TATA CONSULTANCY SERVICES LIMITED [ESECURITY - PKI PRODUCTS & SERVICES] ADVANCED TECHNOLOGY CENTRE, DECCANPARK, 1 - SOFTWARE UNITS LAYOUT

DIGITAL CERTIFICATE & IKEY USB TOKEN INSTALLATION - A USER GUIDE CONTACT BRKR BHAVAN, B-BLOCK TANKBUND ROAD HYDERABAD- 500063 WWW.APTS.GOV.IN TATA CONSULTANCY SERVICES LIMITED [ESECURITY - PKI PRODUCTS & SERVICES] ADVANCED TECHNOLOGY CENTRE, DECCANPARK, 1 - SOFTWARE UNITS LAYOUT MADHAPUR, HYDERABAD 500 081 E-MAIL: HELPDESK@TCS-CA.TCS.CO.IN WWW.TCS.COM WWW.TCS-CA.TCS.CO.IN

Table Of Contents INTRODUCTION... 3 1 DOCUMENTS SUBMISSION... 4 1.1 SUBMIT ORDER FORM... 4 1.2 SUBMIT THE REQUEST FORM AND VALIDATION DOCUMENTS... 5 2 ONLINE ENROLLMENT... 6 2.1 INSTALLING THE IKEY USB TOKEN... 7 2.2 REGISTRATION - CREATE YOUR USER ACCOUNT... 9 2.3 SUBMIT ONLINE REQUEST...11 2.4 DOWNLOAD YOUR CERTIFICATE...16 3 USAGE... 20 3.1 VIEWING YOUR CERTIFICATE...20 3.2 INSTALLATION OF THE TRUST CHAIN...21 3.3 MANAGING YOUR IKEY TOKEN...23 4 CONTACT DETAILS... 29 Page 2 of 29

I NTRODUCTION This document describes the step-by-step procedure for obtaining the Digital Certificate from Govt. of Andhra Pradesh eprocurement RA and installing the same on ikey USB Token. Page 3 of 29

1 D OCUMENTS S UBMISSION In this stage, you need to submit the required documents for obtaining the Digital Certificate. 1.1 S UBMIT O RDER F ORM 1. You have to contact APTS/ eseva for obtaining Digital Certificate. 2. APTS/ eseva will issue the Order Form for Digital Certificate. 3. You need to fill the Order Form with payment details and submits the filled-in Order Form and the payment to APTS/ eseva. 4. APTS/ eseva will verify the Order Form and will hand over the Enrollment Kit, which includes: o One USB Token o One Driver CD for the USB Token o Digital Certificate Installation and User Guide o Certificate Request Form 5. You need to sign the acknowledgement on the receipt of the Enrollment Kit. The RA will hand over the receipt of payment. Page 4 of 29

1.2 S UBMIT THE R EQUEST F ORM AND V ALIDATION D OCUMENTS You will need to complete the Certificate Request Form and collect all documents specified in the checklist at the end of the form. These documents are required for verification of your personal and/or organization details that will be mentioned in your certificate. All documents must be duly attested or notarized as specified in the checklist. Photocopies of all documents need to have original signatures of the person attesting or notarizing them. Once you collect all the documents that are required as per the checklist in the Certificate Request Form, please submit them to the following address: Andhra Pradesh Technology Services BRKR Bhavan, B-Block, 4th Floor, Tankbund Road, Hyderabad-500063 Phone: +91-40-23220305 Fax: +91-40-23228057 Note: To avoid delays in processing your request, please make sure that all required documents are submitted. If any documents are found missing or if they are not attested or notarized as required, you will have to submit them again (as per the requirements) before your application can be processed. Receipt of the Documents Once all your documents are received and verified, you will be contacted over phone by your RA Administrator who will inform you about the next step to be performed. If the verification is successful, the RA Administrator will decide on a Time Window (of 30 minutes) for you to complete the below mentioned steps in obtaining the Digital Certificate. Page 5 of 29

2 O NLINE E NROLLMENT In this stage, you need to apply online for Digital Certificate. Prerequisites System Requirements - Hardware: Availability of USB port - Operating System: Windows NT, 2000, XP - Browser: Internet Explorer 5.5 and above - You should have the Administrator privileges for installing the USB Token Browser Settings Active-X controls need to be enabled in your Internet browser. In order to ensure this, please do the following: - Open a browser window - Go to Tools >> Internet Options >> Security - Click 'Default Settings' and set to 'Medium' Page 6 of 29

