Instructions for installing and using electronic signature certificates Version 1.0
MICROSOFT PRODUCTS INSTALLATION AND USE... 3 1. HOW TO INSTALL THE INFONOTARY CERTIFICATION CHAIN... 3 1.1. Microsoft Internet Explorer... 3 1.2. Microsoft Outlook... 7 2. MICROSOFT OUTLOOK USER PROFILE SETTINGS... 7 MOZILLA PRODUCTS INSTALLATION AND USE... 11 1. HOW TO INSTALL THE INFONOTARY CERTIFICATION CHAIN... 11 1.1. Installation in Mozilla Firefox... 11 1.2. Installation in Mozilla Thunderbird... 15 2. INSTALLATION OF THE HARDWARE ENCRYPTION MODULE... 15 2.1. Installation in Mozilla Firefox... 16 2.2. Installation in Mozilla Thunderbird... 19 3. HOW TO SET UP YOUR USER PROFILE IN MOZILLA THUNDERBIRD... 20 Стр. 2 от 21
Microsoft products installation and use 1. How to install the InfoNotary Certification chain Before you can use your electronic signature certificate, you must install the InfoNotary root certificates. You can locate the Certification chain either from the directory certificates by inserting the installation disk or on the following web address: http://www.infonotary.com/site/files/inotarycertchain.p12 1.1. Microsoft Internet Explorer Microsoft Windows is software operating system that applies central depository for secure storage and rapid retrieval of electronic signature certificates (digital certificates). All programs using encryption techniques do have access to this central depository. The certificate installation is performed for the current Windows user. If two or more users work with one system, then the installation must be performed individually for every user. To install the InfoNotary root certificates for an active MS Windows user, follow these steps: Open the file INotaryCertChain.p12 from the installation disk or log in our web site and open the URL http://www.infonotary.com/site/files/inotarycertchain.p12. A program for certificate installation is started; the screen that is displayed is similar to the one shown on the next page. Стр. 3 от 21
Click the Next button to continue. Click the Next button again. Стр. 4 от 21
Leave the field Password blank and select Next. Leave by default the ticked off option for automatic selection of the depository for storage on the basis of the specific type of the certificate and just click on the Next button. The program will install automatically all certificates from the chain and will ask you for confirmation only for the root certificates: Стр. 5 от 21
The thumbprints (that are the encryption control sums) displayed in these dialog boxes could be compared with the ones posted on the InfoNotary web page: To complete the installation process, select Finish. Стр. 6 от 21
Note: The installation of your certificate in the Microsoft Windows depository is automatically triggered once you insert the smart card into the reader so you do not need to install it manually. 1.2. Microsoft Outlook Microsoft Outlook uses the standard Microsoft Windows depository for certificates. If you have finished successfully the operations described step by step in item 1. Microsoft Internet Explorer, then there is nothing else you must do; otherwise now is the time to complete them. 2. Microsoft Outlook user profile settings To be able to sign your outgoing emails, you must first assign your user profile (account) to your electronic signature certificate, written on the smart card. Here is how: Start the Microsoft Outlook. From menu Tools select Options, then the Security tab and click on the Settings button. Стр. 7 от 21
In the field Security Settings Name type your e mail address Click on the Choose button and select the certificate type with which you want to sign your correspondence. Confirm with OK. If you tick off the Add digital signature to outgoing messages check box, every message you send would be signed automatically with the certificate chosen by you. Стр. 8 от 21
Furthermore, you could apply exactly the same certificate to decrypt the messages sent to you. Keep in mind that not all certificates could be used for encryption and decryption. It depends on the type of your certificate. You can not only set up the application to automatically sign your messages but choose to do it manually on a case by case basis. If you want to create a new message but you have not selected in the Settings the default option for sending a signed certificate, every time you will have to add your electronic signature to the certain message. Here is how: You must be in create new message regime (button New). From the tool bar or from the drop down menu View select Options. Click on the Security Settings button. Стр. 9 от 21
Select the Add digital signature to this message check box and confirm with ОК. Every time you are sending a signed message you need to make sure that your smart card is inserted in the reader. The system will ask for your smart card PIN code. Note: The settings for Microsoft Outlook Express are analogous to the ones described above. The only difference is that you select your certificate type by following another step sequence: Tools Accounts tab Mail Properties Security. Стр. 10 от 21
