EPKI User Manual
Contents
1. Administrator certificate registration is complete You will then receive an email confirming that your Digital Certificate is ready to be picked up Click on the Certificate pick up URL in order to start installing your certificate Message Adobe POF a 9 FR 3 9 Rules F gt Ignore Meeting 3 FR stephanie g To Manager Rules 5 vw ae JA Find Q 33 Team E mail Reply amp Delete 5 OneNote 3 Related Junk Delete Reply Reply Forward B More Ry Move Mark Follow Translate Zoom All y Create New M jAdions Unread Up Select Delete Respond Quick Steps Move Tags Editing Zoom Extra line breaks in this message were removed From support amp globalsign com Sent Fri14 06 2013 14 40 1 To subject ENROLLMENT FOR INVITE MPS2013061417930 9140 StephGallet HOW TO PICK UP amp INSTALL YOUR CERTIFICATE You must complete this process on the machine from which you intend to use the Certificate bi PersonalSign Users Windows 2000 amp XP Users We recommend you use the Internet Explorer browser Windows Vista Users We recommend you use the FireFox browser otherwise additional modification to your security settings will need to be made to use Internet Explorer Please consult the GlobalSign support pages http www globalsign com support index php for special instructions on how to enroll using the Internet Explore2. service GlobalSign also provides technical support through our Client Service departments around the world www globalsign com support GlobalSign urges EPKI Administrators to browse the GlobalSign support pages for Product specific guidance ranging from End user guides to FAQs If you can t find the answer to your questions please open a Support ticket www globalsign com help GLOBALSIGN CONTACT INFORMATION GlobalSign Americas Tel 1 877 775 4562 www globalsign com sales us globalsign com GlobalSign FR Tel 33 1 82 88 01 24 www globalsign fr GlobalSign EU Tel 32 16 891900 www globalsign eu sales globalsign com GlobalSign DE Tel 49 30 8878 9310 www globalsign de GlobalSign UK Tel 44 1622 766766 www globalsign co uk sales globalsign com GlobalSign NL Tel 31 20 8908021 www globalsign nl ventes globalsign com verkauf globalsign com verkoop globalsign com 37
3. authentication user guide pdf ESTABLISHING A PRE VETTED CERTIFICATE PROFILE Certificate Profiles will be the content of the Digital Certificate as seen by anyone viewing and relying on the certificate so it is important to ensure the Profile is accurate and representative of the holder of the certificate You can create multiple profiles should you have multiple offices or multiple parent subsidiary companies that you require certificates for through a single account The EPKI Managed Service offers you the ability to use pre vetted identity profiles Your company identity and your authorization to issue digital certificates using the requested organization details will be vetted and verified by third party independent checks performed by GlobalSign Once the verification is completed Administrators may then purchase certificate license packs against approved certificate profiles without having to go through the usual individual validation process when you buy a certificate outside the EPKI platform Your initial Certificate Profile is established using the Profile Configuration link displayed at initial login MY PROFILES Profile Configuration Order Additional Profiles Approve Pending Profiles Search Profiles Subsequent Profiles can be added after the initial Profile has been approved by clicking the Order Additional Profiles link under the My Profiles section in the left panel menu gt Confirm Details Cert
4. Specify an Additional Technical Contact View All Sent Emails If you are applying on behalf of someone else you may specify an additional Technical Contact View Emails to Porta The Technical Contact is typically the person who is responsible for the application process and collection of the issued Certificate Users Click the Enter Technical Contact Details link to create the additional contact Configure LDIF If you are applying for yourself you do not need an additional Technical Contact 50 please click Next For PersonalSign 3 Pro applications the issued certificate will not be sentto the Technical Contact RESOURCES sPKiAdmin ufh Guide Technical Contact Information Administrator Guide Provide payment by either credit card or Purchase Order pre arranged with your GlobalSign Account Representative Select Payment in arrears and supply a Purchase Order number if paying by Purchase Order Otherwise supply your credit card details as prompted Please note you may not order certificates until confirmation of the PO has taken place ePKI Home license m MY CERTIFICATES View Admin Menu Options MY LICENSES PD Select Product gt Payment Confirm Details Search License Orders Payment Approve Pen Licens Payment Details MY PROFILES Profile Configuration Purchase Order Number Order Additional Profiles Approve Pending Profiles Payment Method Payment
5. CODE SIGN SONALSI MANAGED SSL ING PERSONALSIGN SIGNING for ADOBE CDS ePKI Home Certificate Password For further instructions see ePKI Authentication user guide http Awww globalsign com supporvordering guides epki authentication user guide pdf You will have to create a password for your EPKI Administrator certificate called the Pick up password This password must be a minimum of 12 alphanumeric characters It is important to remember this password You will need it to install the certificate into your computer s certificate store Then click the Next button ACCOUNT amp FINANCE 8 SSLCERTIFICATES 8 MANAGEDSSL E CQOE SIGNING PERSONALSIGN p ePKI Home Certificate Password MY CERTIFICATES View Admin Menu For further instructions see ePKI Authentication user guide Options http www globalsign com support ordering guides epki authentication user guide pdf MY LICENSES Please create a certificate password You will be required to enter this password to install your certificate file into your browser Order Licenses Next you will receive an email with a link to pick up your certificate which will require you to use this certificate password Search License Orders Approve Pending Licenses Certificate Password Certificate Password Re enter MY PROFILES Profile Configuration Order Additional Profiles Approve Pending Profiles A message will appear on your screen saying that your
6. 2 Completed Select Profile gt Certificate Identity Details gt Confirm Details Product Details Profile Profile ID BaseDN Organization Organization Unit 9 201306201398 Disabled GMO GlobalSign Ltd Marketing EMEA License Service License Unused number Enterprise PKI Lite For Personal Digital ID 2 year 11 Click Next and complete the certificate identity details for the end user Subscribers Note certain pre vetted fields will be hardcoded 21 Certificate Identity Details Common Name arora Organization Organizational Unit Profile Organizational Unit 512 Option Pickup Password roure Password Generator Pickup Passwor d re enter Secure Optionally the Administrator may select alternative certificate enrollment methods to the default PKCS7 method where key generation is performed locally via the Subscriber s browser 1 Certificate Signing Request CSR in this case the Subscriber is expected to provide a CSR created either from a different system e g Hardware security Module or outside the browser session used to enroll for the digital certificate This is typically for advanced users 2 P12 PKCS12 in this case GlobalSign will create the public and private key pair centrally and deliver a P12 file including the keys and public certificate the Subscriber will install into their local system via the browser certificate import tool GlobalSign has implemented the f
