Requesting Certificates in Internet Explorer

Certificate Request in Thawte

Before you can request a personal certificate in Thawte, you have to first create an account. To create an account in Thawte:

  1. Follow url: https://www.thawte.com/cgi/enroll/personal/step1.exe
  2. Click Next.
  3. Select Charset and Fill in the Form.
  4. Click Next.
  5. Fill in your ID and email address (e.g. [email protected])
  6. Click Next.
  7. Enter a password two times.
  8. Click Next.
  9. Enter Phone Number.
  10. Answer 5 Questions.
  11. Click Next.
  12. Confirm your Information.
  13. Click Next.
  14. Wait for the Email from Thawte.
  15. Click on url in the confirmation email.
  16. Enter the Probe and Ping Information from the Email.
  17. Click Next.
  18. The Account Setup is completed.
  19. Click Next.

To request for Personal Digital Certificate(s) from Thawte:

  1. Follow the Link https://www.thawte.com/cgi/personal/cert/contents.exe using your Internet Explorer web browser.
  2. When prompted for a username and password, input your e-mail and password that you have registered from the steps above.
  3. Click "request a certificate". (Figure 1).


    Figure 1: Click "request a certificate"

  4. Click "request" (Figure 2).  


    Figure 2: Click the "request" button

  5. A pop-up box should appear (Figure 3 ). Since you are in Internet Explorer, choose "Microsoft Internet Explorer, Outlook and Outlook Express". You can also request a certificate for "Lotus Notes R5" if you have installed Lotus Notes.


    Figure 3: Choose the appropriate certificate and Click "request"

  6. Click "request" and then click "next" on the "configure certificate name" page.
  7. The "configure email addresses for certificate" page will appear. Choose the e-mail in which you would like to include in your certificate and then click next
  8. Click "next" on the "configure extranet capabilities for certificate" page, and then click "accept" on the "configure X.509v3 certificate extensions" page.
  9. On the "generate certificate public key" page, select "Advanced Card Systems CSP vX.x" in the drop-down box (Figure 4). If the said selection is not in the list, make sure that you have successfully installed the ACOS5 SDK or the CryptoMate Client Kit.


    Figure 4: Choose "Advanced Card Systems CSP vX.x"

  10. If a Smart Card Selection Dialog UI appears (Figure 5) with a status text of "The card is being shared by another process." Then make sure to close Firefox, Thunderbird and/or Admin Tool. Do this to all applications that has access to the card/token until the status text becomes "The card is available for use." (Figure 6). Then Click OK on the Smart Card Selection Dialog. If no Smart Card Selection Dialog UI pops up you may skip this step and follow the next step.


    Figure 5: There is an application sharing the device


    Figure 6: The card/token can now be use

  11. The ACS' CSP PIN Dialog UI will pop-up (Figure 7). Input the PIN then click "OK".


    Figure 7: ACS' CSP PIN Dialog Box

  12. Wait while the device generates the keys for you. If the operation was successful, a "confirm certificate request" page will be shown. Click the "finish" button on the bottom of this page. A "personal certificate requested" page will pop-up.
  13. Wait for an e-mail confirming how and where to pick-up the certificate. Usually the Subject of this e-mail is "Thawte Personal Cert Issued".
  14. If the confirmation e-mail does not arrive in 2 hours, then go to the Alternative way of picking up your certificate.
  15. Once the e-mail has arrived follow the link given in the e-mail.
  16. Click on Install Your Cert. If a Smart Card Selection Dialog UI pops-up, follow Step 10.
  17. If a Message Box with the title "Certificate Installation Complete" pops-up, Click OK.
  18. To see the Installed certificate in the smart card, go to Certificate Verification via Admin Tool.

Alternative Way of picking up your certificate

  1. If the E-mail confirmation from Thawte does not arrive within 2 hours, follow this link: https://www.thawte.com/cgi/personal/cert/status.exe


    Figure 8: Check the status of your requested cert

  2. Click the "MSIE" link. You will now see a Certificate Summary page. At the bottom of the page click the "fetch" button and follow the instructions in the "install your MSIE certificate" page.
  3. Click Install Your Cert button.
  4. Click Yes to allow the cert to be installed.
  5. Click Yes again.
  6. Your Certificate is now installed.
  7. Click OK.
  8. To see the Installed certificate in the smart card, go to Certificate Verification via Admin Tool.