Mozilla products installation and use Before you can use your electronic signature certificate, you must install the InfoNotary root certificates. You can locate the Certification chain either from the directory certificates by inserting the installation disk or on the following web address: http://www.infonotary.com/site/files/inotarycertchain.p12 1. How to install the InfoNotary Certification chain The Mozilla products working under Windows do not apply the system central depository for secure storage and rapid retrieval of electronic signature certificates. Every software application uses its own depository. Therefore, in any particular case the InfoNotary Certification chain must be installed individually for the specific Mozilla product you use. Get a copy of the file INotaryCertChain.p12 from the installation disk or from our web page. 1.1. Installation in Mozilla Firefox Start the browser Mozilla Firefox. From menu Tools select Options. Стр. 11 от 21
Select tab Advanced and then sub tab Security, as it is shown on the picture; click on the View Certificates button. From this point on the installation process is analogous and for Mozilla Thunderbird. Click on the Import button and indicate the path to the installation file of the certification chain INotaryCertChain.p12 Leave the field Password blank and confirm with OK. displayed: If the certificate chain is successfully completed, the following message will be You could see the newly installed certificates from tab Authorities : Стр. 12 от 21
In the Mozilla software applications for every certificate from a Certification Authority (CA), the user must also select level of trust. To do so, you need to define first the certificate and then to click on the Edit button. Now follow these steps: For the certificate i Notary TrustPath Validated E mail CA tick off the check box This certificate can identify mail users. For the certificate i Notary Personal Q Sign CA select the option This certificate can identify mail users. Стр. 13 от 21
For the certificate i Notary Company Q Sign CA select the option This certificate can identify mail users. For the certificate i Notary TrustPath Validated Domain CA select This certificate can identify web sites. Стр. 14 от 21
1.2. Installation in Mozilla Thunderbird Options. Start the mail client Mozilla Thunderbird. From the menu Tools select section Click on the Privacy tab to open the window and then select the sub tab Security as it is shown on the picture; select the View Certificates button. From this point on, the installation process in Thunderbird is analogous to the one in Firefox. Please, refer to the previous item 1.1. Installation in Mozilla Firefox 2. Installation of the hardware encryption module To use your electronic signature certificates in the Mozilla based applications such as Firefox, Thunderbird, etc., you must register encryption PKCS#11 module corresponding to Стр. 15 от 21
your smart card. In order to set about the registration process, first it is necessary to install a driver for the card. 2.1. Installation in Mozilla Firefox Start Mozilla Firefox. From menu Tools select Options. Now select tab Advanced sub tab Security, as it is shown on the picture and click on the Security Devices tab. Стр. 16 от 21
To add a new device, select the Load button. Change the name of the module (Module Name) as you like. Select PKCS#11 library corresponding to your smart card. For Siemens this is the file WINDOWS\system32\siecap11.dll Стр. 17 от 21
displayed: If you have selected the right module, a dialog box similar to the one below would be Now select ОК to confirm the operation. After you complete the process and conform it with the OK button, your smart card will be visible in the accessible devices list. Стр. 18 от 21
2.2. Installation in Mozilla Thunderbird Start Thunderbird and from the menu Tools select Options. Select tab Privacy, then sub tab Security, as it is shown on the picture and click on the Security Devices button. From this point on, the installation process in Thunderbird is analogous to the one in Firefox. Please, refer to the previous item 2.1. Инсталация в Mozilla Firefox. Стр. 19 от 21
3. Mozilla Thunderbird user profile settings To be able to sign your outgoing emails, you must first assign your user profile (account) to your electronic signature certificate, written on the smart card. Here is how: Select menu Tools Account Settings Security, as it is shown: Now click on the Select button from the column Digital Signing. A Select Certificate screen is displayed: Стр. 20 от 21
Select the certificate you want to use from the smart card and confirm with OK. If the option Digitally sign messages (by default) is checked, every message you send will be automatically signed with the certificate you have selected. Thunderbird will offer you to apply exactly the same certificate to decrypt the messages sent to you. In case you decline to do so, you could assign a certificate for email decryption from button Select in the column Encryption. Keep in mind that not all certificates could be used for encryption and decryption. It depends on the type of your certificate. Стр. 21 от 21