CERTIFICATES USER GUIDE



Similar documents
Securing your Online Data Transfer with SSL

Extended SSL Certificates

Procedure for How to Enroll for Digital Signature


Using etoken for Securing s Using Outlook and Outlook Express

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

The IceWarp SSL Certificate Process

IceWarp SSL Certificate Process

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Using Remote Web Workplace Version 1.01

Yale Software Library

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid)

ENROLMENT GUIDE FOR MCACert

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

U.S. Bank Secure Mail

SSL Certificates Enrollment, Collection, Installation and Renewal Release Date: May, 2015

INFORMATION SYSTEMS SERVICE NETWORKS AND TELECOMMUNICATIONS SECTOR. User Guide for the RightFax Fax Service. Web Utility

How To Understand And Understand The Security Of A Key Infrastructure

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

Future directions of the AusCERT Certificate Service

Hosted Microsoft Exchange Client Setup & Guide Book

PKI Contacts PKI for Fraunhofer Contacts

SSL Certificates: A Simple Solution to Website Security

Digital Signature Certificate Online Enrollment Guide using etoken

APNS Certificate generating and installation

Simple Guide to Digital Signatures

Protected Trust Setup Guide for Brother MFC Devices

ClicktoFax Service Usage Manual

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

FedEx Billing Online User Guide

Installation Guide. SafeNet Authentication Service

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Importing your personal certificate(s) to Microsoft Internet Explorer from a Back-up (or export) file

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Enterprise Public Key Infrastructure (EPKI) Manager. Version 3.5

Type of Certificate: Secure Certificate

Welcome to Business Internet Banking

Entrust Certificate Services for Adobe CDS

ANZ TRANSACTIVE GETTING STARTED GUIDE AUSTRALIA & NEW ZEALAND

Installation and Configuration Guide

Weston Public Schools Virtual Desktop Access Instructions

Type of Certificate: SSL Certificate

Type of Certificate: Secure Certificate

7. In the boxed unlabeled field, enter the last 4 digits of your Social Security number.

Subscriber Application Form User Type: Government / Organization / Banking Sector

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2007

Shakambaree Technologies Pvt. Ltd.

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

Group Management Server User Guide

GLOBAL PAYMENTS AND CASH MANAGEMENT. HSBCnet Application Guide August 2006

Overview of Extended Validation (EV) SSL

On line tenders guide

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2010

F-Secure Messaging Security Gateway. Deployment Guide

BULLGUARD BAckUp GUIDE

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

PrivateServer HSM Integration with Microsoft IIS

CERTIFICATION PRACTICE STATEMENT UPDATE

The following screen shots are representative of the flow you are required to follow when logging onto to access einvoicing.

Background Information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Digital Signature Certificate Online Enrollment Guide using etoken Pro 72K (Java)

Hosted Microsoft Exchange Client Setup & Guide Book

Basics of SSL Certification

OneLogin Integration User Guide

Adobe PDF for electronic records

Websense Content Gateway HTTPS Configuration

TrustKey Tool User Manual

Initial Setup of Microsoft Outlook 2011 with IMAP for OS X Lion

Configuring your client to connect to your Exchange mailbox

MICROSOFT OUTLOOK 2003

Class 3 Registration Authority Charter

GlobalSign Enterprise PKI Support. GlobalSign Enterprise Solution EPKI Administrator Guide v2.4

X.509 Certificate Generator User Manual

HTTPS GATEWAY INSTRUCTIONS

6. Is it mandatory to have the digital certificate issued from NICCA? Is it mandatory for the sender and receiver to have a NIC id?...

ADFS Integration Guidelines

General tips for increasing the security of using First Investment Bank's internet banking

IMAP and SMTP Setup in Clients

How To Set Up A Xerox Econcierge Powered By Xerx Account

Secure User Guide Receiving Secure from Merchants Bank

3. On the Accounts wizard window, select Add a new account, and then click Next.

Soft Solutions, Inc. 4-Sight FAX 7.5. Getting Started. Soft Solutions, Inc.

Privacy Policy - LuxTNT.com

ONSITE TRACK EASY Yancoal Contractor Management Portal Portal User Guide: Company Registration. Yancoalcontractors.com.

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

How To Electronically Sign A Document On Docusign.Com

HKUST CA. Certification Practice Statement

PROCEDURE FOR DSC CONFIGURATION. A. Installation of the driver has to be done for the first time and only once.

