Registration and Renewal procedure for Dexia Certificate

Registration and Renewal procedure for Dexia Certificate GTU Environment Dexia Users Associated Dexia Technology Services Page: 1 / 25

Table of contents TABLE OF CONTENTS 2 1 INTRODUCTION 3 2 CONTACT 3 3 CONFIGURATION 3 4 REGISTRATION PROCEDURE 4 4.1 PRE-REQUISITES 4 4.2 IMPORT THE DEXIA GROUP ROOT CA GTU CERTIFICATE 4 4.3 IMPORT THE DEXIA BANK BUSINESS CA GTU CERTIFICATE 9 4.4 GENERATE YOUR CERTIFICATE REQUEST IN YOUR WINDOWS PROFILE 12 4.5 DOWNLOAD OF YOUR PERSONAL CERTIFICATE 15 4.6 BACKUP YOUR KEYS AND CERTIFICATE 18 4.7 IMPORT YOUR KEYS AND CERTIFICATE ON ANOTHER COMPUTER 23 5 RENEWAL PROCEDURE 25 Associated Dexia Technology Services Page: 2 / 25

1 Introduction This document describes the issuance or renewal procedure to issue your Dexia GTU certificate using DCM GTU (Dexia Certificate Management) website. A Dexia certificate is composed of two pieces of information (a private key and a public key). Public and private keys are like two halves of a single key (a public key is used to encrypt or "lock" a message, and only the complementary private key can "unlock" that message). The export must be achieved to make a backup of all keys or to use the keys on another machine. 2 Contact DTS Certificate Services : info-pki.be@dexia.com 3 Configuration Environnement Windows (XP, 2003, Vista, 7). Internet Explorer. Associated Dexia Technology Services Page: 3 / 25

4 Registration Procedure Scenario : - You will send or receive secure Emails from/to Dexia through SecureEDI, and you must configure your mail client so it will be able to check the signature or apply the encryption. 4.1 Pre-requisites Your UserID - You will send or receive files with FTP/SSL through SecureEDI - You will connect to web applications using a SSL client certificate Your Authorisation Code 4.2 Import the Dexia Group Root CA GTU certificate This Certification Authority has been renewed in 2011 This should be reinstalled 1 time Before trusting certificates issued by Dexia, you need to trust the Certification Authorities ( CA ) of Dexia. Root Certification Authority of Dexia Group is at the top of the certification path. This Root CA is the single point of trust. This certificate must be imported first. 1. Download it from http://pki.dexia.com/certificate/rootcagtu_2011.crt 2. This panel appears. Choose «Open». Associated Dexia Technology Services Page: 4 / 25

3. Select «Install Certificate». 4. And «Next». Associated Dexia Technology Services Page: 5 / 25

5. Select «Place all certificates in the following store» and click «Browse». 6. Select «Trusted Root Certification Authorities» and click OK Associated Dexia Technology Services Page: 6 / 25

7. Select «Next». 8. And «Finish».. Associated Dexia Technology Services Page: 7 / 25

9. The following message is displayed only for RootCA import. You have to check «Serial Number», «Thumbprint (sha1)» & «Thumprint (md5)». They must be exactly the same than reported below. Afterwards, select «Yes». 10. Click «OK» to finish the import. Associated Dexia Technology Services Page: 8 / 25

4.3 Import the Dexia Bank Business CA GTU certificate This Certification Authority has been renewed in 2011 This should be reinstalled 1 time The Dexia Business Certification Authority (Business CA) issue certificates for e-transfer on all business lines of Dexia. 1. Download certificate from http://pki.dexia.com/certificate/businesscagtu_2011.crt. 2. Choose «Open» and click «OK». 3. Select «Install Certificate». Associated Dexia Technology Services Page: 9 / 25

4. Choose «Next». 5. Choose «Next» again. Associated Dexia Technology Services Page: 10 / 25

6. And «Finish». Associated Dexia Technology Services Page: 11 / 25

4.4 Generate your certificate request in your Windows profile 1. Connect to the registration website : https://tst-pki-dexia-com.dbb.dexwired.net/dcm 2. Enter your UsedID (received by mail) and your Authorisation Code (received by fax or by post) and click on Login. 3. Click on «Request a certificate» Associated Dexia Technology Services Page: 12 / 25

4. Click on the certificate type (e.g. Dexia Professional Certificate Policy) 5. Click «Yes» to the confirmation for the «Digital certificate operation» Associated Dexia Technology Services Page: 13 / 25

6. Verify the data presented and press «Submit» if correct. 7. Your certificate request will be submitted to Dexia Bank in order to be issued. A Dexia security administrator will be automatically warned of your pending request. Associated Dexia Technology Services Page: 14 / 25

4.5 Download of your personal certificate As soon as Dexia Bank has verified all your information, you will receive a mail containing the confirmation of the generation of your personal certificate and an installation procedure. You have to reconnect to the registration web site to download your certificate. The procedure described in the mail must be achieved on the same workstation used for the creation of your request (see step 4.4). 1. Connect to the registration website : https://tst-pki-dexia-com.dbb.dexwired.net/dcm 2. Enter your UsedID and your Authorisation Code and click on «Login». Associated Dexia Technology Services Page: 15 / 25

3. Click on «Download your requested certificate» 4. Click «Yes» to the confirmation for the «Digital certificate operation» Associated Dexia Technology Services Page: 16 / 25

5. Click «Install this certificate» The certificate is now installed on your workstation. Troubleshooting : If you receive following message Error 0x80096004, please verify the correct execution of the point 4.2 and 4.3 of the present procedure. Associated Dexia Technology Services Page: 17 / 25

4.6 Backup your keys and certificate Important : Backup your certificate file somewhere in case of failure of the server 1. In Internet Explorer; click on Tools and select Internet Options 2. Select the Content tab and click on Certificates Associated Dexia Technology Services Page: 18 / 25

3. Select your certificate and click on Export 4. In the Export Wizard screen, click Next. Associated Dexia Technology Services Page: 19 / 25

5. In the next screen, select Yes to export the Private Key and click on Next. 6. In the Certificate Export File Format screen, select Personal Information Exchange - PKCS and check the box Include all certificates. Click Next. Associated Dexia Technology Services Page: 20 / 25

7. Type in a password and click Next. 8. Enter the directory where the certificate is to be stored, name the file, and click Next. Associated Dexia Technology Services Page: 21 / 25

9. Complete the Certificate Manager Export Wizard by clicking on Finish. 10. Click OK to finish the import. Associated Dexia Technology Services Page: 22 / 25

4.7 Import your keys and certificate on another computer 1. Double-click on your certificate file and the Certificate Import Wizard starts. Click Next 2. Check the file location and click Next Associated Dexia Technology Services Page: 23 / 25

3. Type in a password and click Next 4. Complete the Certificate Manager Import Wizard by clicking on Finish. Associated Dexia Technology Services Page: 24 / 25

5. Click OK to finish the import. 5 Renewal Procedure Before the expiration of your certificate (30 days), you will receive an e-mail to invite you to renew your certificate. To achieve this procedure, please follow the steps described in the chapter 4 Registration procedure. Associated Dexia Technology Services Page: 25 / 25