16 “ivan vazov” str., floor 6, sofia 1000 , bulgaria, tel ... · another step sequence: tools...

16 “Ivan Vazov” Str., Floor 6, Sofia 1000, Bulgaria, tel/fax: (+3592)9210850, email:[email protected]

Instructions for installing and using

electronic signature certificates

Version 1.0


Стр. 2 от 21

MICROSOFT PRODUCTS INSTALLATION AND USE.................................................................... 3

1. HOW TO INSTALL THE INFONOTARYCERTIFICATION CHAIN................................................................. 3

1.1. Microsoft Internet Explorer ........................................................................................................ 3

1.2. Microsoft Outlook ...................................................................................................................... 7

2. MICROSOFT OUTLOOK USER PROFILE SETTINGS.................................................................................. 7

MOZILLA PRODUCTS INSTALLATION AND USE....................................................................... 11

1. HOW TO INSTALL THE INFONOTARYCERTIFICATION CHAIN............................................................... 11

1.1. Installation in Mozilla Firefox .................................................................................................. 11

1.2. Installation in Mozilla Thunderbird .......................................................................................... 15

2. INSTALLATION OF THE HARDWARE ENCRYPTION MODULE ................................................................. 15

2.1. Installation in Mozilla Firefox .................................................................................................. 16

2.2. Installation in Mozilla Thunderbird .......................................................................................... 19

3. HOW TO SET UP YOUR USER PROFILE INMOZILLA THUNDERBIRD ....................................................... 20


Стр. 3 от 21

Microsoft products installation and use

1. How to install the InfoNotary Certification chain

Before you can use your electronic signature certificate, you must install the

InfoNotary root certificates. You can locate the Certification chain either from the directory

“certificates” by inserting the installation disk or on the following web address:

http://www.infonotary.com/site/files/INotaryCertChain.p12

1.1. Microsoft Internet Explorer

Microsoft Windows is software operating system that applies central depository for

secure storage and rapid retrieval of electronic signature certificates (digital certificates). All

programs using encryption techniques do have access to this central depository. The

certificate installation is performed for the current Windows user. If two or more users work

with one system, then the installation must be performed individually for every user.

To install the InfoNotary root certificates for an active MS Windows user, follow these

steps:

Open the file “INotaryCertChain.p12” from the installation disk or log in our web site

and open the URL http://www.infonotary.com/site/files/INotaryCertChain.p12. A program

for certificate installation is started; the screen that is displayed is similar to the one shown

on the next page.


Стр. 4 от 21

Click the Next button to continue.

Click the Next button again.


Стр. 5 от 21

Leave the field Password blank and select Next.

Leave by default the ticked off option for automatic selection of the depository for

storage on the basis of the specific type of the certificate and just click on the Next button.

The program will install automatically all certificates from the chain and will ask you

for confirmation only for the root certificates:


Стр. 6 от 21

The thumbprints (that are the encryption control sums) displayed in these dialog

boxes could be compared with the ones posted on the InfoNotary web page:

To complete the installation process, select Finish.


Стр. 7 от 21

Note: The installation of your certificate in the Microsoft Windows depository is

automatically triggered once you insert the smart card into the reader so you do not need to

install it manually.

1.2. Microsoft Outlook

Microsoft Outlook uses the standard Microsoft Windows depository for certificates. If

you have finished successfully the operations described step by step in item “1. Microsoft

Internet Explorer”, then there is nothing else you must do; otherwise now is the time to

complete them.

2. Microsoft Outlook user profile settings

To be able to sign your outgoing emails, you must first assign your user profile

(account) to your electronic signature certificate, written on the smart card. Here is how:

Start the Microsoft Outlook. From menu Tools select Options, then the Security

tab and click on the Settings button.


Стр. 8 от 21

In the field Security Settings Name type your email address

Click on the Choose button and select the certificate type with which you want to

sign your correspondence. Confirm with OK.

If you tick off the Add digital signature to outgoing messages check box, every

message you send would be signed automatically with the certificate chosen by you.


Стр. 9 от 21

Furthermore, you could apply exactly the same certificate to decrypt the messages

sent to you. Keep in mind that not all certificates could be used for encryption and

decryption. It depends on the type of your certificate.

You can not only set up the application to automatically sign your messages but

choose to do it manually on a casebycase basis. If you want to create a new message but

you have not selected in the Settings the default option for sending a signed certificate,

every time you will have to add your electronic signature to the certain message. Here is

how:

You must be in “create new message” regime (button New). From the tool bar or

from the dropdown menu View select Options. Click on the Security Settings button.


Стр. 10 от 21

Select the Add digital signature to this message check box and confirm with ОК.

Every time you are sending a signed message you need to make sure that your

smart card is inserted in the reader. The system will ask for your smart card PIN code.

