Home

detailed user guide - PKI-Contacts - Fraunhofer

image

Contents

1. Additional Actions Create Rule Send Ontigs a a 84 Add to Outlook Contacts p T 8 OOK Up OTTOS 5 Po Outlook Properties amp Cut 3 Copy Uwe Bendisch wv Show social network updates in Outlook x eh All Items There are no items to show in this view E Activities EJ Mail Attachments HH Meetings a Add Status Updates Figure 71 Adding a Fraunhofer employee as a contact in Outlook 2003 You will now be shown the contact details for this contact Select Certificates in the Contact tab and click on Import see Figure 72 60 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client ale ose igg cereri etais acne cess Aes Outlook will use one of these certificates to senen ypted mail to this contact You can get a certificate by receiving digitally signed from this contact or by importing a certificate file for this contact Certificates Digital IDs Properties Set as Default ee Uwe Bendisch av Show social network updates in Outlook oe x There are no items to show in this view a fet All Items Figure 72 Importing the Fraunhofer employee s certificate into Outlook 2003 Now go to the directory where you saved the Fraunhofer employee s certificate and select it Click Open see Figure 73 Ji certfeates r ale X Gh A vr Date modified Type Size Bendisch c
2. Digitally sign messages by default Encryption Use this certificate to encrypt amp decrypt messages sent to you Default encryption setting when sending messages Never do not use encryption Required can t send message unless all recipients have certificates Certificates View Certificates Security Devices Figure 60 Mozilla Thunderbird Selecting S MIME settings You will be presented with a list of all certificates that have a digital signature function and for which you have a private key as a general rule there is only one certificate of this kind available on your system Select your own PKI for Fraunhofer Contacts personal certificate and close the dialog window by click ing OK see Figure 61 15 10 2013 53 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client ied Coniticate Certifica E le 64b3d52a 39df 4caa a012 cl 227 730 99 13 E6 1C 00 00 00 00 00 00 9E T Details of selected certificate Issued to CN John Dol2345 gmxde Serial Number 13 66 1C 00 00 00 00 00 00 9E Valid from 23 09 2013 13 51 05 to 23 09 2014 13 51 05 Certificate Key Usage Signing Key Encipherment Data Encipherment Email john dol2345 gt gmx de Issued by CN Fraunhofer Contacts Root CA 2011 Q0U PKI for Fraunhofer Contacts O Fraunhofer C DE Stored in Software Security Device Figure 61 Mozilla Thunderbird Setting up a signing certificate You will then be a
3. I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I Figure 5 Certificate issuance with Internet Explorer user s data check and confirmation of having read the guidelines for issuing certificates etc Now please check your personal information and confirm that it is correct Please also contirm that you acknowledge and comply with the remaining speci tied conditions and disclaimers in particular confirming that you have under stood and will comply with the guidelines for the issuance of certificates of the PKI tor Fraunhofer Contacts Click Proceed to key generation to be presented with a summary of the in formation you have entered and the confirmations you have given see Figure 6 You also have the option to cancel the certificate generating process at this Stage Doing so means you will not receive a certificate 15 10 2013 7 PKI Contacts PKI for Fraunhofer Contacts Requesting your own personal certificate Obtain a Free Certificate for the Contact to Fraunhofer In the following the data relevant for the issuance of your certificate is summarised The private public key pair respectively certificate will be provided for Last name John First name Doe Company DoeTest E mail John Do12345 gmx de You have confirmed that the personal data given above is correct and in particular that you are the owner of the indicated e mail address the conditions of the gt guidelines of
4. A Fraunhofer Fraunhofer Competence Center PKI PKI Contacts PKI for Fraunhofer Contacts User manual for communication partners of the Fraunhofer Gesellschaft Author s Uwe Bendisch Maximilian Gottwald As at 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Document history Document history 09 15 10 2013 Creation of German version with English screen shots MG UB Mailing list target group This document is aimed at those communications partners of the Fraunhofer Gesellschaft who wish to use certificate based authentication to protect their e mail correspondence with Fraunhofer Gesellschatt employees and who do not yet possess certificates for the purpose Remarks notes This document has been put together with great care and attention to detail but sadly this does not guarantee the absence of errors Liability can be accepted neither tor any errors that may occur nor for their possible consequences Please feel free to inform us of any mistakes found in the document or to suggest alterations if possible in the form of pre formulated passages of text by e mailing the Fraunhofer service desk at servicedesk fraunhofer de We will do our very best to take up every good idea we receive and to implement your suggested improvements Internal information File name PKI Contacts_Anleitung_Extern_EN V 1 0 docx Time 24 01 2014 Editor Uwe Bendisch PKI Contacts PKI for Fraunhofe