7. BULK ENROLLMENT For multiple user registration click Order Certificate BULK under the My Certificates menu and then select the Certificate Profile and License you wish to apply the certificate reguests to Click Next to continue Product election 1 Product Details Product Details gt Aa E gt Edit Details gt Confirm Details Product Details Organization Unit Marketing EVEA License Unused number Profile Profile ID BaseDN Organization 0 201306201338 Disabled GMO GiobalSign Ltd License Service Enterprise Lite For Personal Digital ID 2 year 10 You will then be instructed to browse for a Comma Separated Value CSV file typically created in Notepad which includes the records you wish to upload Please note depending upon the Profile selected Organization Unit may or may not be a value supplied in the CSV This is especially true for Organization Unit values that have be pre established as part of a Locked O and OU Profile Item CommonName PickupFassword Explanation Common name Organization Unit 3 Email Address Pickup Password Preparing CSR in the test with HSM etc sets true f PKCS12 sets true No file chosen Limitation Up to 64 alphanumeric characters Up to 64 alphanumeric characters Up to 84 alphanumeric characters Email Address Enter 8 to 64 alphanumeric characters Alternatively enter AUTOGEN for system generated p
8. Where a Portal link one per Profile may be published for open enrollments 2 EPKI Administrator registration Where you as the EPKI Administrator register a user via the GCC EPKI Portal The main difference is that in the End User Initiated Portal Enrollment process end users sets their own pickup password for the enrollment process whereas with the EPKI Administrator registration process the Administrator must ensure that the pickup password is provided securely to the end user USING THE PORTAL LINK The EPKI Managed Service offers the ability for organizations with distributed offices or departments to centralize the Certificate ordering process Administrators have the option of publishing a certificate enrollment page Portal Link Anybody within your organization will then be able to make an application for a Certificate through the account by leveraging the Pre vetted company information The Certificate will not be issued until the EPKI Administrator with Approval privileges logs into the account and approves the application This ensures organizations issue Certificates only to legitimate applicants A unique Portal will be established for each Profile established A separate Portal URL link is provided to support both local and GlobalSign Server key generation that you can find by clicking Portal Configuration under the My Ordering Portal section Select the URL PKCS12 Option to enable the GlobalSign server key generation op
9. erento 20 SINGLE USER REGISTRATION erret tette tette teretes rente 21 24 BULK PROVISIONING PKCS amp 12 cccccscccecsssecesseseesesecsesesecsesecerscassesecsrsecacsrsucarscarsesucarsesaceesecarsesareeeeee 26 CERTIFICATE LIFECYCLE MANAGEMENT REVOCATION REISSUANCE AND CANCELLATION 29 30 31 CONFIGURING LDIF cccsccsecessececseseceesececsesecsesececsesucersucacsesucarsusucsesacarsusassesesarseacansacarsesasansesavensaceesecaraeess 31 GENERATING A LDIF REPORT c ccccccccssecssesseceseceesesecsesecucsesucsesecacssucarsecucsnsacarsecaravsucarssucarsusarsecararsecacees 32 ESTABLISHING OTHER USERS ccccccssecesscseceesecscsececsesecsesecursusacsrsececssecarsusarsesacarsecarsvsesarsearseacersecesens 34 34 REGISTERING ADDITIONAL 5 5 2 4 4 6 tette teret tette eso 34 ADMINISTRATION DELEGATION erret tette tete tnter tette 35 GETTING HEL Pace 40 37 GLOBALSIGN CONTACT INFORMATION erret 37 GETTING STARTED LOGGING INTO YOUR GLOBALSIGN CERTIFICATE CENTER GCC ACCOUNT Once your EPKI Account has been approved you can log into the GlobalSign Certificate Center GCC straight away to start configuring and managing the lifecycle of your PersonalSign and PDF Signing for Adobe CDS Certi
10. in arrears Search Profiles Credit Card CODERS PORTA Credit Card Details amp Billing Address Portal Configuration iOS CERTIFICATES VA d Edit iOS Configuration Enter the First Name or initial and Last Name exactly as written on your Credit Card EMAILS Enter the card holder s Address City Zip Postal Code State and Country as detailed on your Credit Card statement O Manage E mai Templates First Name or Initials Requires View Emai View Emails 10 Portal Last Required sel Card Number Required Card Expiration Date Sequired Review and confirm the details of your order and then for your first ever order you will need to accept the EPKI Service Agreement Note the EPKI Service Agreement binds you to the Local Registration Authority and other obligations as outlined in the GlobalSign Certificate Practice Statements found at http www globalsign com repository Click Next The application is now completed 16 CUSTOMIZING EMAIL TEMPLATES EPKI Administrators may use the standard email templates out of the box or customize the messages for specific organization instructions To customize your email templates select Manage E mail Templates found under the Emails menu CODE SIGNING PERSONALSIGN ACCOUNT amp FINANCE SSL CERTIFICATES bl MANAGED SSL ep ee d ePKI Home Edit Mail Template MY CERTIFICATES View Admin Menu Options The edi
11. Encrypting Fite System Osatied m Crete MS martCard Logon Ossos Enabled Renewal Type Marval Auto Quck mited te en Eratiec vot 2 do ovy tar wt Can ow AP IP Address range P Ares oni y af De tee of AP You can now select the permissions you wish to give to each user providing you have previously added them as a Staff in charge or Manager by clicking the Manage Users link under the Accounts amp Finance tab User Permission User Permission User Permission User User Name Revoke Piace Order Approve Order Coriliceto PAR12694 lubackup Kee ore Ere Sprague ovareopiu Evan wape PAR120G4 mat Mathew PAR12 94 sean33 Sean Rogers sc sta charge staffros Staff No approval Tick off the box next to the User ID that you wish to extend full administrative rights across all profiles established Extended rights allow the User to view approve and revoke certificates initiated by any other User with either Staff or Manager rights for a given PAR account You can now confirm your selection by clicking Next 36 GETTING HELP Although EPKI Administrators are responsible for providing first tier support to end users within their organization every GlobalSign enterprise EPKI customer has a dedicated Account Manager who is on hand to help with any commercial and technical gueries may have about the
12. GlobalSign Enterprise Support GlobalSign Enterprise Solution EPKI Administrator Guide v2 4 0 GlobalSign TABLE OF CONTENTS GETTING 5 4000 3 ESTABLISHING SERVICE eret tette tete reete 3 ADMINISTRATOR USER CERTIFICATE eerte ttti 4 ESTABLISHING A PRE VETTED CERTIFICATE PROFILE eerte tte 8 TYPES OF PRE VETTED IDENTITY PROFILES eerte tette treten tette n ts 9 ADDITIONAL PROFILE SPECIFIC CONFIGURATION OPTIONS eee 12 RENEWAL nan lu us lu 14 PURCHASING CERTIFICATE LICENSE PACKS cccccssecesseseceesecsesececsesecsesececersucarsucacsesucarssacarsacarsecacavsecaraveecers 15 CERTIFICATE TYPE c ccccccsccsecessececsesececsececsesecerssecsesecersucacsesucarsvsucsesacavsucasavsecarssaceesacarssacensesavatsateteecere ama 15 CERTIFICATE 15 CERTIFICATE VALIDITY cerent tte tette tette 15 CUSTOMIZING EMAIL TEMPLATES 17 REQUESTING CERTIFICATES ho ankha roban Ena robar E aAA Enaren renar anaren nns 18 USING THE PORTAL LINK erret teet tette tette trente teretes tenebo so 18 APPROVING REQUESTS tette tnter tette snos 20 REGISTER USERS VIA ADMINISTRATOR