You need to do the following steps for online enrollment: 2.1 I NSTALLING THE IK EY USB TOKEN ikey USB Tokens USB Tokens are secure devices that are designed to store and protect your digital certificates and the cryptographic keys associated with them. These tokens are portable and easy to use. They can be directly plugged into the USB ports available on your machine - Insert the ikey token in the USB port of the machine where you will perform the online application. Also insert the CD containing the ikey software in the CD drive. - Double-click IKEYALL.EXE to start the installation process. - Follow the instructions and complete the installation. - Once the ikey software is successfully installed on your machine, you can start using your ikey token to enroll for and store your digital certificate. Page 7 of 29

Change your ikey USB Token Password - In order to change your ikey USB Token password, you will need to access the ikey Token Utility. - Double-click the ikey icon on the system tray to launch the ikey USB Token Utility. Click the User Tools tab to access various options. - Click Change Password on the User Tools screen. Page 8 of 29

- You will first need to provide your current password. The default current password is rainbow. - Enter the new password. The password can contain alphabets and numbers and must be at least 4 characters in length. - Confirm the new password. 2.2 R EGISTRATION - CREATE YOUR USER ACCOUNT - In order to enroll for and manage your digital certificates, you will need to register for a user account. Click the following link to register: http://www.apts.gov.in Click - Click one of the two highlighted links to go to APTS Digital Certificate Registration Centre (above) Page 9 of 29

Click - Click the New User? Register link to register for your user account. - Enter your Name, Email, preferred User ID & Password Page 10 of 29

- Ensure that you remember the User ID & Password as you will need this information to access your account - Type of User» This maybe Individual, Company or Government, depending on the entity for which a certificate is needed. The verification procedure (and supporting documents required) will be different for each. - Registration Authority» This is the office through which you are applying for a digital certificate. In your case, it is Govt. of Andhra Pradesh eprocurement Registration Authority 2.3 S UBMIT O NLINE R EQUEST Note: Before proceeding, ensure that your ikey token is plugged into the USB port of your machine. - Upon successful registration, you will be redirected to your personalized certificate management center which displays the simple 4-Step enrollment procedure - Go to Step-1 to enroll for your certificate Page 11 of 29

- Read the enrollment checklist carefully and make sure that all system requirements are met. - Click Close to close the checklist and start the online enrollment. Page 12 of 29

- Please fill out the online enrollment form with the required information. Select the following options: - Certificate Class» Class-2 Certificate - Certificate Type» Signing Certificate (Single Key Pair) - Do you have a certificate request already generated?» No Page 13 of 29

Content of your Digital Certificate - Enter all your personal/organization details exactly as you would like them to appear on your certificate. Note: Once your request is generated, these details cannot be changed. - Given the legal significance of digital certificates, please ensure that all information provided is factually correct. - You Email ID is especially important in the context of digital certificates. Please ensure that you enter it correctly. If an incorrect/invalid Email ID is provided, you will be not able to download/use your certificate. Cryptographic Service Provider The Cryptographic Service Provider (CSP) is the software that generates the cryptographic keys for your digital certificate. These keys form the basis of your digital identity and will be used for digital signing and encryption operations. Since security of these keys is extremely important, they will be generated and stored on your ikey token. - In order to generate the cryptographic keys on your ikey token, select the following CSP from the dropdown menu on the enrollment page: Rainbow ikey 1000 RSA Cryptographic Service Provider Page 14 of 29

Generate Request - Once you fill out the online enrollment form, review the information provided (paying special attention to the Email ID) and click Generate Request to generate your certificate request. Note: Once your certificate request is generated, you cannot change any information. So please ensure that all information is correct before you proceed. - On successful completion of enrollment, you will see the above screen. - Make a note of the request number (highlighted above) - You can print this form for your records by clicking the Print button. 2.3.1 Call your RA Office - Once you complete the online enrollment, call your RA Administrator and inform him/ her of your request number. [Refer to previous screen]. You will also need to tell RA Administrator, your Order Form number. - The RA Administrator will verify your online request and process it if all details are properly verified. Note: If any of the details submitted by you in your online request are found to be incorrect, your request will be rejected. In such cases, you will have to repeat the online enrollment procedure. Page 15 of 29