 

Certificate Request in VeriSign

To request certificate in VerSign using Internet Explorer, you can follow the steps below:

  1. Go to https://digitalid.verisign.com/client/class1MS.htm
  2. Fill out your First Name, Last Name, E-mail Address and Challenge Phrase.
  3. You can either choose to buy or request a free certificate (Figure 9).


    Figure 9: Choose between a Free or a Full-Service Certificate

  4. Depending on the choice you filled out in Step 3, you can specify the Billing Information for full-service certificates. On the other hand, if you chose to request a free certificate, then you can skip the Billing Information section and go through the "Select Cryptographic Service" section (see Next Step).
  5. Choose "Advanced Card Systems CSP vX.x" in the drop-down box (Figure 10). If you cannot see the "Advanced Card Systems CSP vX.x" make sure you have properly installed the ACOS5 SDK/CryptoMate Client Kit.


    Figure 10: Choose ACS' CSP in the drop down box.

  6. Click the "Accept" button at the bottom of the page.
  7. If a Smart Card Selection Dialog UI appears (Figure 5) with a status text of "The card is being shared by another process.", make sure to close Firefox, Thunderbird and/or Admin Tool, do this to all applications that has access to the card/token until the status text becomes "The card is available for use." (Figure 6). Then Click OK on the Smart Card Selection Dialog. If no Smart Card Selection Dialog UI pops up you can skip this step and follow the next step.
  8. The ACS' CSP PIN Dialog UI will pop-up (Figure 7). Type in the PIN and click "OK".
  9. If the key generation process is successful, you will see a confirmation page for the next instruction (Figure 11). If the page is not the one below, then go back to the previous page and make sure you have filled out all the required fields.


    Figure 11: Next step in Verisign Certificate Request.

  10. A confirmation e-mail will be sent to the e-mail address you provided in Step 2. Wait for the E-Mail confirmation from VeriSign.
  11. Follow the steps that are described in the e-mail confirmation from VeriSign.
  12. You should now be in the "VeriSign's secure Digital ID Center" web page (Figure 12).


    Figure 12: Verisign Digital Certificate Pick-up Center.

  13. Copy the Digital ID PIN from the confirmation e-mail and paste it in the provided textbox found in the web page.
  14. Click the "Submit" button. You should now be able to see an "Install Digital ID" page. Click the "INSTALL" button at the bottom of the page.
  15. If a Smart Card Selection Dialog UI pops-up, follow Step 7.
  16. When prompted for a PIN. Enter the card/token's PIN in the PIN Dialog Box.
  17. If the Certificate Installation is successful, you will be transferred to a "Certificate Installation and Registration Page". (Figure 13).


    Figure 13: Verisign Certificate Installation and Registration Page.

  18. To view the Installed certificate in the smart card/token, go to Certificate Verification via Admin Tool. 

Certificate Request in Comodo

To request certificate in Comodo using Internet Explorer, you can follow the steps below:

  1. Go to http://www.comodo.com/products/certificate_services/index.html . Scroll down to the bottom and click "Enroll for your Free Secure . . ." (Figure 14).


    Figure 14: Click the link "Enroll for your Free Secure . . ."

  2. Fill out the form in "Application for Secure Email Certificate". Fill-in your First Name, Last Name, E-mail address and country. The Revocation Password is also required so fill-out the Revocation password (Figure 15).
  3. Click "Advanced Private Key Options...", choose "Advanced Card Systems CSP vX.x" in the CSP drop-down box . If you cannot see the "Advanced Card Systems CSP vX.x" then make sure you have properly installed the ACOS5 SDK/CryptoMate Client Kit. Uncheck the "Exportable?" check box.


    Figure 15:  Fill out all the fields.