5. click on this e mail address and select Add to Outlook Contacts from the context window see Figure 63 Note If the Fraunhofer employee is already saved in your list of contacts select Look Up Outlook Contact and open their contact details al lH Untitled Message HTML o 22 Message Insert Options Format Text Review a amp Cut z am Bel 0 AN Y Follow Up 23 Copy Uwe Bendisch sit fraunho x High Importance Paste B i u Uwe Bendisch sit fraunhofer de Attach Attach Signature 4 File Item v Include Tags E To Uwe Bendisch sit fraunhofer de cus amp Cut 5 Ga Copy Figure 63 Adding a Fraunhofer employee as a contact in Outlook 2010 You will now be shown the contact details for this contact Select Certificates in the Contact tab and click on Import see Figure 64 Version 1 0 15 10 2013 55 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client r Bld y Uwe Bendisch Contact y File Contact Insert Format Text Review a Save amp New 3 B QE aia a E J Az PS BE EH Forward H gal q Save amp Delete General Deta mail Meeting More Address Check Business Picture Categorize Follow Private Zoom Close Nl OneNote A u X Book Names Card r Actions Show Communicate Names Options Tags Zoom Outlook will use one of these certificates to send encrypted mail to this contact You can get a certificate by receivin
6. Certificates and Algorithms Signing Certificate John Do 12345 gmx de Hash Algorithm Encryption Certificate John Do12345 gmx de Encryption Algorithm Send these certificates with signed messages Figure 51 Outlook 2010 Configuring a personal certificate 4 2 1 2 Configuring your own personal certificate in Microsoft Outlook 2007 In order to inform Microsoft Outlook 2007 of the personal certificate and pri vate key it should use to sign decrypt e mails you must configure the certificate in the e mail client Begin by opening the Trust Center via Extras gt Trust Center gt E Mail Se curity Now click on the Settings button under Encrypted e mail see Figure 52 46 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Trust Center P m Trusted Publishers Encrypted e mail Add ins Ba Encrypt contents and attachments for outgoing messages Er Privacy Options v Add digital signature to outgoing messages E mail Security v Send clear text signed message when sending signed messages Request S MIME receipt for all S MIME signed messages Attachment Handlin z Default Setting PUSAN esate aA er E ly asl Kl settings gt Automatic Download Digital IDs Certificates Macro Security Digital IDs or Certificates are documents that allow you to prove your identity in electronic transactions Programmatic Acce
7. Exporting your own personal certificate from the browser Certificate Export Wizard Export File Format Certificates can be exported in a variety of file formats Select the format you want to use DER encoded binary X 509 CER Base 64 encoded X 509 CER Cryptographic Message Syntax Standard PKCS 7 Certificates P76 Indude all certificates in the certification path if possible Indude all certificates in the certification path if possible Delete the private key if the export is successful Export all extended properties Microsoft Serialized Certificate Store 55T Learn more about certificate file formats Figure 20 Microsoft certificate cxport wizard Selecting the file export format Now enter a secure password to protect the key when it is exported see Figure 21 The password will be required whenever you want to import your certifi cate into a program and protects against unauthorized access Confirm this di alog window by clicking Next 1 The password should be at least twelve characters long and contain upper and lower case letters numbers and symbols 18 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate trom the browser Certificate Export Wizard Password To maintain security you must protect the private key by using a password Type and confirm a password Type and confirm password mandatory Figure 21 Micro
8. If you decide to is sue another password please choose one that is secure 3 The password should be at least twelve characters long and contain upper and lower case letters numbers and symbols A2 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Create a password to protect this item Create a new password for this item Password for CryptoAP Private Key Password i SCC 2 2 2 2 2 EJ Figure 47 Setting the password for later access to the user s private key Return to the dialog window that you are familiar with trom Figure 45 The security level should now correspond to the level you selected see Figure 48 Clicking OK imports your personal certificate and the private key associated with it into the Microsoft certificate store The message shown in Figure 49 will appear to confirm the import Confirm this dialog window by clicking OK too Your personal certificate is now available in the Microsoft certificate store and can be configured for secure e mail communication for example in Outlook see Sections 4 2 1 1ff Version 1 0 15 10 2013 43 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client k Importing a new private exchange key An application is creating a Protected item Figure 48 Adjusting the security level for access to personal private keys at a later point when importing personal certificates in