2.3.2 Check your application status While your application is under review, you will receive automated e-mail updates on the status of your application. Notifications will be sent informing you of the following: - Receipt of your Online Request: This is sent immediately upon successful online enrollment - Generation of your Certificate: This is sent once your request and documents are verified and your certificate is generated. - Rejection of your Certificate Request: If your request is rejected for any reason, you will be intimated of the same. Note: You can always login to your user account and perform Step-3 in the Certificate Management Center to know the status of your application. 2.4 D OWNLOAD YOUR C ERTIFICATE - Once your certificate is generated, you will receive an email notification informing you of the same. This notification is sent to the email address entered during the enrollment process (Step-1). - The email will include detailed instructions and an Authentication PIN that needs to be entered at the time of certificate download. Important Note: - The certificate should be downloaded on the same ikey token where the Key Pair was generated. - It is very important that you provide a valid e-mail address at the time of enrollment. If you submit an invalid e-mail address, you will not receive the Authentication PIN and hence will not be able to download your certificate. - Insert the ikey token used during certificate enrollment into the USB port of your machine. - Click the following link: http://www.apts.gov.in Page 16 of 29

Click - Click the Download your Certificate link on the page that comes up. - Enter your User ID and Password to login to your account for certificate download. Note: If you do not remember your User ID and/or Password, please contact your RA Administrator. - Go through Step-4 in the Certificate Management Center for downloading the certificate. Page 17 of 29

Click - Click the hyperlink on the request number of your certificate. Page 18 of 29

Note: Verify the details of your certificate. If there is any problem, please contact your RA Administrator. - Enter the Authentication PIN that was emailed to you earlier. - Click Download to complete the certificate download. Note: You will not be able to download your certificate without the Authentication PIN. Page 19 of 29

3 U SAGE 3.1 V IEWING YOUR C ERTIFICATE - Once you download your certificate, you can view and verify whether it has been successfully downloaded by doing the following: - Open an Internet Explorer window - Go to Tools Internet Options Content Certificates - View the list of certificates you should be able to see a certificate containing your name on it. - Double-click your certificate in the list displayed. - Your certificate details will be displayed. - Verify the following details: Issued To Issued By Valid from to Note: If there s any problem, please contact your RA Administrator. Page 20 of 29

3.2 I NSTALLATION OF THE T RUST C HAIN Before you can use your Digital Certificate, you need to install the certificate trust chain of your Issuing Authority, i.e. Govt. of Andhra Pradesh IT&C APTS Issuing Authority. Following is the procedure for installation: - Copy the APTS_chain.p7b file from your Digital Certificate and ikey Installation CD onto your desktop. - Right-click the APTS_chain.p7b file and select Install. This will install the certificate trust chain on your machine. Page 21 of 29

To verify whether the installation is successful, please do the following: - Open an Internet Explorer window - Go to Tools Internet Options Content Certificates - Double-click your certificate and select the Certification Path. You should be able to see the following: - CCA India India PKI Page 22 of 29

- Tata Consultancy Services Certifying Authority India PKI - Govt. of Andhra Pradesh IT and C APTS Issuing Authority - Your Name 3.3 M ANAGING YOUR IK EY T OKEN 3.3.1 Accessing the ikey Token Utility - In order to manage your ikey token, you will need to access the ikey Token Utility. - Double-click the ikey icon ( ) on the system tray to launch the ikey Token Utility. - Click the User Tools tab to access various options. Page 23 of 29

3.3.2 Changing your ikey Password (Current Password) - Click Change Password on the User Tools screen. - You will first need to provide your current password. If you don t remember this password, you will not be able to change it. - Enter the new password. The password can contain alphabets and numbers and must be at least 4 characters in length. - Confirm the new password. Page 24 of 29

3.3.3 Managing your Certificate(s) - In order to manage your certificates, click the Manage button on the User Tools screen. This is the certificate management screen that provides various options for managing your certificates. Page 25 of 29

Among other things, you can: - Register/Unregister a certificate with your OS. - Remove a certificate from the token Registering your Certificate(s) In order to register a digital certificate from your operating system, select the certificate and click Register. Note: You will not see this option if the certificate already exists on your OS. Page 26 of 29

Unregistering your Certificate(s) In order to unregister a digital certificate from your operating system, select the certificate and click Unregister. Note: You will not see this option if the certificate doesn t exist on your OS. Page 27 of 29

Removing Certificate(s) from the ikey Token Note: By clicking the Remove button, your certificate and private key will be permanently deleted from the ikey token. Once deleted, the certificate cannot be restored. In such cases, you will have to procure a fresh certificate. Page 28 of 29

4 C ONTACT D ETAILS Andhra Pradesh Technology Services Limited BRKR Bhavan, B-Block, 4th Floor, Tankbund Road, Hyderabad-500063 General Help Desk Ms. Ragini / Ms. Veni Phone: 040-23224283 Certificate Processing Help Desk Mr. Ajay Kr. Rathod Mobile: 9849906374 Help Desk Mail Email pki-helpdesk@apts.gov.in Fax: +91-40-23228057 Page 29 of 29