13. JIrGer v erumcate BL Search Certificate Orders Enterprise PKCS 12 Bul PK Lite Registration and Pickup For MPS2012062191 Imme 52316 olobalsign No Your Name Yourt Search PKCS 12 Bulk 94 M uu Personal 556199 Order History Digital ID Approve Pending 5 pack Certificates The following screen will display at confirmation and an email will be sent to the end user with a link to install the digital certificate Note the end user will need the Pick Up Password they established at registration in order to install the certificate Certificate Consent Order Certificate Consent Order Complete REGISTER USERS VIA EPKI ADMINISTRATOR There are three options that the EPKI Administrators can use to invite users to apply for pre approved digital certificates 1 Single New Certificate Order Certificates 2 Multiple New Certificate BULK Order Certificate BULK 3 Multiple New Certificate Registration and Pick up PKCS 12 BULK PKCS 12 Bulk Registration and Pickup 20 These links found under the Certificates menu MY CERTIFICATES Order Certificates Order Certificate BULK Search Certificate Orders PKCS 12 Bulk Registration and Pickup SINGLE USER REGISTRATION For individual registrations click Order Certificates under the My Certificates menu and then select the Certificate Profile and License you wish to apply the certificate request to Product Selection
14. NALSIGN PDF SIGNING for ADOBE CDS ePKI Home License Selection MY CERTIFICATES View Admin Menu Options Enterprise PKI Home MY LICENSES Order Licenses Search License Orders aa Approve Pending Licenses BN S A _ 2 MY PROFILES Profile Configuration Order Additional Profiles Find Orders Configure Profile Manage Portal Edit Email Templates Approve Pending Profiles Search Profiles Order Licenses MY ORDERING PORTAL Portal Configuration z Personal Sign liOS CERTIFICATES Digital IDs for secure email authentication and digital signatures for Microsoft Office Docs O EditiOS Configuration Choose PersonalSign 3 Pro for Digital IDs to access Belgian Government online services EMAILS Manage E mail PDF Signing for Adobe CDS Templates Enable more secure reliable electronic document exchange for digitally signing certifying View All Sent Emails Adobe PDF Documents View Emails to Portal LISAL EPKI ADMINISTRATOR USER CERTIFICATE Once you have set up your Profile and ordered your License pack s you will need to obtain Administrator certificate to gain access to the portal to start issuing and managing your account Once logged into your account click on the Enterprise PKI tab Then click on View Admin Menu Options under the My Certificates menu on the left side of the page ACCOUNT amp FINANCE t SSL CERTIFICATES
15. ON 16 41 GMT 00 00 pplication Ltd 1 Personal l Digital ID 10 Administrators may wish to upload the public certificates associated with their service to directory EPKI provides a method to generate a LDIF Lightweight Directory Access Protocol report for upload to a LDAP directory CONFIGURING LDIF LDIF reports can be formatted by the EPKI Administrator via the Configure LDIF link found under Emails EMAILS Manage E mail Templates View All Sent Emails View Emails to Portal The LDIF message format can be modified by clicking on a variety of substitution variables available in the far right panel To save changes click Next and then Complete Please note the initial LDIF default format has been established by GlobalSign The EPKI Administrator must modify the LDIF Template based on the Profile the LDIF query will run against You can reset the format back to the default values anytime by clicking Reset Message as illustrated below 31 Reset Message LDIF made by GlobalSign GCC Certificate Order Number Common Name Organization Organization Unit ConutryCode State Or Province Locality Email Address Starting certificate validity date Closing certificate validity date o A Hon wv oct Pu amp ficabe Certificate SerialNo ficate Pem Certificate PEM Certificate PKCS7 Memo Message GENERATING A LDIF REPORT LDIF rep
16. Organization Organization Unit MP201306201398 Disabled GlobalSign Ltd Marketing EMEA License Service License Unused number Enterprise PKI Lite For Personal Digital ID 2 year 10 Next 27 3 Browse and Upload CSV formatted based on Profile selection Note the csv file format guidance will be based on the Profile settings associated with the selected profile Please note even if the Profile includes email email will not be included as a field Product Selection 2 Completed gt Product Details gt A File specification gt Edit Details gt Confirm Details File format Bulk Upload provides the capability to pre register multiple Subscribers This is accomplished by uploading file that contains information about the certificate and enrollment method The file must have a Comma Separated Value CSV format based on the Profile selected The following is an example of file content that is properly formatted Be sure to include the first line header as depicted below CommonName OrganizationUnit2 OrganizationUnit3 PickupPassword Kate Jones 907t9ghsa3YZ Jennifer Jones Jennifer Jones Research and Dev 907t9ghsa3YZ George Jones Accounting 907t9ghsa3YZ CSV file No file chosen 4 Review the certificate details pulled from the csv file and make any changes as necessary Again note email is no longer an option Click Next to continue Edit Details CommonName
17. PS2013062118838 REPORTING Subject ENROLLMENT FOR INVITE MPS2013062118838 YourName To your email yourcompany com Date Sent Status 06 21 2013 16 44 GMT 00 00 Sent Administrators can manage the full lifecycle of Digital Certificates issued from their service Locating a particular order certificate is easy Start by clicking on the Search Certificate Orders link found under the My Certificates header Click on Show Advanced Search and search by order date product etc ePKI Home MY CERTIFICATES Order Certificates Order Certificate BULK Search Certificate Orders PKCS 12 Bulk Registration and Pickup Search PKCS 12 Bulk Order History Approve Pending Certificates MY LICENSES Order Licenses Search License Orders Certificate List Application Date is Ka between Any Product Ka Any Order State Display Number 10 El and B gt Any Certificate Status Search 30 Then click Application next to the order you wish to review Various application Certificate Order Number Organization Name Common Name Product Period Email Address Person in charge of registration Order Status Certificate Status Date of application Enterprise PKI Lite 06 21 2012 5 06 21 2013 Angl GMO GlobalSign N For 2year your email yourcompany com 9496 SCiikto2013 ISSUE WAIT NONE 5 41 CMT 00 00 MPS2013062118838 YourName AR89496 SGMktg2013 ov I
18. Required OrganizationUnit PKCS 12 Password Required 1 02731 _ _ pr 1 Testl jfgt23966bCew C02727 2 Test2 ngfgtansgouetj LLL LLLA C02728 m 3 Test3 nga9540bcd34 02713 4 Test4 nglajd9ye2000 a 28 5 Certificate generation is complete PKC S 12 Order ID Product Selection 7 2 Completed Completed Certificate issue batch application MPB201306240721 Zip file containing your Bulk enrolled PKCS12 digital IDs can be found on the left menu item 6 After confirmation a Zipfile containing the PKCS12 files can be found in the PKCS 12 Bulk order history Report found on the left pane Click on the link and search for Order ID then click Download The Zip file will be purged from your EPKI portal 1 month after creation therefore it is important to download the file prior to 30 days after creation Local Key recovery can be implemented by securely storing the Zip file containing the PKCS12 files while also securely storing the csv file that includes the passwords to the PKCS12 sometimes referred to as private key passwords CERTIFICATE LIFECYCLE MANAGEMENT REVOCATION REISSUANCE AND CANCELLATION To revoke cancel or reissue the certificate please go in the left menu to the Search Certificate Orders link under My Certificates Search for the order you wish to access like you would do for the reports Click on the Application button next to the orde