9. Your Certificates People Servers You have certificates from these organizations that identify you Certificate Name Security Device Serial Number Expires On Backup Backup All d Import Figure 56 Screenshot showing the Thunderbird Your Certificates certificate manager This opens a file selection dialog window Navigate to the location where you saved your PKI for Fraunhofer Contacts personal certificate and select it Con firm the dialog window by clicking Open see Figure 57 Version 1 0 15 10 2013 51 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Certificate File to Import OW m gt Computer LocalDisk C Temp Certificates 5 Search Certificates P Organize v New folder v 2 SY Favorites Name Date modified Type Size BE Desktop John Do pfx 23 09 2013 14 21 Personal Informati 4 KB Bb Downloads Recent Places Libraries Documents a Music Pictures Videos ME Computer hi Network File name PKCS12 Files p12 pfx v C C m Cancel Figure 57 Selecting your PKI for Fraunhofer Contacts personal certificate when importing it into the Thunderbird certificate manager Now enter the password that you set when saving the certificate and private key to protect them against unauthorized access Then click OK see Figure 58 Password Entry Dialog me Please enter the password that was used to encryp
10. Figure 31 Saving the PKI for Fraunhofer Contacts root certificate Version 1 0 15 10 2013 21 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 4 1 1 1 28 Incorporating the PKI for Fraunhofer Contacts root certificate into the Microsoft certificate store If you use Microsoft Outlook for your e mail communication then the PKI for Fraunhofer Contacts root certificate must be imported into the Microsoft certifi cate store that Microsoft Outlook also accesses To do so open the Microsoft certificate store via Start gt Control panel gt Network and Internet gt Internet options gt Content gt Certificates and open up the Trusted Root Certification Authorities tab Click on Import see Figure 32 ra Certificates Intended purpose lt All gt Intermediate Certification Au amp grities Issued To SS AddTrust External AddTrust External CA 30 05 2020 USERTrust ei Baltimore CyberTru Baltimore CyberTrust 13 05 2025 Baltimore Cyber ei Class 3 Public Prima Class 3 Public Primary 02 08 2038 VeriSign Class 3 ei Class 3 Public Prima Class 3 Public Primary 08 01 2004 VeriSign ei Copyright c 1997 Copyright c 1997 Mi 31 12 1999 Microsoft Timest GalDeutsche Telekom Deutsche Telekom Ro 10 07 2019 lt None gt ei Equifax Secure Cer Equifax Secure Certifi 22 08 2018 GeoTrust EalFraurihofer Gesells Fraunhofer Gesellsch 31 12 2009 lt
11. None gt CalGeoTrust Global CA GeoTrust Global CA 21 05 2022 GeoTrust Global CA Certificate intended purposes Server Authentication Client Authentication Secure Email Code Signing Time Stamping Encrypting File System IP security tunnel termination IP security user Learn more about certificates Figure 32 Screenshot showing the Microsoft certificate store s Trusted Root Certification Authorities This opens the certificate import wizard Confirm the first window by clicking Next Now click the Browse button and select the root certificate that was downloaded previously Confirm the dialog window by clicking Open and then on Next see Figure 33 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Note If the PKI for Fraunhofer Contacts root certificate is not shown in the Open dialog window you must change the Tilter that determines the Tile types shown from X 509 Certificate cer crt to All Files the option that shows all types of Tile Certificate Import Wizard X File to Import Specify the file you want to import File name Open Organize v New folder Fons r Name Date modified ME Desktop Lal fhg contacts root 2011 der 23 09 2013 11 50 sb Downloads Recent Places 5 Libraries Documents Music t Pictures Videos ME Computer hi Network
12. VY Variable Width A A A AAJ 1 E 5l Figure 84 Adding a digital signature to an e mail in Mozilla Thunderbird To encrypt an e mail select the Encrypt This Message option under the Secu rity header see Figure 85 f r _ Write no subject File Edit View Insert Format Options Tools Help 18 Send Spelling U Attach Cb Security Be ave Y A From John Do lt John Dol Encrypt This Message oD A v To amp uwe bendisch sit ft Digitally Sign This Message View Security Info Subject Body Text Y Variable Width E A A A A A I j Figure 85 Encrypting an e mail in Mozilla Thunderbird 68 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Revoking a personal certificate 5 Revoking a personal certificate If you are already in possession of a certificate issued by the Certification Au thority for Fraunhofer Contacts and wish to revoke it you can request a revoca tion at https contacts pki fraunhoter de Revoking a certificate may be neces sary If e your e mail address has changed or will change e you do not want to use the certificate for secure communication within a Fraunhofer related context anymore e you no longer accept and or fulfil the guidelines of the PKI for Fraunhofer Contacts any longer or e especially if abuse or compromise of the private key is suspected or has occurred In order to prevent a third party from revoking your certificate revocation