Note: The settings for Microsoft Outlook Express are analogous to the ones

described above. The only difference is that you select your certificate type by following

another step sequence: Tools à Accounts à tab Mail à Properties à Security.


Стр. 11 от 21

Mozilla products installation and use

Before you can use your electronic signature certificate, you must install the

InfoNotary root certificates. You can locate the Certification chain either from the directory

“certificates” by inserting the installation disk or on the following web address:

http://www.infonotary.com/site/files/INotaryCertChain.p12

1. How to install the InfoNotary Certification chain

The Mozilla products working under Windows do not apply the system central

depository for secure storage and rapid retrieval of electronic signature certificates. Every

software application uses its own depository. Therefore, in any particular case the

InfoNotary Certification chain must be installed individually for the specific Mozilla product

you use.

Get a copy of the file “INotaryCertChain.p12” from the installation disk or from our

web page.

1.1. Installation in Mozilla Firefox

Start the browser Mozilla Firefox. From menu Tools select Options.


Стр. 12 от 21

Select tab Advanced and then subtab Security, as it is shown on the picture; click

on the View Certificates button.

From this point on the installation process is analogous and for Mozilla Thunderbird.

Click on the Import button and indicate the path to the installation file of the

certification chain INotaryCertChain.p12

Leave the field Password blank and confirm with OK.

If the certificate chain is successfully completed, the following message will be

displayed:

You could see the newly installed certificates from tab “Authorities”:


Стр. 13 от 21

In the Mozilla software applications for every certificate from a Certification Authority

(CA), the user must also select level of trust. To do so, you need to define first the

certificate and then to click on the Edit button.

Now follow these steps:

• For the certificate „iNotary TrustPath Validated Email CA” tick off the check

box „This certificate can identify mail users”.

• For the certificate „iNotary Personal Q Sign CA” select the option „This

certificate can identify mail users”.


Стр. 14 от 21

• For the certificate „iNotary Company Q Sign CA” select the option „This

certificate can identify mail users”.

• For the certificate „iNotary TrustPath Validated Domain CA” select „This

certificate can identify web sites”.


Стр. 15 от 21

1.2. Installation in Mozilla Thunderbird

Start the mail client Mozilla Thunderbird. From the menu Tools select section

Options.

Click on the Privacy tab to open the window and then select the subtab Security as

it is shown on the picture; select the View Certificates button.

From this point on, the installation process in Thunderbird is analogous to the one in

Firefox. Please, refer to the previous item „1.1. Installation in Mozilla Firefox”

2. Installation of the hardware encryption module

To use your electronic signature certificates in the Mozilla based applications such as

Firefox, Thunderbird, etc., you must register encryption PKCS#11 module corresponding to


Стр. 16 от 21

your smart card. In order to set about the registration process, first it is necessary to install

a driver for the card.

2.1. Installation in Mozilla Firefox

Start Mozilla Firefox. From menu Tools select Options.

Now select tab Advanced à subtab Security, as it is shown on the picture and click

on the Security Devices tab.


Стр. 17 от 21

To add a new device, select the Load button.

Change the name of the module (Module Name) as you like.

Select PKCS#11 library corresponding to your smart card.

For Siemens this is the file WINDOWS\system32\siecap11.dll


Стр. 18 от 21

If you have selected the right module, a dialog box similar to the one below would be

displayed:

Now select ОК to confirm the operation.

After you complete the process and conform it with the OK button, your smart card

will be visible in the accessible devices list.


Стр. 19 от 21

2.2. Installation in Mozilla Thunderbird

Start Thunderbird and from the menu Tools select Options.

Select tab Privacy, then subtab Security, as it is shown on the picture and click on

the Security Devices button.

From this point on, the installation process in Thunderbird is analogous to the one in

Firefox. Please, refer to the previous item „2.1. Инсталация в Mozilla Firefox”.


Стр. 20 от 21

3. Mozilla Thunderbird user profile settings

To be able to sign your outgoing emails, you must first assign your user profile

(account) to your electronic signature certificate, written on the smart card. Here is how:

Select menu Tools à Account Settings à Security, as it is shown:

Now click on the Select button from the column Digital Signing.

A Select Certificate screen is displayed:


Стр. 21 от 21

Select the certificate you want to use from the smart card and confirm with OK.

If the option Digitally sign messages (by default) is checked, every message you

send will be automatically signed with the certificate you have selected.

Thunderbird will offer you to apply exactly the same certificate to decrypt the

messages sent to you. In case you decline to do so, you could assign a certificate for email

decryption from button Select in the column Encryption. Keep in mind that not all

certificates could be used for encryption and decryption. It depends on the type of your

certificate.

16 “ivan vazov” str., floor 6, sofia 1000 , bulgaria, tel ... · another step sequence: tools...

Documents