19. asswords true false true false 24 Below is example of a CSV created for a Profile that allows for an Optional Variable Organization Unit Note for the records where OU is desired blank a space was created in the second value of the record bulk upload test3 txt Notepad File Edit Format View Help CommonName Organizationunit Email PickupPassword Mary Smith mary smith globalsign com amp 4 S2334 John Jones Juil ele ut pr i phi cir n Kate Habib kate habib amp globalsign com 3KG323dhg ifer Yee Accounting jennifer yee globalsign com 947892jj 2 Jenni mid Maloof west Coast Sales george maloofGglobalsign com kh95jg x r As a reminder Profiles with pre established OU values will result in a common and reguired value for all users regardless of what is specified for OU in the CSV After uploading the CSV you may specify optional enrollment methods discussed previously in this guide by checking either haveCSR or PKCS12 Leave both options unchecked if you wish to proceed with the default enrollment method Mo GlobalSign Certificate Center m v de ov 2 Tools Product Details gt Filespecification gt A Edit Details gt Confirm Details 4 dit Details No CommonName Required OrganizationUnit Email Address Required Pickup Password Required haveCSR PKCS12 staff in charge created profile authenticated LRA Mary Smith
20. enerated certificate pick up email This provides the challenge response which is necessary to prove control of the email address Confirm details and if correct click Next Select Profile 2 Certificate identity Details gt E Confirm Details Product Details Profile 10 221306221398 License ID 0120130620159 1 Product Details Certificate Identity Details E 4 LOGS Common Name YourName Organization GMO GiobaiSign Ltd Application Organizational Unit Marketing EMEA Locality Maidstone Order Number MP 52013062118838 State or Province Kent Country United Kingdom GB What happens next An Enrollment Invite wil be sent to the email address specifies in the Certificate Identity Details Email Address your emaiGyovrsompary E i veu The recipient will need the Pick up Password to complete the certificate installation Please provide the Pick up Password Encrypting File System Desadies in a secure and out of band method MS SmartCard Logon 1 have an externally generated CSR Disables GlobalSign Certificate Center GCC 4 e 512 Option Disabled Use the GiotalSign Certificate Center to Reissue your Certificate Purchase additional Certificates quickly Download issued Certificates in multiple formats Easily expiring Certificates and reporting of upooming renewals Change your contact information Back 23
21. er do p 63d056a9ed3d81665cc0a406f0e2c719ecd441bb Choose File No file chosen Upload Recommended size 176x37 pixel The maximum capacity 2MB Valid image types jpg gif png Choose File No file chosen Upload Recommended size 950x7 pixel The maximum capacity 2MB Valid image types jpa gif png 19 Other Portal Configurable Options Modify Subscriber Agreement You may add additional subscriber terms to the Mandatory GlobalSign Subscriber Agreement to capture unigue or additional terms above and beyond the reguired GlobalSign terms End users will be presented with the Subscriber Agreement and prompted to accept the terms prior to certificate installation APPROVING REQUESTS ORDERS Applications made by Users Departments using the Portal must be approved by an EPKI Administrator When such applications are made an email alert will be sent to the EPKI Administrator s and the appropriate Administrator must log into the account and click the Approve Pending Certificates link under the My Certificates menu Check the request and click Next Review the order and after appropriate identity verification is completed click Next ACCOUNT amp FINANCE E SSLCERTIFICATES 8 MANAGEDSSL amp ENTERPRISE ePKI Home Certificate Consent Order CERTIFICATES Order Certificates Order Certificate BULK Certificate Order Number Registration type Person in charge of registrabon Product PKCS12 Common Name Emai
22. ess to the GCC product suite MANAGER Managers may add other Staff administrators and establish certificate profiles and approve orders if the GCC Administrator has set the Certificate approval permission option to True STAFF IN CHARGE Staff in charge may initiate orders resulting in Pending Certificates that the GCC Administrator or Managers with Certificate Approval Rights must review and approve In the Search Certificates Orders section you can see who the Administrator associated with the user registration is under the Person in charge of registration heading REGISTERING ADDITIONAL USERS To create either Managers or Staff in charge select the Account amp Finance tab then select Manage Users under My Account Begin by assigning a User ID and Password that will need to be distributed out of band to the appointed user Complete the registration by filling up the required fields including user information and user type either Manager or Staff in charge Set Certificate Approval Permission to True if you wish the Manager to have certificate approval and profile creation rights Staff in charge is unable to approve certificates or establish new profiles Ignore settings related to Deposit purchase authority 34 551 CERTIFICATES E PERSONAL SIGN ENTERPRISE PKI New user registration page PARB9140 User ID Enter under 10 characters Password s Password confirmation a Organization Name e g Globa
23. ficates Go to www globalsign com and click Login in the upper right hand corner id Contact Us Resources Support Enter your User ID and Password Your User ID is the PARXXXX xxxxx number given to you at the end of the GCC signup process that you can also find in your Welcome Email Your Password is the password you entered during the signup process If you have difficulties logging in or forget your password please contact Support at www globalsign com support ESTABLISHING EPKI SERVICE The first time you log in you will be prompted to choose which default tab you wish to land on every time you access your account Select Enterprise PKI You will then enter the GCC home page that will provide four certificate tabs Select the upper tab labeled ENTERPRISE 0 GlobalSign 0 St et Logout Technica Support Center Contact Us TEL US 1 877 775 4562 EMEA 32 16 891900 UK 44 1622 766766 7 COOE SIGNING PERSONALSIGN ACCOUNT amp FINANCE SSL CERTIFICATES MANAGED SSL Meere apre ePKI Home License Selection MY CERTIFICATES You will land on the EPKI home page where you can find two types of certificates available for you to order PersonalSign and PDF Signing Digital Certificates All functions are accessed through the left hand menu system You can also access the main features using the icons on the Enterprise PKI home page SSL CERTIFICATES El MANAGED SSL CODE SIGNING PERSO