13. certificate holder and his her organisation are without differentiation called CERTIFICATE HOLDER in the following confirm that the personal data given above is correct and in particular that am the owner of the e mail address indicated above confirm that the conditions of the gt guidelines of the PKI for Fraunhofer Contacts are fulfilled took notice of and accept the terms of use and the exclusion of liability confirm that have noticed and accepted the data protection conditions will use the certificate for myself personally and or so far as request the certificate as employee freelancer for business use am authorized by my employer customer to use the indicated e mail address in business communication for signing and or encryption as well as to accept on his her behalf the above mentioned terms of use the exclusion of liability and data protection conditions Proceed to key generation gt gt I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I l i 1 P P l The certificate holder confirms by checking the following boxes that he is legally authorized to accept the subsequent terms of use and the I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I
14. en Fraunhofer Competence Center PKI Dear Doe John Juergen Baum an employee of Fraunhofer Institute Organisation SIT would like to communicate securely with you using encrypted and or signed e mail You can obtain a so called certificate as a digital proof of identification for your e mail address John Do12345 gmx de Fraunhofer offers this service for you free of charge The issuance process will only 1 I 1 I 1 I 1 I 1 I 1 I 1 I 1 I 1 I 1 I I 1 I I 1 I 1 l take a few minutes 1 I 1 I In order to prev Before using the link given above please observe the attached terms of use the exclusion of liability and data protection conditions in PDF format In case you do not have a PDF reader a freeware reader is available for download at http www adobe de General information about our service provided is available at http contacts pki fraunhofer de Kind regards Fraunhofer Competence Center PKI Figure 4 E mail with link for issuing a certificate Note Please be aware that for security reasons the link contains an identifica tion feature that is valid only for you Furthermore the link must be used within 192 hours of the e mail being sent If you do not apply for a certificate within this time you must ask your contact at the Fraunhofer Gesellschaft to make a new request for authorization on your behalf 6 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Requesting
15. encrypt an e mail click the Encryption symbol in the Options tab see Erg By F Untitled Message HTML Message Insert Format Text Review By Colors 2s 84 Da 5 As Dr Request a Delivery Receipt um Er Aa A Fonts 8 ay q F p P Themes Bcc From Permission 84 Sign Use Voting Request a Read Receipt Save Sent Delay Direct Effects v v Buttons Item To Delivery Replies To Themes Show Fields Permission Tracking More Options To uwe bendisch sit fraunhofer de u Ci Send Subject This is an encrypted E Mail Figure 79 Encrypting an e mail in Outlook 2010 Version 1 0 15 10 2013 65 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 4 4 2 Sending digitally signed and or encrypted e mails using Microsoft Outlook 2007 Create a new e mail You have the option to digitally sign the e mail when composing it by clicking on the Sign symbol found in the Options section of the menu ribbon under the Message tab see Figure 80 Cs This is a signed E Mail Message HTML x Message Insert Options Format Text tl ee 22 SG a 7 7O I dass iB Z U Ik AY gt iB Address Check Attach Attach Business Calendar ee Follow en 7 Book Names File Item Card ard Clipboard Basic Text F Names Include Proofing uwe bendisch sit fraunhofer de To Send Subject This is a signed E Mail gt E91 Figure
16. it will be exported out of the browser s certificate manager Now enter a secure password to protect the key when it is exported see Figure 28 The password will be required whenever you want to import your certifi cate into a program and protects against unauthorized access Confirm this di alog window by clicking OK 2 The password should be at least twelve characters long and contain upper and lower case letters numbers and symbols 24 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate from the browser Choose a Certificate Backup Password The certificate backup password you set here protects the backup file that you are about to create You must set this password to proceed with the backup Certificate backup password nn Certificate backup password agai sessseeees Important If you forget your certificate backup password you will not be able to restore this backup later Please record it in a safe location Password quality meter Figure 28 Entering the transport password for the backup certificate Mozilla Firefox A message will appear to confirm that the backup process was carried out successfully Contirm by clicking OK see Figure 29 Figure 29 Message informing you that certificate and private key were successfully backed up Mozilla Firefox 15 10 2013 25 PKI Contacts PKI for Fraunhofer Contacts Using cer
