EID/ERESIDENCE CARD MIDDLEWARE Quick Installation Guide This quick installation guide aims to help out users to set up the eid/eresidene Card Middleware software and prepare the computer to use and read the Card Digital Certificates. Written in a concise step-by-step manner, users shall easily understand how to set up and make use of their eid/eresidence card.
Document Control Information 01. Document reference Malta_EIDERES_Card-GDL-Middleware_Installation-v1.0.doc 02. Document type Guide 03. Security Classification Public 04. Synopsis This quick installation guide aims to help out users to set up the eid/eresidence Card Middleware software and prepare the computer to use and read the Card Digital Certificates. Written in a concise step-by-step manner, users shall easily understand how to set up and make use of their eid/eresidence card. 05. Document control Author Change controller Distribution controller Government of Malta Government of Malta Government of Malta 06. Modification history Version Date Comments Version 1.0 05/02/2014 Version 1.0 Page 1
Table of Contents Document Control Information... 1 Table of Contents... 2 Table of Figures... 3 System Requirements... 5 Assumptions... 5 Compatibility and Versions... 5 Installing Classic Client v6.4... 6 Installing the Gemalto Card Reader Drivers... 10 Importing Card Certificates in the Certificate Store... 13 Export the Root Certificate... 14 Export the Intermediate Certificate... 15 Export the Authentication Certificate... 17 Export the Signing Certificate... 18 Using the Card for Authentication... 20 Page 2
Table of Figures Figure 1: Installation Welcome Screen... 6 Figure 2: License Agreement... 7 Figure 3: Destination Folder Screen... 7 Figure 4: Installation Progress... 8 Figure 5: Installation Completion Screen... 8 Figure 6: Reboot Computer Dialog... 9 Figure 7: Installation Welcome Screen... 10 Figure 8: License Agreement... 11 Figure 9: Installation Progress... 11 Figure 10: Installation Completion Screen... 12 Figure 11: Gemalto Classic Client Toolbox... 13 Figure 12: Card Contents Certificates... 14 Figure 13: Export to IE Store - Trusted Root... 14 Figure 14: Successful export of Trusted Root Certificate... 15 Figure 15: Card Contents - Certificates... 15 Figure 16: Export to IE Store Intermediate... 16 Figure 17: Successful Export of Intermediate Certificate... 16 Figure 18: Card Contents Certificates... 17 Figure 19: Export to IE store Personal... 17 Figure 20: Successful Export of Authentication Certificate... 18 Figure 21: Card Contents - Certificates... 18 Figure 22: Export to IE store Personal... 19 Figure 23: Successful Export of Signing Certificate... 19 Figure 25: Windows Security Select a Certificate... 20 Figure 24: Authentication... 20 Figure 26 : Select Certificate... 21 Page 3
Figure 27: Authentication PIN Code... 21 Figure 28: Certificate Information... 22 Page 4
System Requirements Assumptions In order to install successfully the Classic Client v6.4, this guide assumes that: 1. For any computer on which Classic Client v6.4 will be installed, the user installing the software has administrator privileges on that computer; 2. The workstation meets the normal system requirements to run its version of Microsoft Windows; 3. The Classic Client Toolbox is best viewed with a screen resolution of 90 dpi. Using a different resolution does not affect performance, but the appearance of the toolbox may not be perfect; 4. The computer has either an available USB Port or PCMCIA Port unless the computer has an embedded smart card reader. Compatibility and Versions 1. Classic Client v6.4 comes in two versions, one for 64 bit operating systems and one for 32 bit operating systems (OS). It is essential that the user installs the correct version; 2. It is highly recommended that your machine has a RAM at least equal to that normally recommended for the OS; 3. The.NET Framework version 2.0 or later must be already installed on the computer. Page 5
Installing Classic Client v6.4 Follow the below steps in order to install the Classic Client v6.4: 1. Download the Classic Client v6.4 from the location indicated by the Identity Management Office. [Skip this step if you have been provided with a CD ROM]; 2. If the Identity Management Office has provided an installation CD-ROM [Skip this step if you have downloaded the installation file]: a. Insert the CD-ROM into the CD-ROM reader of your computer; b. If your computer is configured to auto run a CD, the installation wizard will start automatically and skip to step 3. If the installation wizard does not start automatically navigate to the location of the installation file on the CD and double click on the Classic_Client_6.4_User_setup_##.msi file (where ## is either 32 or 64 depending on the version being installed); 3. Note for the subsequent steps: If the computer is running on Microsoft Windows Vista / 7 / 8 / 8.1 / Server 2008 or Server 2008 R2 with User Access Control activated, a warning may show stating An unidentified program wants access to your computer. Choose Allow whenever you are shown such message; 4. When the Welcome dialog box appears, click Next to continue; Figure 1: Installation Welcome Screen Page 6
5. Read the Gemalto License Agreement. Accept the terms if you wish to continue by choosing I accept the terms in the license agreement... button and then click Next ; Figure 2: License Agreement 6. In destination folder screen either click Next to accept the proposed default (recommended) or use the Change function to choose another location and then click Next ; Figure 3: Destination Folder Screen Page 7