24. fier KeyID 6d c4 2b c1 7d 85 10 l Authority Information Access 1 Authority Info Access Acc CRL Distribution Points 1 CRL Distribution Point Distr li Subject Key Identifier 0 d4 0a 11 55 8 5 46 55 c4 l Subject Alternative Name RFC822 Name global t Authentication 1 3 6 1 5 5 7 3 2 e Email 1 3 6 1 5 5 7 3 4 ypting File System 1 3 6 1 4 1 311 10 3 4 em Learn more about certificate details 13 2 Microsoft MS SmartCard Logon This option is only available to Pro customers Please contact vour Account Manager for more information RENEWAL There are three main renewal configurations available to the EPKI Administrator 1 Manual Default setting Reminder notice sent to subscriber at periodic intervals Subscriber registers for renewed certificate and a notification email is sent to the EPKI Administrator alerting them of a pending reguest that reguires review 2 Automatic Reminder notice sent to subscriber at periodic intervals successful client authentication will automatically generate a renewed certificate 3 Quick 30 days before certificate expiration active certificate holders are automatically sent an email to immediately install a renewed certificate Periodic reminder settings can be enabled or disabled in the Manage Email Templates link found under Emails In either case renewed certificates will include the identical identity informati
25. ificate Profile Details These details will be vetted and included as the certified identity within your issued Certificate Make sure the details entered oF Configuratio are correct we will vet the details you include To assist you some details will be pre populated from previous pages or from Order Additional Profiles your GCC account details you may overwrite these if needed o A A Search Profiles Note Within the form below you have the ability to define the certificates DistinguishedName DN One optional element is a freeform Organizational Unit OU description The OU field allows you to enter a value that suits your business needs with A n lanea 2 MY ORDERING PORTAI a description such as Marketing Team Building 5 for example It is not mandatory to enter this but please note that Pon if you choose to Lock a unique OU then this means that the description you have chosen cannot be used again andis unique to this profile An example of where you might choose to do this is for client authentication situations where each certificate iOS CERTIFICATES 2 E needs one or two fixed unique strings to allow access such as O and Ol Edit iOS Config EMAIL S Organization Requires GlobalSign Ltd OM je ate Organizational Unit Options unless locked uniaue o 9 Lock a unique OU Configure LDIF Locality Ope Maidstone RESOURCES State or Province Options Kent Ad A uide ePKI Adm
26. inistrator Guide Country Requires United Kingdom GB TYPES OF PRE VETTED IDENTITY PROFILES Certificate Profiles determine which fields in the end user Digital Certificate will be reflected as fixed values verified by GlobalSign or variable for each end user registration Organization and Country Code are reguired to be fixed since GlobalSign will verify these values Providing values for Organization Unit Locality and State produces constant values for each Digital Certificate issued from the Profile However these same fields if left blank will be optional variable fields available to the EPKI Administrator at registration Common Name and email are variable fields and unigue to each application The end result of a submitted certificate profile is referred to as the Base Distinguished Name DN If you wish to secure that a particular Organization and Organization Unit value is never used in another Certificate Profile select Lock Unique OU to Reserve the settings as illustrated in Option 3 Your pre vetted identity has 1 of 3 main profile options e Option 1 Fixed Organization Name with an Optional Variable Organization Unit e Option 2 Fixed Organization Name with a Fixed Organization Unit e Option 3 Fixed Organization Name with a Fixed and Reserved Organization Unit in the Base Distinguished Name OPTION 1 FIXED ORGANIZATION NAME WITH AN OPTIONAL VARIABLE ORGANIZATION UNIT e Common Name Reguired John Doe or Jane Smith fo
27. lsiga inc Department e g Marketing a First Name Middle Name s Last Name a Job Title e g Web Administrato a Street Address 1 m OOO De Street Address 2 0 Suite 330 n City e g Porstmouth State or County e g New Hampshire a Zip Code Postal Code e g 03801 Country Germany Other address info a Telephone inc region code e g 44 0 1622 766766 Fax inc region code e g 44 0 1622 662255 a Email Address Please be careful when providing email address User permissions Manager a Language u Hoping for guide from this company Certificate approval true false permission Deposit purchase authority true false Back Confirm ADMINISTRATION DELEGATION Shared administration can be established Click on the Profile Configuration link under My Profiles Select the profile and click Next Click on the Configure button next to User Permission 35 Profile Configuration Profile 10 MP200906 100029 Organization Inc Organization Unit Test Accourt Do rot rely upon gt euthertceted by LRA URL https system gotelsion comicripubic certfcate or er Go 52 T 990c 910038099000071e 1c 76aa3ccOf URL PKCS12 Option Nips system giobals gn comycripubic cortfic ateorder psct fSe20b08c902 1 cb2960423108240585007 246276 User Permission Conger Haah p SW SA 255
28. mary smith globalsign com 58452334 E staff in charge created profile 2 John Jones authenticated by LRA staff in charge john jones globalsign com jffo2n amp nd98 created profile authenticated by kate habib globalsign com SJKGJ23dhg LRA staff in charge created profile authenticated by LRA staff in charge created profile authenticated by LRA 3 Kate Habib A Jennifer Yee jennifer yee globalsign com 947892jj 2 E 5 George Maloof george maloof globalsign com kh95jg r To complete the process click Next and securely distribute the Certificate pick up passwords to the Users 25 BULK PROVISIONING PKCS 12 Bulk provisioning provides an alternative to bulk enrollment in that the enrollment steps performed by the end user are minimized or in some cases totally eliminated The bulk provisioning feature provides the following benefits e Easy method to provision large number of certificates e GlobalSign server side key generation eliminates the need for local key generation e Single file PKCS12 delivery allows for easy back up e Administrator enrolls on behalf of end user allowing more control on certificate provisioning and back up NOTE Per recent policy change Bulk PKCS12 registration option will only support user registrations that do not include email address in the certificate subject name Therefore this feature should not be associated with local key recovery or S MIME si
29. nce email will not be supported This option should be positioned for Organizations that wish to bypass end user direct registration using emails web pages from GCC EPKI e g Network access Microsoft Office Document signing BEFORE YOU BEGIN 1 There is a 200 record limit 3 2M and depending on key size selected the ZipFile containing PKCS12s may take up to 40 minutes to process 2 Disable all renewal messages to prevent system generated email reminders from going directly to your end user You can do this by a Disable Renewal reminder emails by logging into EPKI and clicking on Manage E mail Templates EMAILS View All Sent Emails Configure LDIF b Click Edit for any template that is marked true 26 Renewal Reminders Today true Renewal Reminders true Renewal Reminders in 7 days true Renewal Reminders in 14 days true Renewal Reminders in 21 days true Renewal Reminders in 30 days true Renewal Reminders in 60 days true Renewal Reminders in 90 days true c Change Delivery from Enable to Disable as shown below Delivery OEnable Disable Mail Encoding UTF 8 Click Next and then Complete HOW TO 1 Start by going to PKCS 12 BULK Registration and Pickup 2 Selectthe Profile and License pack and click Next Product Selection Product Details Details File specification gt Edit Details gt Confirm Details Product Details Profile Profile ID BaseDN