17. select Add to Outlook Contacts from the context window see Figure 67 Note If the Fraunhofer employee is already saved in your list of contacts select Look Up Outlook Contact and open their contact details 15 10 2013 37 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 58 x PEPESE Untitled Message HTML 5 mR Message Insert Options Format Text el WEES N Ss Ze B Vo 3 i x Paste iB Zou 132 A Address Check Attach Attach Business Calendar Signature Follow 4 Spelling I Book Names File Item Card s Up 4 Clipboard Basic Text Names Include Options Proofing To Send Subject a Schedule a Meeting ocation Not Available BI Send Mail Additional Actions Outlook Properties Cut amp a Copy Paste 2 2 Clear Figure 67 Adding a Fraunhofer employee as a contact in Outlook 2007 You will now be shown the contact details for this contact Select Certificates in the Contact tab and click on Import see Figure 68 HI ga y uwe bendisch Contact 5 x Contact Insert Format Text g Save amp New rE papirer 87 J 85 Ren 44 Assign Task 24 ABC En j gt f Haa aps E anne me Na Vo S Save amp General Det mail Meeting Call Business Picture Categorize Follow Spelling Contact Close X Delete s Map Ca
18. the browser Next select the certificate you wish to export from the options listed under the Your Certificates tab and click on Backup see Figure 26 Certificate Manager Your Certificates People Authorities Others You have certificates from these organizations that identify you Certificate Name Security Device Serial Number Figure 26 Selecting the certificate that is to be exported from the Mozilla Firefox certificate manager Now select a location in which to save the certificate Give the certificate and key file names that aptly describe the content and then click Save see Figure 27 15 10 2013 23 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate from the browser File Name to Backup GO j Local Disk C Temp Certificates v t Organize New folder sx ERBE ER Bi Name Date modified BE Desktop pi Downloads Recent Places No items match your search Libraries Documents al Music E Pictures Videos ME Computer Save as type PKC512 Files pl2 Hide Folders Figure 27 Selecting where to save the backup certificate in Mozilla Firefox Note If you have set your browser to require entry of a master password you will now be asked to enter this password in order to access your software secu rity module The password is required because your personal certificate and the private key that goes with
19. to the web server that will use it to cre ate your certificate If your computer has a smartcard reader attached with a card inserted in it you must select where you wish to save the key pair certificate by choosing a token from the drop down list in the token dialog box see Figure 12 Select Soft ware Security Device and confirm by clicking OK Please choose a token Software Security Device Figure 12 Issuing certificates with Mozilla Firefox selecting where to save the key pair certificate Note If your computer does not have a smartcard reader attached or the smartcard reader contains the wrong card the dialog window referred to above will not appear 15 10 2013 11 PKI Contacts PKI for Fraunhofer Contacts Requesting your own personal certificate 12 Note If you have set your browser to require entry of a master password you will now be asked to enter this password in order to access your software secu rity module The password is required because your personal certificate will be saved in the browser s certificate store You will then receive a message informing you that your key is being generated see Figure 13 Generating A Private Key Key Generation in progress This may take a few minutes Please wait Figure 13 Certificate issuance with Mozilla Firefox Generating the key pair Once the keys have been generated and the certificate issued successfully you will recei
20. website https contacts pki traunhoter de with pro tected access from which Fraunhofer employees can authorize the issuing of certificates for communication partners During the course of the process you will receive an automatically generated e mail containing a link see Figure 4 that takes you to a special PK Contacts website that leads you through the certificate application process Click on the link provided in the e mail or copy the address bar into your browser l From Fraunhofer Gesellschaft lt no reply pki fraunhofer de gt Sent Mi18 09 2013 16 121 I i To John Do12345 gmx de ICC i Subject Link zur Ausstellung eines Zertifikats PKI f r Fraunhofer Kontakte Link for obtaining a certificate PKI for Fraunhofer Contacts i gt d Message _ PKI Contacts Nutzungsbedingungen Haftungsausschluss und Datenschutz pdf 55 KB __ PKI Contacts Terms of use exclusion of liability and data protection conditions pdf 55 KB Vor Nutzung des o a Aktivierungslinks beachten Sie bitte unbedingt die im Anhang beigef gten Nutzungsbedingungen Haftungsausschluss und Datenschutzhinweise im PDF Format Sollten Sie ber ion kein geeignetes Programm f r die Anzeige von PDF Dokumenten verf gen steht Ihnen beispielsweise unter http www adobe de ein kostenfreierReader in einer aktuellen Version zur Verf gung 2 Allgemeine Informationen zu unserem Dienst erhalten Sie unter http contacts pki fraunhofer de Mit freundlichen Gr
