T-TSUP-AP-002 Installing Digital Certificates Using XP v1.0.doc. 2. © Trustis
Limited 2010. Windows XP Operating System by default contains Microsoft
Internet.
Installing Digital Certificates Using Microsoft Windows XP and MSIE 6
T-TSUP-AP-002
Copyright © Trustis Limited 2010. All rights reserved.
Trustis Limited Building 273 New Greenham Park Greenham Common Thatcham RG19 6HN E:
[email protected] W: www.trustis.com Registered in England No: 03613613
Windows XP Operating System by default contains Microsoft Internet Explorer 6 (MSIE6). MSIE6 has since been superseded by MSIE7 and MSIE8. If you have Windows XP with either of these later browsers, please refer to the relevant sections contained in either the Windows Vista document (for MSIE7) https://hmrcset.trustis.com/support/vista.pdf or Windows 7 document (for MSIE8) https://hmrcset.trustis.com/support/win7.pdf
This document highlights the settings which need to be made before enrolling for a digital certificate. Users should follow the steps in this document to prepare the system for generating cryptographic keys and submitting certificate requests. The following sections provide steps for performing configuration changes to the user’s system. Also included is a description of the messages that a windows XP user may see during certificate enrolment.1 I. Root & Intermediate CA installation II. Configuration of MSIE6 III. Enrolment/Renewal process
I. Root & Intermediate CA Installation FPS Root and FPS IA Prior to enrolment or renewal, a Windows XP user should download and install the Root and Intermediate CA certificates. 1. Navigate to the URL provided by the Registration Authority (RA) to download the CA file. 2. After Download, right-click the CA file (this will most likely be in a format) and select Install Certificate. 3. Follow the instructions in the Certificate Import Wizard; it is recommend that default options are used whenever available. 4. Be sure to accept the importation of the certificates if prompted by the system by clicking Yes or OK as required. 5. Confirm installation of the certificates by opening MSIE6 and selecting Tools -> Internet Options -> Content tab -> Certificates. The CA certificates should be installed in the Trusted Root Certification Authorities and Intermediate Certification Authorities tabs as appropriate. 2 1
The information contained in this document is based on details provided in the “RSA Certificate Manager6.7 build417 Readme” documentation. 2 The Registration Authority can provide the names of the CA certificates that should appear. T-TSUP-AP-002 Installing Digital Certificates Using XP v1.0.doc © Trustis Limited 2010
2
II. Configuration of MSIE6 Before requesting/renewing and installing a certificate, the user must make the following changes to the MSIE6 Browser Settings: 1.
From within the MSIE6 Tools menu, click Internet Options.
2.
Click the Security tab in the window that opens.
T-TSUP-AP-002 Installing Digital Certificates Using XP v1.0.doc © Trustis Limited 2010
3
3.
Click Trusted Sites.
4.
Click Sites and add:
http://getset.trustis.com, https://getset.trustis.com, http://hmrcset.trustis.com and https://hmrcset.trustis.com to the list of trusted sites. Do not tick the ‘Require server verification (https:) for all sites in this zone’ checkbox.
T-TSUP-AP-002 Installing Digital Certificates Using XP v1.0.doc © Trustis Limited 2010
4
5.
Click Custom Level – a new window opens
6. Ensure the security level drop-down menu for the trusted zone is set to Medium-low or less.
T-TSUP-AP-002 Installing Digital Certificates Using XP v1.0.doc © Trustis Limited 2010
5
7. Locate the setting for Script ActiveX controls not marked safe for scripting and change to Prompt.
III. Enrolment/Renewal Process After downloading the CA certificates and configuring the browser, the user may see the following prompts or informational messages during enrolment/renewal. Windows XP Behaviour
Required User Action
Result
When Requesting a certificate, Click Yes a warning is displayed that an ActiveX control might be unsafe and asking if the user wants the control to run.
The certificate request is sent to the CA.
When installing the certificate, Click Yes a warning is displayed that an ActiveX control might be unsafe and asking if the user wants the control to run.
The certificate is installed.
After certificate enrolment/renewal and installation is complete, it is recommended the user restore browser and UAC settings to the original values. T-TSUP-AP-002 Installing Digital Certificates Using XP v1.0.doc © Trustis Limited 2010
6