30. ollowing security precautions surrounding P12 delivery a The establishment by the Subscriber of Strong Certificate Passwords for P12 file pick up this is different than the Pick up password that is used to authenticate all requests regardless of enrollment method selected GlobalSign Digital Certificates Certificate Password Required Certificate Password re enter Required b P12 file purge Note GlobalSign will purge all P12 files Therefore it is recommended that Subscribers import the P12 file by marking the private key as exportable and then make a back up See GlobalSign Support for additional details 22 Option oertificate delivery method Select only 1 have an externally generated CSR Check only If you are an Advanced User and have an externally generated Certificate Signing Request C SR 512 Option f Pickup Password Seourec _ Password must be a minimum of 8 characters Alpha numertc values only A Z 0 9 PasswxdGenemtio _ When t e password RAOMIKE operation generation DON I pressed a rangom password TS eet Pickup Password re enter Memo Additionally establish a Pickup Password or use the Password Generation tool that you are reguired to deliver to the Subscriber in an Out of Band method As a security precaution the certificate cannot be installed unless the user has received the System g
31. on included in the original certificate Please note that sufficient certificate inventory must be available for the order to successfully be completed To enable Automatic or Quick Renewal options go to Profile Configuration click Next and select your preferred renewal option Profile Configuration Profile ID Organization Organization Unit URL URL PKCS12 Option User Permission Hash Algorithm Encrypting File System 201306201398 GMO GlobalSign Ltd Marketing EMEA https system globalsign com cr public certificate order do J J 3 pze83bf616dd9c15d5de491785745e5402c9bd6d9b Non Exportable Option OCSP Option API IP Address range 9 Disabled Enabled 9 Disabled Enabled 14 PURCHASING CERTIFICATE LICENSE PACKS Certificate licenses may be purchased based on several certificate configurations including CERTIFICATE TYPE e PersonalSign amp DepartmentSign for Windows trusted applications For a detailed product description go to https www globalsign com personalsign e PDF Signing for Adobe CDS Personal Pro amp Department For a detailed product description go to https www globalsign com pdf signin CERTIFICATE PACKS Depending on the Certificate Type selected above you may order certificate packs starting from as low as 1 up to and including 1 000 Note that an additional 1096 quantity of certificates will be added to address attrition due to employee turn over Employees who lose p
32. orts are generated from the Search Certificate Orders link MY CERTIFICATES Order Certificates Registration and Pickup Search PKCS 12 Bulk Order History Approve Pending Certificates Select the appropriate date range Profile if you have more than 1 and set Order State Issued via the drop down menu Note If a certificate has been Re issued the replacement certificate will have a status Issued and be included in the LDIF report The original replaced certificate will not be included in the query since its status will change to reissued Only non revoked and unexpired certificates will be included Then click on the LDIF Button 32 Certificate List leg ML201207030574 OR John Smitt Hide Advanced Search Application Date is _ i e mm dd Any Product Product E Any Certificate Status Certificate Status m tion Unit 2ddre Display Number 10 v 1 3 3 Open the file with your prefer application You have chosen to open 10 Mif txt which isa Text Document from https dev4gacp globalsign co jp What should Firefox do with this file Open with Save File 1 Do this automatically for files like this from now on Below is example entry 1 v File Edit Format View Help KLDIF made by Globalsign dn dc input here dc input here objectclass
33. outh State or Province NH Country United States Email Address Reauired OPTION 3 FIXED ORGANIZATION NAME WITH A FIXED RESERVED ORGANIZATION UNIT IN THE BASE DISTINGUISHED NAME DN With Lock OU selected the OU is fixed and unique within the profile e Name Required John Doe or Jane Smith for example e Organization Name Fixed during validation e Organization Unit Fixed during validation authenticated by LRA appended e Locality Fixed during validation e State Fixed during validation e Country Fixed during validation e Email Address Required This is included in the certificate but also the pickup link will be delivered to this e mail address The following is an example of an end user registration based on Option 3 Certificate Identity Details Common Name Reauired Organization GlobalSign Organizational Unit West Coast Sales authenticated by LRA Locality Portsmouth State or Province NH Country United States Email Address Reauired To address concerns surrounding secure web access new additional profiles cannot be established using a Locked Organization and Organization Unit combined value By checking the Lock OU selection box you ll prohibit this combination from being used in future Profiles 11 After your Profile has been vetted you will be able to order certificate licenses that certificate reguests can be applied against Certificate license packs can draw off a
34. r browser PDF Signing Users Windows 2000 amp XP Users You must use the Internet Explorer browser Windows Vista Users You must use the Internet Explorer browser Consult the GlobalSign support pages for a detailed guide on how to enroll for your DocumentSign Digital ID http www globalsign com support index php The enrollment period will expire 07 14 2013 Click on the link below to initiate the Certificate generation and installation process Make sure the above link is unbroken and complete Copy and Paste the entire link into your browser if necessary 14 Contact unnar anl Adesinictester far additinnal information A pop up window will appear asking you to enter your Pick up Password Then click Next 5 You will now go through the Certificate generation and installation process Enter your Temporary Certificate Pick up Password Enter the Pickup Password to continue Forgotten the Pickup Password Contact Support immediately for assistance You will be requested to create a new password that we will refer to as the Private Key password Next you will need to agree to the EPKI Subscriber Agreement and then click Next GlobalSign GMO Internet Group Certificate Password Reavired e N Muua c 49 A LS A 4 E t mol 8 minimu of 12 characters Alpha numeric values only A Certificate Password re enter Required ePKI Subsc
35. r example e Organization Name Fixed during validation e Organization Unit Optional and Variable authenticated by LRA appended e Locality Fixed during validation e State Fixed during validation e Country Fixed during validation e Email Address Required This is included in the certificate but also the pickup link will be delivered to this e mail address The following is an example of an end user registration based on Option 1 Certificate Identity Details Common Name Required Organization GlobalSign Inc Organizational Unit Locality Portsmouth State or Province NH Country United States Email Address Reauired OPTION 2 FIXED ORGANIZATION NAME WITH A FIXED ORGANIZATION UNIT With Lock OU not selected but OU populated in the profile e Common Name Required John Doe or Jane Smith for example e Organization Name Fixed during validation e Organization Unit Fixed during validation but variable authenticated by LRA appended e Locality Fixed during validation e State Fixed during validation e Country Fixed during validation e Email Address Required This is included in the certificate but also the pickup link will be delivered to this e mail address The following is an example of an end user registration based on Option 2 10 Certificate Identity Details Common Name Reauired Organization GlobalSign Organizational Unit West Coast Sales authenticated by LRA Locality Portsm