21. your own personal certificate 2 1 Requesting your own personal certificate with Microsoft Internet Explorer Version 1 0 Note Screenshots were created using Microsoft Internet Explorer version 10 The link contained in the automatically generated e mail takes you to a website that leads you through the certificate application process see Figure 5 Obtain a Free Certificate for the Contact to Fraunhofer Dear Doe John Juergen Baum an employee of Fraunhofer Institute Organisation SIT would like to communicate securely with you using encrypted and or signed e mail and has therefore initiated the issuance of a certficate for you Please check your personal data given below Subsequently a private public key pair is generated within your browser and the public key is transmitted for certification to a Fraunhofer server Last name John First name Doe Company DoeTest E mail John Do12345 gmx de In case the data is not correct in particular you are not the owner of the indicated e mail address or in case you do not want to obtain a certificate anymore please gt click here to cancel the process exclusion of liability 1 for herself himself and or 2 on the basis of explicit authorization by his organisation contracting party of the Fraunhofer Gesellschaft Checking a box is considered as acceptance of the subsequent terms of use and the exclusion of liability and obligates both the certificate holder and his her organisation
22. 2013 until 20 09 2014 I I I I I I l I I I l Please note that independently of the certificate revocation the corresponding private key should not be deleted Otherwise messages which have been encrypted with the respective certificate cannot be read anymore Kind regards Fraunhofer Competence Center PKI Figure 92 E mail confirming that your personal certificate has been revoked 15 10 2013 73
23. 80 Adding a digital signature to an e mail in Outlook 2007 To encrypt an e mail click the Encryption symbol in the Options section of the Message tab see Figure 81 9 Low gt This is an encrypted E Mail Message HTML t x Message Insert Options Format Text o A w 88 a u E Aye Bin 25 gt Berean ab A B i Address Check Attach Attach Business Signature Follow ER Spelling 7 Book Names File Item Card z Upr 4 r Clipboard Basic Text Names Include Options 3 Proofing To uwe bendisch sit fraunhofer de Subject This is an encrypted E Mail Ka Figure 81 Encrypting an e mail in Outlook 2007 4 4 3 Sending digitally signed and or encrypted e mails using Microsoft Outlook 2003 Create a new e mail You have the option to digitally sign the e mail when composing it by selecting the option Add digital signature to this message in the message security properties found under File gt Properties in the Secu rity tab see Figure 82 66 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client aig is a signed E Mail Message HTML Pe est ir A T Encrypt message contents and attachments CZ ad digital signature to this message I Send this message as dear text signed F Request S MIME receipt for this message Security set
24. Contacts PKI for Fraunhofer Contacts Obtaining a Fraunhofer employee s certificate Enter name of file to save to 7 Er 1 i in lt 2 m Local Disk C Temp Certificates Search Certificates Organize New folder JE Jr Favorites Date modified Type Desktop m Downloads Recent Places No items match your search Libraries Documents al Music E Pictures E Videos JE Computer Fe BE me Uwe Bendisch cer Save as type cer File D Hide Folders Figure 3 Saving a Fraunhofer employee s certificate The process for integrating certificates into your e mail client in order to use them for secure communication varies depending on the e mail client you use This process is described under section 4 3 15 10 2013 5 PKI Contacts PKI for Fraunhofer Contacts Requesting your own personal certificate 2 Requesting your own personal certificate In order to establish secure e mail communications with Fraunhofer you too need a certificate that is assigned to your e mail address In case you don t yet have a personal certificate of your own you can obtain a free one from the PKI for Fraunhoter Contacts PK Contacts Certificates can be issued only once requested by a Fraunhofer employee who knows you Please ask your contact at Fraunhofer to apply for a certificate on your behalf It is then up to you to generate a key and request a certificate yourself There is a secure part of the