User Guide. The AMF's File Transfer Service (FTS)

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Nevada Supreme Court Training Sessions

TABLE OF CONTENTS. Vendor Web & e-registration...2. Usage of Digital Signature Certificate...3. What is an etoken?. 4. General FAQ...

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Security Digital Certificate Manager

Transcription:

CERTIFICATES USER GUIDE 1. SERVER CERTIFICATE... 2 1.1 DAMAS WEBSITE CERTIFICATE... 2 2. USER CERTIFICATE... 4 2.1 DAMAS USER S CERTIFICATION... 4 3. THE PROCEDURE FOR ISSUING DIGITAL CERTIFICATES TO USERS... 6 3.1 THE PROCEDURE OF SUBMITTING THE APPLICATION FOR CERTIFICATE... 6 3.2 SHIPPING AND DELIVERY OF CERTIFICATES... 9 3.3 THE RENOVATION PROCESS OF THE DIGITAL CERTIFICATE... 10 4. POŠTA CRNE GORE - CONTACT INFORMATIONS... 11 Version 2 October 2014 1

1. SERVER CERTIFICATE SSL certificates are small data files that digitally bind a cryptographic key to an organization s details. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites. SSL Certificates bind together: A domain name, server name or hostname. An organizational identity (i.e. company name) and location. An organization needs to install the SSL Certificate onto its web server to initiate secure sessions with browsers. Depending on the type of SSL Certificate applied for, the organization will need to go through differing levels of vetting. Once installed, it is possible to connect to the website over https://www.domain.com, as this tells the server to establish a secure connection with the browser. Once a secure connection is established, all web traffic between the web server and the web browser will be secure. 1.1 DAMAS WEBSITE CERTIFICATE When SSL certificate is successfully installed on web server, client has to pass through few simple steps in order to efficiently navigate to DAMAS application. First step is to enter web address in web browser with https protocol https://auctions.seecao.com (see image below). Image 1. First step Once clicked on >Enter< button, the window from Image 1. shows up. Next step is to click >Continue to this website (not recommended)<. After this is done, you successfully navigated to the application login form. 2

Image 2. DAMAS login form In Navigation bar, there is notification >Certificate error<. Left click on this button, and then left click on >View certificates<, the window shows up. Image 3. Certificate information Pošta CG is not in Microsoft Trust List,but this doesn t affect functionality of certificate. It is just needed for certificate user to trust this certificate (and only for the first time). 3

2. USER CERTIFICATE The most secure and the most reliable media for storing the digital certificate is PKI USB smart token (see Image 4.) and this type of media for certificate will be used in DAMAS certification. Image 4. An example of PKI USB smart token PKI (Public Key Infrastructure) is a loaded term that involves the hardware, software, policies, and standards that are necessary to manage SSL certificates. A PKI lets you: Authenticate users more securely than standard usernames and passwords Encrypt sensitive information Electronically sign documents more efficiently. A PKI allows you to bind public keys (contained in SSL certificates) with a person in a way that allows you to trust the certificate. Public Key Infrastructures most commonly use a Certificate Authority (also called a Registration Authority - an organization that issues digital certificates to organizations or individuals after verifying their identity) to verify the identity of an entity and create unforgeable certificates. Web browsers, web servers, email clients, smart cards, and many other types of hardware and software all have integrated, standards-based PKI support that can be used with each other. A PKI is only as valuable as the standards that are established for issuing certificates. 2.1 DAMAS USER S CERTIFICATION Access to DAMAS system will be enabled only for those users who have token (certificate) issued by Pošta CG. DAMAS users that will need to apply for certificates could be separated into following groups: 1. SEE CAO staff 2. TSO s personnel and 3. Trader s personnel. 4

