCertificateManagementconsoleto

requestacertificatefromanenterpriserootCA.TheCertificateManagement

consoleisaMicrosoftManagementConsole(MMC)snapinthatisincluded

withNT5.0andlaterversionsofWindows.ItusesLDAPtoqueryPKI

informationfromalocaldomaincontroller.

1. OpentheCertificateManagementconsole(certmgr):FromtheStart

menu,choose

Run.

Enter

certmgr.msc,

as

shown

below,

and

chooseOK.


18/25


18

2. RuntheCertificateRequestwizard:Inthecertmgrconsole,expandthe

Personalfolderintheconsoletree(lefthandpane).Rightclickthe

Certificatesfoldertoopenthecontextmenu.ChooseAll Tasks|

Request New Certificate,asshownbelow.

3. IntheCertificateRequestwizard,selectthetypeofcertificateyou

wanttorequest:SelectUser,asshownbelow,andchooseNext.


19/25


19

4. Asshownbelow,enterafriendlynameanddescriptionthatwillhelp

youidentifythecertificate.ChooseNext.

5. Inthefinalwizardscreen,reviewyoursettings.Iftheyareokay,

chooseFinishtocompletethewizard.


20/25


20

6. CheckintheCertificateManagementconsoletoconfirmthatyour

certificatehasbeenissuedandinstalledinyourpersonalcertificate

store.


21/25


21

Configure SecureZIP for Window sTo Access

Your Cert ificatesToconfigureSecureZIPforWindowstousecertificatesfor

encryption/decryptionandforworkingwithdigitalsignatures,youmustdo

thesethingsinSecureZIP:

AddtheActiveDirectorycertificatestore(s)tothelistofstoresthat

SecureZIPchecksforcertificates

Haveeachuserdesignateadefaultcertificatetousewhenhedoes

certificatebasedencryption

Turnon

encryption

or

signing

in

SecureZIP

to

have

SecureZIP

encrypt

orsignfiles

Point SecureZIP to Act ive Directory Cert ificate Stores

ForSecureZIPforWindowstoaccessyourActiveDirectorycertificatesto

encryptforthecertificatesowners,youmusttellSecureZIPwherethe

certificatesare.

Todothis,openSecureZIPanddothefollowing:

1.In

the

Tools

menu,

select

Options

to

open

the

SecureZIP

Options

dialog.

2. SelecttheSecuritycategory.

3. SelecttheCertificateStorestabtoseealistofcertificatestores

SecureZIPcansearch..

TheCertificateStoreslistcontainsanitemforeverycertificatestore

SecureZIPknowsabout.AstoreislabeledeitherLocalorLDAPinthe

Typecolumn,dependingonwhetherthestoreisonyourlocalsystem

oronanLDAPcompliantdirectoryserversuchasActiveDirectory.

LDAPis

aprotocol

used

by

Active

Directory

and

other

directory

servers.


22/25


22

4. ChoosetheAddbuttontoopenanewLDAPPropertiespage.

5.In

the

LDAP

Properties

dialog,

fill

in

the

fields

with

the

information

SecureZIPneedstoaccessthedirectory.Whendone,chooseOKto

returntotheCertificateStorestab.

ThefieldsintheLDAPPropertiesdialogaredescribedinthefollowing

table.ThefieldsmarkedOptionalmaybeleftblankunlesstheyare

requiredtoaccesstheserver.OnlytheNameandBasefieldsare

required.


23/25


23

Field Description

Name A label to identify the server in the Certificate Stores list. Forexample: Gamma

Server (Optional) The TCP/IP address of the LDAP server or a namethat resolves to such an address. For example: 192.172.0.1

Port (Optional) The TCP/IP port to use. Port 389 is customary and isentered as the default.

Base The name of the entry that SecureZIP should use as the base orroot of the LDAP search for certificates, analogous to a rootfolder or directory in a file system. For example:cn=users,dc=xyz,dc=com

The query string format for the LDAP base can vary betweenLDAP implementations. For example, a server may expect querystrings in the Internet domain-style format used by default byMicrosoft Active Directory (for example,cn=users,dc=xyz,dc=com), or it may expect them in X.500

naming format (for example, o=xyz,c=US). Check with yourLDAP or network administrator for the query string to use.

User (Optional) The user account with which to log in if the LDAPserver requires a login

Password (Optional) The password associated with the user account

6. OntheCertificatesStorestab,chooseOKorApplytosavethenew

certificatestoreforSecureZIPtouse.

Specify Default Cert ificates in SecureZIPUsersmayhaveoneormorepersonalcertificatesthattheyusetosignfilesor

to ensurethattheycandecryptfilesthattheyencryptforothers.Ifauserhas

onlyonecertificate,SecureZIPautomaticallyusesthatcertificate.Ifauserhas

morethanone,theusercantellSecureZIPwhichcertificatetousebydefault.

Tospecifyadefaultcertificatetousewhenencryptingforyourself:

1. InSecureZIP,intheToolsmenu,selectOptionstoopenthe

SecureZIPOptionsdialog.

2.Select

the

Security

category.

3. SelecttheEncryptiontab.


24/25


24

4. IntheMethoddropdown,selectoneofthetwoRecipientlistoptionstoenablethelistofpersonalcertificates.

Inthelist,avalidcertificatedisplayswithagreencheckmark; an

invalid

certificate

shows

a

red

X.

5. Selectacertificatetousebydefault.

Ifyouhaveonlyone,itisusedautomatically.

Tospecifyadefaultcertificatetousewhensigning:

1. InSecureZIP,intheToolsmenu,selectOptionstoopenthe

SecureZIPOptionsdialog.

2. SelecttheSecuritycategory.

3.

Select

the

Authentication

tab.

4. Selectacertificatetousebydefaultfromthelistofyourpersonal

certificates.

Ifyouhaveonlyonecertificate,itisusedautomatically.Avalid

certificatedisplayswithagreencheckmark; aninvalidcertificate

showsaredX.

Turn On Encrypt ion and/or Signing in SecureZIP

TousecertificatestoencryptorsignfilesinSecureZIP,thosefunctionsmust

beturned

on.

SecureZIP

then

routinely

encrypts

and/or

signs

files

until

you

turnthefunctionsoff.

Bydefault,encryptionisturnedonandsigningisturnedoff.

Toturnoncertificatebasedencryption:

1. OntheEncryptiontabofSecurityOptions,intheMethoddropdown

list,selectoneofthefollowing:

o Strong:RecipientList

o Strong:Recipient

List

or

Password

2. ChecktheboxEncryptfiles.SeetheSecureZIPhelpforother,moredirectwaystoturnonencryption.


25/25


25

Toturnonsigning,chooseSign Files on/offfromtheActionsmenu.Again,

thereareother,moredirectways.

SecureZIPisnowsetuptodocertificatebasedencryptionandapplydigital

signatures.

Documents

certification issuing in 2k3