25. Dear Doe John You have received the certificate listed below for the e mail adress John D012345 gmx de which is still valid On this page you have the possibility to finally revoke this certificate A revocation is for example necessary if e your e mail address has or will change e you do not want to use the certificate for secure communication within a Fraunhofer related context anymore e you do not accept and or fulfil the guidelines of the PKI for Fraunhofer contacts any longer or e an abuse or a compromise of the private key is suspected or has occured want to revoke the certificate you may gt cancel the process here or just select another menu entry Please note that a certificate revocation is irreversible If you notice after all that the certificate is still required a new certificate must be requested Last name First name Serial number Company fate for the e mail address John D012345 gmx de 7 John Doe DoeTest I I I I I I 1 l 1 l 1 I I I 1 l 1 l 1 l 1 l 1 l 1 l 1 l 1 1 1 l 1 1 I I I l 1 l 1 l 1 I 1 1 I I I 1 1 l 1 l 1 l 1 1 I I 1 I I In case you would like to revoke the certificate please tick the check box and continue via the button Revoke certificate If you don t l I I 1 i l 1 I I I 1 l 1 1 I l 1 1 l 1 l 1 l 1 1 I l 1 1 I I I l 1 l 1 l 1 l 1 1 1 I 1 l 1 l 1 l 1 l 1 1 I I 1 1 I l 1 l 1 I I 1 l 1 Figure 90 C
26. Filename fhg contacts root 2011 der Figure 33 Selecting the PKI for Fraunhofer Contacts root certificate when importing it into the Microsoft certificate store In the dialog windows that follow simply assume the standard settings and contirm them by clicking Next Finish the certificate import wizard by clicking Finish At the end of the installation process you will be presented with a secu rity warning see Figure 34 After you have verified that the fingerprint cited in the security dialog box is correct please confirm by clicking Yes Verify the fin gerprint by carefully comparing the fingerprint shown in the security dialog box with the root certificate fingerprint given on the website Confirm by clicking Yes only if all the characters letters and digits in both keys are absolutely iden tical 15 10 2013 29 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client You are about to install a certificate from a certification authority CA A claiming to represent Fraunhofer Contacts Root CA 2011 Windows cannot validate that the certificate is actually from Fraunhofer Contacts Root CA 2011 You should confirm its origin by contacting Fraunhofer Contacts Root CA 2011 The following number will assist you in this process Thumbprint shal 092AD331 48892156 CSA5S3CF1 25D6DB98 8FBSC3F4 Warning If you install this root certificate Windows will automatically trust any cer
27. I I I I I I I I I I I I I I I I I I l I I I I I I I I I I I I I I I l I I I I I I I I I I I I I I I I I Figure 39 Downloading the PKI for Fraunhofer Employees root certificate Now select the folder that you want to save the certificate in and click Save see Figure 40 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Enter name of file to save to er Local Disk C Temp Certificates 2 Organize New folder Jr Favorites Name Date modified Type BE Desktop Cal fhg contacts root 2011 der 73 09 2013 11 50 Ze Cette m Downloads Recent Places Libraries Documents al Music fee Pictures Videos Computer Fe TE File name DT Root CA 2 der Save as type der File der Hide Folders Figure 40 Saving the PKI for Fraunhofer Employees root certificate Note The Intermediate Certification Authorities certificates of the PKI for Fraunhofer Employees Fraunhofer Root CA 2007 certificate and Fraunhofer User CA 2007 certificate can be downloaded in exactly the same way Incorporating the PKI for Fraunhofer Employees root certificate certificate chain into the Microsoft certificate store The method for integrating the PKI for Fraunhofer Employees root certificate Deutsche Telekom Root CA 2 certificate into the Microsoft certificate store is exactly the same as the method descri
28. ME receipt for all S MIME signed messages Default Setting My S MIME Settings John D012 Settings Security Zones Security zones allow you to customize whether scripts and active content can be run in HTML messages Download Pictures Digital IDs Certificates Digital IDs or Certificates are documents that allow you to prove your identity in electronic transactions Figure 54 Outlook 2003 S MIME options This opens the Change Security Settings dialog window see Figure 55 Change or set the name entered under Security Settings Name to one that matches your requirements if necessary and click on the uppermost Choose button to set the signing certificate You will be presented with a list of all cer tificates that have a digital signature function and for which you have a pri vate key as a general rule there is only one certificate of this kind available on your system Select your own PKI for Fraunhofer Contacts personal certificate This certificate will also automatically be entered as an encryption certificate as it also has an encryption function Unless already selected by Outlook as a de fault setting select the options Default Security Setting for this crypto graphic message format Default Security Setting for all cryptographic 15 10 2013 49 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client messages and Send these certificates with signed messages Now close