Regarding the TSO s, potential users of the DAMAS should be from the following departments: 1. Auction/Scheduling Office 2. IT department and 3. Financial department. Auction/Scheduling Office will be in charge of following the auction processes for borders which are of their concern. IT department will probably be in charge of supervising and ensuring the smooth communication and data exchange between the DAMAS platform and TSO s system. Financial department will take care of the settlement part and will have overview of the Finance module related to particular TSO. As these are very important and delicate tasks, all users will have a user account with TSO role in DAMAS, which of course needs to be protected through certificates. Auction Participants could have users from the following departments: 1. Trading department 2. Finance department, and if needed 3. IT department. Trading companies (Auction Participants) will have user accounts in DAMAS with Trader role through which they are going to participate in auctions. Since they will be able to bid in the name of their companies, it is mandatory for these accounts be protected through certificates. Trading departments should take care of the complete auction process bidding, examination of results, secondary market, etc. Finance department should take care of invoicing part and check the amount and the status of the invoices while IT department (if needed) should ensure the smooth communication between the DAMAS and TSO s systems. Related to abovementioned, in DAMAS system, there is many data which is highly recommended to be protected in some way. Just like data, there are actions that require total privacy and protection. Some of these data and actions are: All data that is related to finance: o Invoice reports o Settlement reports o Credit Limit data etc. Bidding process and results Resale Transfer Process of following the auctions Payment of Allocated PTRs etc. These, and many other relevant actions and data require using of SSL certificates through PKI USB smart token to provide adequate protection from eavesdropping and stealing of important data. SSL certificate on PKI USB smart token will provide secure connection to DAMAS platform, and prevent any attempt of attack on user s privacy and data. 5

Important note: In order to access to DAMAS system, users must have certificate (token)! 1 3. THE PROCEDURE FOR ISSUING DIGITAL CERTIFICATES TO USERS Pošta Crne Gore is entity that regulates infrastructure of public keys [PoštaCG-PKI] for public needs of state of Montenegro. Pošta CG uses a registration body, which works with Pošta Crne Gore DOO and that is authorized to verify the identity of users in the management of certificates such as first certification, renewal of certificates, certificate revocation, the approval of the request for certification. Issuing of digital certificates is a process that is done in three steps: 1. Receipt of Application for issuance / revocation of the certificate 2. Processing of applications 3. Shipping / delivery of certificates. Receipt of Application for issuance / revocation of the certificate will be maintained in main post offices in all municipalities. These offices represent local registration bodies of Central registration body. 3.1 THE PROCEDURE OF SUBMITTING THE APPLICATION FOR CERTIFICATE Application for certificate can be done either in personal or via courier. There is no need for users outside of Montenegro to come in person. Request is submitted on a special form which is provided for the issuance of appropriate certificate as to change the status of the certificate (recall) which electronic version (PDF and Word format) is located on the website: www.postacg-ca.me. The form is twofold. On the first page there is data that fills the client and employee of PoštaCG controls the data entered. On the reverse side is excerpt from the Treaty signed by the client at the time of delivery of the certificate and the contact information. Data on form of request are created in such way that they are organized in six main groups: First group of data - refers to selection of requirements ie. whether it is wanted issuance / renewal or change of status. If it is wanted issuance / renewal - there are three types of certificates. If the change of status is marked, then the fifth group is being filled (change of status certificate). Second group of data - refers to the personal details of the person making the request (whether a natural person or as a natural person authorized by the legal entity). 1 Token allows access to the DAMAS. Tokens are not connected to the users registered in the DAMAS system. 6

Third group of data - refers to the legal entity it is filled in the event that the applicant is identified as the authorized person of the legal entity. Note: As a proof of identification, applicant needs to provide an evidence of registration in Central Register of Business Entities. Original or stamped copy of this document is needed and it must not be older than 30 days. In case if more users apply for the tokens from the same company, one evidence of registration shall be enough. Fourth group of data - refers to the media on which to deliver the certificates and it is necessary to specify the medium which the applicant has chosen. Fifth group of data - refers to the change of status. The certificate can be extended / renewed or revoked. If the client highlights revocation of the certificate it is desirable to fill the information below. Sixth group of data - Here is entered: o the amount that the customer paid, with attached receipt of payment according to the official price list. The current o price list for the certificates is on the website: www.postacg-ca.me. place of delivery of the certificate is on counter of the post office where the application is received or in one of the post offices in all municipalities, if applicant request like this. Image 5. Fields to be checked in application form Image 5.1 Data for certificate Application Form is completed by the following procedures: 1. Client handedly signs application (lower left corner) if the application is sent via Post Express, then it is needed to send signed application; 2. Post officer enters his name, signs handedly, enters the exact date (day.month.year) in a field that is reserved for this purpose (above the seal) and verifies application post stamp; 3. Party enclose confirmation of payment according to the official price list; Note: The application is copied (only the first page) and a copy is given to the client if he requests it. It is possible to apply for the certificate and not to come in person in one of post offices in Crna Gora. All that is needed is to fill all documentation mentioned above, and send the application via courier (Post Express, DHL, TNT, etc) to Pošta CG. After the application is received, Pošta CG 7

will contact the applicant via email, and finish the procedure with appropriate clarifications if needed. If processing the application runs without any errors the procedure of generating the certificate is being made and each "certificate" is being packed in a special cer-package for delivery only via Post Express. Cer package contains: 1. USB Token 2. Envelope with a password for a Token 3. Contract with the user in two copies 4. Corresponding user and technical instructions (CD). Note: This applies to the qualified digital certificate for advanced electronic signature that is included in the token. Qualified digital certificate for electronic signature certificates and SSL certificates are not included in the token. 8