36. r you wish to select Various application Certificate Order Number Organization Name Name Product GMO GlobalSign Application PS20130621 18838 m YourName Period Email Address Person in charge of registration Order Status Certificate Status Date of application Enterprise PKI Lite For 2year your email yourcompany com Personal Digital ID 10 pack 06 21 2013 IS WAIT SUE WA 16 41 GMT 00 00 PAR89496 SGMktg2013 NONE At the bottom of the report you can choose to revoke cancel or reissue the certificate 29 Certificate action information Action details ORDER REQUEST CERT ISSUE WAIT CERT ISSUE Action date 2009 06 09 GMT 00 00 2009 06 09 GMT 00 00 2009 06 09 GMT 00 00 Result SUCCESS SUCCESS SUCCESS Revoke Certificate cancellation reguest Reissue Certificate Notes Mail History 1 Revoked certificates will be put on the Certificate Revocation List within 24 hours making the certificate unusable by most applications 2 Cancellations are allowed up to 7 days of certificate delivery 3 Reissued certificates will be issued with an expiration date equal to the original certificate Note a new private key will be generated therefore a replacement certificate will not allow decryption of the emails that were encrypted using the original certificate Click Mail History to review or resend system generated emails History Order Number 333430 M
37. riber Agreement GlobalSign Subscriber Agreement Digital Certificates and Services Version 225 PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE DIGITAL CERTIFICATE ISSUED TO YOU OR YOUR ORGANIZATION BY APPLYING FOR A DIGITAL CERTIFICATE YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS AGREEMENT IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT PROMPTLY CANCEL THE ORDER WITHIN 7 DAYS OF THE APPLICATION FOR A FULL REFUND IF YOU HAVE PROBLEMS UNDERSTANDING THIS lt AGREE TO THE SUBSCRIBER AGREEMENT You now download your Certificate Siobalsian Install your Digital Certificate and the Intermediate CA Certificates Your Certificate has been generated click the Download My Certificate button to download the Certificate onto your computer We have detected that you are not using Internet Explorer Please follow the below instructions to download your Certificate Click the Download Certificate button to download your Certificate Download My Certificate The Certificate Import Wizard will start when you open the pfx document Simply follow the steps by clicking Next On the second step you will have to enter the Private Key password you created earlier and you will also be given the choice to select whether or not you wish the key to be exportable Certificate Import Wizard 3 Password To maintain security the private key was protected with a password Type the password for
38. rivate keys can be provided a re issuance link to establish a new certificate the expiry of which is the same as the previous one Please see the section labeled Certificate Lifecycle Management Revocation Reissuance and Cancellation z CODE SIGNING PERSONALSIGN SSL CERTIFICATES MANAGED SSL PDF SIGNING for ADOBE CDS ePKI Home License Selection MY CERTIFICATES View Admin Meni Product Details MY LICENSES N ea Personal Sign MY PROFILES Profile Configuration Order Additional Profiles Approve Pending Pr Search Profiles MY ORDERING PORTAL Portal Configuration iOS CERTIFICATES Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Lite For Department Digital ID 5 pack Lite For Department Digital ID 10 pack Lite For Department Digital ID 25 pack Lite For Department Digital ID 50 pack Lite For Department Digital ID 100 pack Lite For Department Digital ID 500 Lite For Personal Digital ID 5 pac Lite For Personal Digital ID 10 pack Lite For Personal Digital ID 25 pack Lite For Personal Digital ID 50 pack Edit iOS Configuration Enterprise PKI Lite For Personal Digital ID 100 pack EMAILS Enterprise PKI Lite For Personal Digital ID 250 Manage E ma Enterprise PKI Lite For Personal Digital ID 500 pack Enterprise PKI Lite For Personal Digi
39. s many pre vetted certificate Profiles as vou establish Once you have entered your profile s click the Confirm button and the vetting department will be notified of your reguest and begin the vetting process Should you have any guestions regarding the status of your Profile reguest please open a Support case www globalsign com hel ADDITIONAL PROFILE SPECIFIC CONFIGURATION OPTIONS By selecting Portal Configuration the EPKI Administrator can make available support for additional PKI enabled applications that require specific key usages Additionally key size restrictions can be enforced for PKCS12 delivery options Manage Portal MY PROFILES Profile Configuration 2 o Order Additional Profiles Organization Organization Unit Approve Pending Profiles URL Search Profiles URL PKCS12 Option Profile ID Organization Organization Unit Select the Profile and click Next to URL URL PKCS12 Option configure the following additional options Profile ID Organization Organization Unit URL MP200906100029 GlobalSign Inc Test Account Do not rely upon authenticated by LRA https system globalsign com cr public certificate order do p 9652ccc3f7990c91038099eeb07fe1c76aa3cc3f https system globalsign com cripublic certificate order do 019 2008 9021 0298042108240585007240216 200906 150035 GlobalSign Inc staff in charge created profile authenticated b
40. t and the delivery setting are good at the content of mail MY LICENSES Order Licenses Search License Orders Approve Pending To customize email content Please click contents Edit button Subject address main body of the message of the mail to be changed can be edited Enable and Disable When Enable is selected the automatic mail sending is done Licenses Please select Disable to stop the auto dialing of an unnecessary mail type to send MY PROFILES Profile Configuration type Delivery Contents Order Additional Profiles Cancellation Completed true Approve Pending Profiles Enrollment Invite true Edit Search Profiles Enroliment Portal true Edit 1 PORT vaga araks Enroliment QUICK RENEW true Portal Configuration Enrollment Reissue true Edit iOS CERTIFICATES Enrollment Information 15 days true Edit O Edit iOS Configuration Enrollment Information 30 days true Edit Enrollment Information 31 d t Edit nrollment Information ays rue Manage E mail 7 Templates Mobile Enrollment Invite true Edit e Mobile Enroliment Reissue true Edit View Emails to Portal Users Issuance Completed true Edit Configure LDIF PKCS12 Issuance Completed true Edit RESOURCES Mobile Issuance Completed true Edit ePKI Admin Auth Guide Cancellation Completed Not consent true Edit ePKI Administrator Guide Portal Order Received true Edit Click Edit next to the mail type you wish
