Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
RCA and ICA Installation Guide
PKI repository
PKI Certificate Authority (CA) certificates are included in client certificate in CDP extension and are publicly available on following links
1. Root CA certificate - http://pki.staging.vms.frcs.org.fj/pki/VMSRCAStaging.cer 2. Issuing CA certificate - http://pki.staging.vms.frcs.org.fj/pki/VMSICA1Staging.cer
PKI usage
Usage of client certificate from FRCS VMS Staging PKI depends on the following requirements: 1. Adding Root CA certificate ("VMSRCAStaging.cer" for Staging environment) to Trusted Root Certificate Authority store 2. Adding Issuing CA certificate ("VMSICA1Staging.cer" for Staging environment) to Intermediate Root Certificate Authority store
Configuration examples
Example 1: Windows 7 (and higher) Operating System with Chrome | Edge Download the certificates from the abovementioned links
Figure 1 Download the Certificates to your PC
VMS RCA and ICA Staging certificate installation Right click on the file VMS RCA Staging certificate, and choose install Certificate
Figure 2 Right click on the file to install Certificate
Follow the Wizard for complete the installation. In order to proceed with the installation, make sure you have the Admin access.
Figure 3 Wizard - Choose Store Location
Figure 5 Follow the Wizard
Figure 4 Follow the Wizard
Figure 6 Follow the Wizard
Figure 7 Follow the Wizard
Figure 8 Follow the Wizard - Import Successful
To make sure you have the Certificate properly installed, search it via Windows search:
Figure 9 Search for installed Certificate
If installation has been successful, you’ll find the Certificate at this location:
Figure 10 Certificate Location
For installing ICA Certificate, right click the ICA staging Certificate file from the same downloaded location. Follow the Wizard to complete the installation. In order to proceed with the installation, make sure you have the Admin access.
Figure 12 Follow Wizard
Figure 11 Follow Wizard
Figure 13 Follow Wizard
Figure 14 Follow Wizard
Figure 15 Follow Wizard
Figure 16 Follow Wizard - Import Successful
To make sure you have the Certificate properly installed, search it via Windows search:
Figure 17 Search for the Certificate
If installation has been successful, you’ll find the Certificate at this location:
Figure 18 Location of the Certificate
Example 2: Windows 7 (and higher) Operating System with Firefox
To install the certificates, follow these steps: 1. Download the Certificate from http://pki.staging.vms.frcs.org.fj/pki/VMSRCAStaging.cer and in Firefox select
a. Tools->Option->Advanced->Certificate click View Certificate b. Point to Authorities and Click import c. Browse to VMSRCAStaging.cer and confirm d. Check box for trust website and software developers
2. Download the Certificate from http://pki.staging.vms.frcs.org.fj/pki/VMSICA1Staging.cer and in Firefox select a. Tools->Option->Advanced->Certificate click View Certificate. b. Point to Authorities and Click import c. Browse to VMSICA1Staging.cer and confirm d. Check box for trust website and software developers
3. Depending on end-user certificate type, do the following: a. Type 2: Retrieve PKCS#12 client certificate file from VMS Staging system and in Firefox select
a. Tools->Option->Advanced->Certificate click View Certificate. b. Point to Your Certificate and Click import c. Browse to PKCS#12 file and confirm d. Enter PKCS#12 password when required
b. Type 4: Retrieve smart card from VMS Staging system a. Install smart card reader driver if not automatically installed b. Download OpenSC - https://github.com/OpenSC/OpenSC/releases (current release is 0.17). c. Follow steps describes in link https://github.com/OpenSC/OpenSC/wiki/Installing-OpenSC-PKCS%2311-Module-in-Firefox,-Step-by-Step d. Insert smart card from VMS staging into smart card reader.
4. Firefox uses client certificate from its own store (not from Windows CurrentUser My store). Open this store by selecting Tools->Option->Advanced->Certificate, click View Certificate and in "Your Certificate" look for a certificate starting with first 4 character of certificate serial number in VMS Staging Environment (on smart card serial number, 8 characters length, is printed on card). In this case Firefox is verifying all certificates in path for validity.
Examples 3: other platforms
1. Download the Certificate from http://pki.staging.vms.frcs.org.fj/pki/VMSRCAStaging.cer and use browser manual to import the certificate to Trusted CA certificate store 2. Download the Certificate from http://pki.staging.vms.frcs.org.fj/pki/VMSICA1Staging.cer and use browser manual to import the certificate to CA certificate store