7. On the next screen click Install to start the installation. A window displays a progress bar during the installation; Figure 4: Installation Progress 8. In the Installation completion screen, click Finish to complete the installation; Figure 5: Installation Completion Screen Page 8
9. The Classic Client InstallShield Wizard displays the Reboot Dialog. Click Yes to restart the computer immediately or No to restart your computer later. After the restart Classic Client would be installed on the computer and would be available for use. Figure 6: Reboot Computer Dialog Page 9
Installing the Gemalto Card Reader Drivers Follow the below steps in order to install the Gemalto card reader drivers: 1. Download the card reader driver from the location indicated by the Identity Management Office. [Skip this step if you have been provided with a CD ROM]; 2. If the Identity Management Office has provided an installation CD-ROM [Skip this step if you have downloaded the installation file]: a. Insert the CD-ROM into the CD-ROM reader of your computer; b. If your computer is configured to auto run a CD, the installation wizard will start automatically and skip to step 3. If the installation wizard does not start automatically navigate to the location of the installation file on the CD and double click on the GemPcCCID_en-us_## file (where ## is either 32 or 64 depending on the version being installed); 3. Note for the subsequent steps: If the computer is running on Microsoft Windows Vista / 7 / 8 / 8.1 / Server 2008 or Server 2008 R2 with User Access Control activated, a warning may show stating An unidentified program wants access to your computer. Choose Allow whenever you are shown such message; 4. When the Welcome dialog box appears, click Next to continue; Figure 7: Installation Welcome Screen Page 10
5. Read the Gemalto License Agreement. Accept the terms if you wish to continue by choosing I accept the terms in the license agreement... button and then click Next ; Figure 8: License Agreement 6. On the next screen click Install to start the installation. A window displays a progress bar during the installation; Figure 9: Installation Progress Page 11
7. In the Installation completion screen, click Finish to complete the installation. Figure 10: Installation Completion Screen Page 12
Importing Card Certificates in the Certificate Store 1. Insert the Card in the card reader; 2. Open the Gemalto Classic Client Toolbox; Figure 11: Gemalto Classic Client Toolbox Page 13
Export the Root Certificate 1. Click on Certificates within the Card Contents Section, then click ROOT, and click on the Export button; Figure 12: Card Contents Certificates 2. Select Export to IE store ; select Trusted Root Certification Authorities within the dropdown list and click on the Export button; Figure 13: Export to IE Store - Trusted Root Page 14
3. Click OK to complete the export of the Trusted Root Certificate. Figure 14: Successful export of Trusted Root Certificate Export the Intermediate Certificate 1. Click on Certificates within the Card Contents Section, then click LVL1, and click on the Export button; Figure 15: Card Contents - Certificates Page 15
2. Select Export to IE store ; select Intermediate Certification Authorities within the dropdown list and click on the Export button; Figure 16: Export to IE Store Intermediate 3. Click OK to complete the export of the Intermediate Certificate. Figure 17: Successful Export of Intermediate Certificate Page 16
Export the Authentication Certificate 1. Click on Certificates within the Card Contents Section, then click Auth ##, where ## is your name and surname; and click on the Export button; Figure 18: Card Contents Certificates 2. Select Export to IE store ; select Personal within the dropdown list and click on the Export button; Figure 19: Export to IE store Personal Page 17
4. Click OK to complete the export of the Authentication Certificate. Figure 20: Successful Export of Authentication Certificate Export the Signing Certificate 1. Click on Certificates within the Card Contents section, then click Sign ##, where ## is your name and surname; and click on the Export button; Figure 21: Card Contents - Certificates 2. Select Export to IE store ; select Personal within the dropdown list and click on the Export button; Page 18
Figure 22: Export to IE store Personal 5. Click OK to complete the export of the Signing Certificate. Figure 23: Successful Export of Signing Certificate Page 19
Using the Card for Authentication 1. Following a complete installation, unless you have an embedded Smart Card reader, connect the external Smart Card reader to the computer; 2. Insert the eid Card into the Smart Card Reader; 3. Open your browser and navigate to https://mygov.mt to open the MyGov Portal; 4. Once the portal is loaded, on the left hand side select the option to Login Using eid Card Digital Certificate as shown in the figure on the right; 5. A popup, as shown on the below, should appear to load the Digital Certificates; Figure 24: Authentication Figure 25: Windows Security Select a Certificate Page 20
6. Select the Authentication Certificate. Choose the certificate and click OK ; Figure 26 : Select Certificate 7. Enter the Authentication PIN Code and click the OK button; Figure 27: Authentication PIN Code Page 21
8. The certificate information will be loaded underneath the authentication section. Input the e- ID Number and Password and click Sign In to log into the portal. After logging in the user shall have a Smart Card icon in the middle of the header indicating that the log through Card was successful. Figure 28: Certificate Information Page 22