41. tal ID 1 000 pack 2 Enterprise Lite For Personal Digital ID 2 500 RESOURCES Enterprise PKI Enterprise PKI Enterprise PKI Enterprise PKI Lite For Personal Digital 10 3 500 Lite For Personal Digital ID 5 000 Lite For Personal Digital ID 7 500 Lite For Department Digital ID 1 000 pack Lite For Personal Digital ID 10 000 pack CERTIFICATE VALIDITY Depending on the Certificate types validities range from 1 to 5 years resulting in significant discounts the longer the validity Licenses can be purchased by clicking Order Licenses found under the My Licenses tab Select the Certificate validity you wish to apply and click Next 15 Home License Selection MY CERTIHCATES View Admin Menu 7608165 Options 1 Product Details MY LICENSES Order Licenses Select Product i gt 8 NP KES Search License Orders Product Details Enterprise PKI Lite PDF Signing for Adobe CDS Personal USB 5 pack MY PROFILES Profile Configuratior Certificate Validity 1 year o er ditional Pr Multi year offers nificant per ar 2 year Approve Pending Profiles t 3 year Search Profiles Campaign Code Redeem code MY ORDERING PORTAL i Portal Configuration Coupon Code Redeem code iOS CERTIFICATE S e ice a part ease Edit iOS Configuration TOTAL COST c Tax 3 774 EMAIL S Manage E mail
42. the private key Password 7 Enable strong private key protection You will be prompted every time the private key is used by an application if you enable this option 7 Indude all extended properties Learn more about protecting private keys At the end of the process a message will confirm that it was successful You can then go back to your account click View Admin Menu Options in the My Certificates menu ACCOUNT amp FINANCE 0 owt ePKI Home MY CERTIFICATES View Admin Menu Options s You will be prompted to choose the Administrator Certificate that you just installed You verify the correct certificate as its common name will be your account login x Confirm Certificate Confirm this certificate by dicking OK If this is not the correct certificate dick PAR68567 UserName Issuer GlobalSign PersonalSign 2 CA G2 Valid From 6 20 2012 to 6 21 2013 Click here to view certificate You will then have full access to all of the portal s functionality MY CERTIFICATES Order Certificates Order Certificate BULK Search Certificate Orders PKCS 12 Bulk Registration and Pickup Search PKCS 12 Bulk Order History Approve Pending Certificates OOO For more detailed step by step instructions on installing the Administrator certificate please see our Administrator Certificate Guide https www globalsign com support ordering guides epki
43. tion that will create and distribute the public and private keys along with the digital certificate delivery 18 TIERE Te Portal Profile ID Organization Organization Unit URL URL PKCS 12 Option Profile ID Organization Organization Unit URL URL PKCS12 Option MP200906100029 GlobalSign Inc Test Account Do not rely upon authenticated by LRA https system globalsign com cr public certificate order do p 96b2ccc3f7990c9f038099eeb07fe1c76aa3cc3f https system globalsign com cr public certificate order do pzcbf9e2008c9021c5298043f10824058500724b2f6 MP200906150035 GlobalSign Inc staff in charge created profile authenticated by LRA https system globalsign com cr public certificate order do p 82f3ec8 1e9057ad514d0facc801924a3c059d663 https system globalsign com cr public certificate order do p 852e1c9668a0b7b42f72630103dc9b5f903321e0 Optionally by clicking Next after selecting a particular profile the EPKI Administrator may upload a logo to be displayed on the top banner of the end user enrollment page as well as a GIF to be displayed at the footer of the page Portal Profile ID Organization Organization Unit URL URL PKCS12 Option Logo GIF Footer GIF MP201306201398 GMO GlobalSign Ltd Marketing EMEA https system globalsign com cr public certificate order do pze83bf616dd9c15d5de49178b74d5e5402c9bd6d9b https system globalsign com cr public certificate ord
44. to customize You can add additional email addresses for the carbon copy CC or blind copy BCC and modify the message details Please note that the items prefixed with 55 are variables that the system will replace with values as the email is sent out They should not be modified as they contain necessary information to complete the intended action 17 Home Edit Mail Template MY CERTIFICATES ati ipleted o Message Detai o o Se Delivery 9 Enable C Disable Reset Message Mail Encoding UTF 8 MY LICENSES Message Header Order Licenses E OST Certificate Order Number Search License Orde From Partner ID Approve Pending Profile 10 To CertadminUser Email License ID Product PROFILES New Renew Prof Period Install Path Pickup Path ls Bcc Renewal Path Common Name MY ORDERING PORTAL Message Details Organization Organization Unit Subject CANCEL COMPLETE SS OrderlD SS DnICommonName Organization Unit 1 iOS CERTIFICATE S Organization Unit 2 Edad cxi ND cores street o tm Cnm Organization Unit 3 that chi il 2 tomatrically sent from noreply mailbo ConutryCode meee 1 HI rrr mrt rr rn ona CountryName State Or Province Locality Email Address Titel Manage E 3 6 View All Sent Ema 5 OrderID REQUESTING CERTIFICATES There are two main methods of requesting certificates 1 End User Initiated
45. top objectclass pkiuser objectclass riim mida 4 dent pol arse m WIBAGILAQAAAAABJRZS jkMwDQYJKOZI vjdx31lL mdsb23hbHNpz24ubmvOL2NhY2vydC9QZ X2 zb2 ShbF AQUFBZAChj podHRwoOi 8vc mail lila kee amp globalsign com CN LDIF 3b 0 Globalsign Inc OU 2nd admin new profile authenticated by LRA Upload to LDAP directory according to your product specific instructions 33 ESTABLISHING OTHER USERS A list of active Users can be found by selecting the Account amp Finance tab then clicking Manage Users under My Account This is also where new users can be added ACCOUNT amp FINANCE SSL CERTIFICATES b PERSONAL SIGN Account 8 Finance Home ETE Te MY ACCOUNT Amend Company Details manga Department Official name position Stephanie KentMaidstoneSpringfield AR89140 StephGalle ME142LP 441622766757 5 MANAGED SSL ENTERPRISE PKI Edit PAR MY FINANCES Current Balances amp Usages New registration Note all Users have equal access to established profiles and certificate licenses however user rights depend on the role established There are three main User Roles 1 Account Administrator 1 per GCC account 2 Manager unlimited 3 Staff in charge unlimited TYPES OF EPKI USERS GCC ACCOUNT ADMINISTRATORS GCC Account Administrators may add other Managers or Staff in charge and are provided full rights and acc
46. y LRA https system globalsign com cripublic certificate order do p 82f3ec81e9057ad514d0facc801924a3c0594653 https system globalsign com cr public certificate order do 85261 9668 0070421726301034 9051903321 10 200907210051 GlobalSign Inc https system globalsign com cr public certificate order do 41 3 480299 3 30833 934383 9284070924180 n 12 Step 1 Configure Profile Profile Configuration Profile ID MP201306201398 Organization GMO GlobalSign Ltd Organization Unit Marketing EMEA URL https system globalsign com cripublic certificate order do pze83bf616dd9c15d5de491780b74d5e5402c9bd6d9b URL PKCS12 Option https system globalsign comvcripublic certificate order do 63005629 030281665 0240610 2 7 19ecd441bb User Permission Configure Hash Algorithm SHA 1 SHA 256 Encrypting File System Disabled Enabled Renewal Type Manual O Auto 2 Quick Won Exportable Option Disabled Enabled Limited to only Internet Explorer OCSP Option Disabled Enabled API IP Address range IP Address is limited to only at the time of API e g e g 211 11 149 249 211 11 149 250 1 Encrypted File Systems EFS Enabling the EFS option will display EFS as an option at certificate registration The resulting certificate will include the enhanced key usage extension Encrypting File System 1 3 6 1 4 1 311 10 3 4 Field Value fi Authority Key Identi
Download Pdf Manuals
Related Search