  4. If a Smart Card Selection Dialog UI appears (Figure 5) with a status text of "The card is being shared by another process.", make sure to close Firefox, Thunderbird and/or Admin Tool, do this to all applications that has access to the card/token until the status text becomes "The card is available for use." (Figure 6). Click OK on the Smart Card Selection Dialog. If no Smart Card Selection Dialog UI pops up you can skip this step and follow the next step.
  5. Click the "Agree & Continue" button at the bottom of the page.
  6. You will be instructed to wait for a confirmation e-mail, this confirmation e-mail will be sent to the address you have filled-out above.
  7. The confirmation e-mail can contain images and other data (Figure 16). Follow the instruction in the confirmation e-mail. If your default browser is Firefox, then you should just copy the link (bellow the red button) and paste it in Internet Explorer.


    Figure 16: Comodo Confirmation e-mail.

  8. In the "Collection of Secure Email Certificate" page, enter your E-mail address and Collection Password. The Collection Password is included in the confirmation e-mail that was sent to you by Comodo.
  9. Click the "Submit & Continue" button.
  10. If a Smart Card Selection Dialog UI pops-up, follow Step 4.
  11. Enter the Card/Token PIN when prompted.
  12. If you are prompted to Install a Certificate Authority Certificate (Figure 17), click "Yes". This CA certificate is needed for windows to properly view the requested certificate(s) from comodo.


    Figure 17: Select Yes when asked to Install a Certificate Authority Certificate.

  13. A web page will show regarding the status of the certificate installation.
  14. To view the Installed certificate in the smart card/token, go to Certificate Verification via Admin Tool. 

 

Certificate Request in MS Active Directory Certificate Service

ACOS5 can be used to login to a domain server. You will need an Active X and CSP-enabled browser (Internet Explorer 6.0+ recommended) to enroll a certificate.

To be able to use your token/card for smart card-based PC logon, first configure your computer to be connected on a particular domain (your company domain for example). This domain server should also be configured to issue certificates. There are many sources in the internet for configuring your Active Directory Certificate Service, so it will no longer be discussed here.

First, let's configure your computer for smart card logon. Follow this link to configure your PC to be able to see the domain server. If the previous link is not similar to your network set-up then you can ask your Network Administrator for some help.

Example below shows how to enroll a certificate in ACSDomain.acs.com.hk. Typically, certificate enrollment is done by an authorized personnel in-charge of implementing smart card logon within the domain (e.g. IT managers, Network Admin, etc.). An enrollment PC with authorized access must be used to enroll certificates on behalf of the members of the domain.

After you have successfully configured a computer for domain log-on, then you can follow the steps below for requesting certificates to your domain server:

  1. Go to the Microsoft Certificate Service Page (URL maybe different depending on the configuration of the Network Admin) see Figure 18.


    Figure 18: Microsoft Certificate Service Main Page.

  2. Click on the "Request a certificate" link.
  3. Click the "advanced certificate request" link (Figure 19).


    Figure 19: Click advanced certificate request.

  4. In the Advanced Certificate Request page. You can select which type of certificates you want to request. In this scenario, before you can request any type of certificate, you should first have an enrollment agent certificate (Figure 20).


    Figure 20: Requesting an enrollment agent certificate.

  5. If you already have an enrollment agent certificate then you can skip to this step. If you don't have an enrollment agent yet, then you can fill up the page as shown in Figure 20. Click the Submit button at the bottom of the page.
  6. Wait until the server has responded, if the process is successful, you will be prompted to install your newly generated enrollment agent certificate (Figure 21).


    Figure 21: Install the newly requested certificate.

  7. Click "Install this certificate". Follow the pop-up direction. You will be prompted once your certificate has been successfully installed in your computer.
  8. Once you have successfully requested an enrollment agent, go back to the Advanced Certificate Request page as shown in Figure 22.


    Figure 22: Advanced Certificate Request main page

  9. Select "Request a certificate for a smart card on behalf of another user by using the smart card certificate enrollment station".
  10. In the "Smart Card Certificate Enrollment Station" page, depending on the domain user that you want to enroll, choose the settings as shown below (Figure 23) and then click on the Enroll button. Note that the ACS CSP version might be different depending on the version of the package that you have installed.



    Figure 23: Choose the settings as shown above.

  11. Once a certificate has been successfully generated, you will be prompted to install it to your card/token (Figure 21) . Follow Step 7 to install the newly generated certificate to your card/token.
  12. To view the Installed certificate in the smart card/token, go to Certificate Verification via Admin Tool. 

 

Copyright2009 Advanced Card Systems. All rights reserved.

.