3.2 SHIPPING AND DELIVERY OF CERTIFICATES Shipping / delivery can be made over the counter at the post office where the applicant handed application or if the applicant wants in another post office in Montenegro. Delivery over the counter in the post: Authorized person PoštaCG CA sends an e-mail message to the specified e-mail address in the request with the content: Your certificate can be taken over from.. 201_. (date) the counter post office where you submitted application. On delivery, the authorized person of the Post had to identify the recipient (the applicant) and exclusivelly by the person with appropriate identification document (ID or passport). Teller in the presence of the recipient (the applicant) must open the envelope. Recipient (the applicant) must sign a contract and a signed copy to hand over to the authorized person of the Post. In case if the user(s) sends application via courier and not in person, token will be sent to the applicant via EMS (Post service Post Express), and there is no need to come in person in Montenegrin Post office. The certificate will be issued maximally 15 days upon the receivement of the application in the Pošta CG, excluding the time needed for shipping (both application and certificate). Further activation (computer users) certification is done through instructions that were submitted on the accompanying CD and these instructions are located on the website www.postacg-ca.me. On abovementioned website all relevant documents can be found, that are related to process of forwarding of application, process of taking the certificate, process of installation of certificate etc. Also, all relevant software (Documentation for token, PKI Clients etc.) that is needed can be found on page, http://www.postacg-ca.me/preuzimanje-certifikata-postacg-ca-i-softvera, just as the PostaCG version of electronic certificate that is free for download. 9

3.3 THE RENOVATION PROCESS OF THE DIGITAL CERTIFICATE Every token has period of validity of three years. After this period, token expires, and then renovation of token is needed. There are two ways of doing the renovation electronicaly or on standar way. If user wants to do it electronicaly, then he goes on http://www.postacg-ca.me/postupak-obnove-certifikata, and clicks on link elektronskim putem. After that, it is just needed to follow the instructions. As for the standard way, the procedure is the same as for getting the certificate for the first time. It is contained in four steps. 1. Two forms are needed to be filled: a) Request (WORD or PDF) b) Authorisation (WORD or PDF) Both forms need to be signed by same person. On Request form the highlighting of option for status changing of qualiffied digital certificate (in upper part of form) and option extension/renewal of certificate (in lower part of form). Name, surename, ID number and PIB number must not be changed! If some other data is changed in meantime, it should be stated in these forms. Note: Every subsequent change comes with additional expences. In lower left corner the owner of certificate must put his signature and a stamp of a company. Note: If some other person applies these documents in your name, an official memorandum document with authorization is needed. 2. On bank account number 510-109-04 (Pošta CG) is required to pay 60,00, with a note: extension of a digital certificate (the purpose of the transfer). 3. Hand over to the counter of the post office the documents: Application (Request), Authorization, receipt of payment and old etoken. 4. Upon completion of the procedures for renewal of certificate, on e-mail address you provided in the application form, you are notified when and where to come for taking over new certificate (etoken). Note: If etoken is damaged or lost, then for the extension of certificate the full price of 110,00 has to be payed. If you haven t brought confirmation and the old etoken, you cannot get the new certificate (extended). Only the owner of etoken can take over new certificate (the extended certificate)! 10

4. POŠTA CRNE GORE - CONTACT INFORMATIONS Offices of Pošta CG can be found in every city of Montenegro. In every main office, the procedure of issuing and getting the certificate can be done. In Podgorica, post offices can be found on next few addresses: 81101 Ulica Slobode 1 81103 Ulica Moskovska 40 81102 Ulica Orahovačka bb. Contact numbers are : Technical persons : +382 20-403-922 +382 20-403-981 +382 20-403-980 Natural persons: +382 20-403-904 General informations about company: Registration number 4-0009338 / 001, the Commercial Court in Podgorica Account number 510-109-04 in CKB, and account number 535-5366-04 in Prva Banka Crne Gore, established in 1901th Tax ID: 02867940 Registration Number: 02867940 All relevant informations can be found on http://www.postacg-ca.me. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information