RCA and ICA Installation Guide

PKI repository

PKI Certificate Authority (CA) certificates are included in client certificate in CDP extension and are publicly available on following links

1. Root CA certificate - http://pki.staging.vms.frcs.org.fj/pki/VMSRCAStaging.cer 2. Issuing CA certificate - http://pki.staging.vms.frcs.org.fj/pki/VMSICA1Staging.cer

PKI usage

Usage of client certificate from FRCS VMS Staging PKI depends on the following requirements: 1. Adding Root CA certificate ("VMSRCAStaging.cer" for Staging environment) to Trusted Root Certificate Authority store 2. Adding Issuing CA certificate ("VMSICA1Staging.cer" for Staging environment) to Intermediate Root Certificate Authority store

Configuration examples

Example 1: Windows 7 (and higher) Operating System with Chrome | Edge Download the certificates from the abovementioned links

Figure 1 Download the Certificates to your PC

VMS RCA and ICA Staging certificate installation Right click on the file VMS RCA Staging certificate, and choose install Certificate

Figure 2 Right click on the file to install Certificate

Follow the Wizard for complete the installation. In order to proceed with the installation, make sure you have the Admin access.

Figure 3 Wizard - Choose Store Location

Figure 5 Follow the Wizard

Figure 4 Follow the Wizard

Figure 6 Follow the Wizard

Figure 7 Follow the Wizard

Figure 8 Follow the Wizard - Import Successful

To make sure you have the Certificate properly installed, search it via Windows search:

Figure 9 Search for installed Certificate

If installation has been successful, you’ll find the Certificate at this location:

Figure 10 Certificate Location

For installing ICA Certificate, right click the ICA staging Certificate file from the same downloaded location. Follow the Wizard to complete the installation. In order to proceed with the installation, make sure you have the Admin access.

Figure 12 Follow Wizard

Figure 11 Follow Wizard

Figure 13 Follow Wizard

Figure 14 Follow Wizard

Figure 15 Follow Wizard

Figure 16 Follow Wizard - Import Successful

To make sure you have the Certificate properly installed, search it via Windows search:

Figure 17 Search for the Certificate

If installation has been successful, you’ll find the Certificate at this location:

Figure 18 Location of the Certificate

Example 2: Windows 7 (and higher) Operating System with Firefox

To install the certificates, follow these steps: 1. Download the Certificate from http://pki.staging.vms.frcs.org.fj/pki/VMSRCAStaging.cer and in Firefox select

a. Tools->Option->Advanced->Certificate click View Certificate b. Point to Authorities and Click import c. Browse to VMSRCAStaging.cer and confirm d. Check box for trust website and software developers

2. Download the Certificate from http://pki.staging.vms.frcs.org.fj/pki/VMSICA1Staging.cer and in Firefox select a. Tools->Option->Advanced->Certificate click View Certificate. b. Point to Authorities and Click import c. Browse to VMSICA1Staging.cer and confirm d. Check box for trust website and software developers

3. Depending on end-user certificate type, do the following: a. Type 2: Retrieve PKCS#12 client certificate file from VMS Staging system and in Firefox select

a. Tools->Option->Advanced->Certificate click View Certificate. b. Point to Your Certificate and Click import c. Browse to PKCS#12 file and confirm d. Enter PKCS#12 password when required

b. Type 4: Retrieve smart card from VMS Staging system a. Install smart card reader driver if not automatically installed b. Download OpenSC - https://github.com/OpenSC/OpenSC/releases (current release is 0.17). c. Follow steps describes in link https://github.com/OpenSC/OpenSC/wiki/Installing-OpenSC-PKCS%2311-Module-in-Firefox,-Step-by-Step d. Insert smart card from VMS staging into smart card reader.

4. Firefox uses client certificate from its own store (not from Windows CurrentUser My store). Open this store by selecting Tools->Option->Advanced->Certificate, click View Certificate and in "Your Certificate" look for a certificate starting with first 4 character of certificate serial number in VMS Staging Environment (on smart card serial number, 8 characters length, is printed on card). In this case Firefox is verifying all certificates in path for validity.

Examples 3: other platforms

1. Download the Certificate from http://pki.staging.vms.frcs.org.fj/pki/VMSRCAStaging.cer and use browser manual to import the certificate to Trusted CA certificate store 2. Download the Certificate from http://pki.staging.vms.frcs.org.fj/pki/VMSICA1Staging.cer and use browser manual to import the certificate to CA certificate store