29. OO AZO ee ee 60 Incorporating a Fraunhofer employee s certificate into Mozilla THUNGETDIL Ges testet energie 62 Sending digitally signed and or encrypted e mails 64 Sending digitally signed and or encrypted e mails using Microsoft OUTOOK ZOTO een euere erste 65 Sending digitally signed and or encrypted e mails using Microsoft OULIOOK 200 Teenie 66 Sending digitally signed and or encrypted e mails using Microsoft OU100R20 03 ee ee ee 66 Sending digitally signed and or encrypted e mails using Mozilla TANGERI a NENNE WERT ERTS ONE Fe nme ran te NOE SOHC A 68 Revoking a personal certificate cccccceseeeeeeeeeeeeeeeees 69 Requesting the revocation of a personal certificate by e mail 69 Permanently revoking a personal certificate using the revocation e Se REEE EEEE E AIR EHER NEIGEN ERS In Tae RERERE EEEN E EE 71 15 10 2013 Version 1 0 Introduction Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Introduction This document describes how to establish secure e mail communications with Fraunhoter Gesellschaft employees In order to establish encrypted e mail communications you and the Fraunhofer employee you wish to communicate with must each be in possession of a digital encryption certificate Fraunhofer employees have for the most part already been provided with encryption certificates To ensure you too are able to obtain a certificate for communicating with Fraunh
30. Uwe Bendisch Contact T 52 a Contact Insert Format Text Review A g Save amp New aa g Sq Activities ra se Aa g af wey a a ari P f al Forward i H Gil mm x MO elete General Details p E mail Meeting More Address Check Business Picture Categorize Follow Private Actions Show Communicate Names Options Tags Zoom Outlook will use one of these certificates to send encrypted mail to this contact You can get a certificate by receiving digitally signed mail from this contact or by importing a certificate file for this contact Certificates Digital IDs Uwe Bendisch Default Properties Import Export Remove Uwe Bendisch ev Connect to social networks to show profile photos and activity updates of your colleagues in Outlook Click here to add networks x All Items There are no items to show in this view E Activities bJ Mail O Attachments HH Meetings dp Add _ Status Updates Figure 66 Saving the certificate allocation in Outlook 2010 This concludes the process for integrating the Fraunhofer employee s certificate into Outlook 2010 meaning the certificate can be used for secure e mail communication 4 3 2 Incorporating a Fraunhofer employee s certificate into Microsoft Outlook Version 1 0 Begin by opening a new e mail from the Start tab by clicking New E mail En ter the e mail address of the Fraunhofer employee in the recipient field Right click on this e mail address and
31. ail will list all relevant certificates that are still valid and give you the opportunity to individually select which certificates are to be re voked To permanently revoke a certificate listed in the e mail click on the rele vant link in the e mail or copy it into the address bar in your browser see Figure 89 I I From Fraunhofer Gesellschaft lt no reply pki fraunhofer de gt Sent Fr 20 09 2013 12 191 l To John Do 12345 gmx de cc Subject Link to revoke a certificate PKI for Fraunhofer Contacts Sl Dear Sir or Madam This e mail has automatically been generated by the website http contacts pki fraunhofer de on request It contains a list of all valid certificates of the PKI for Fraunhofer Contacts for your e mail address John Do12345 gmx de In case one of the certificates listed below is no longer required or in order to prevent fraudulent use you may revoke the respective certificate In order to revoke a certificate please select the corresponding link Subsequently you will be redirected to our website to finalize the revocation process In case you received this e mail by mistake or in case you do not want to revoke any of the certificates listed below you do not need to undertake any further actions List of all valid active certificates for the e mail address John Do12345 gmx de Certificate issued for John Doe with serial number 20A5AA0F000000000098 valid from 18 09 2013 until 18 09 2014 Revoke this cer
32. all open dialog windows by clicking OK This concludes the process for configuring your Own personal certificate in Microsoft Outlook 2003 meaning you are now able to send digitally signed e mails and decrypt e mails encrypted for your e mail address Change Security Settings Security Setting Preferences security Settings Name My S MIME Settings John Do12345 gmx de cryptography Format Default Security Setting for this cryptographic message format Default Security Setting for all cryptographic messages Certificates and Algorithms Signing Certificate Johr Do12345 amp gmx de sash Algorithm Encryption Certificate John 0o12345 qmx de ode Arn Send these certificates with signed messages cance Figure 55 Outlook 2003 Configuring a personal certificate 50 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 4 2 2 Incorporating and configuring your own personal certificate in Mozilla Thunderbird If you use Mozilla Thunderbird for your e mail communication then your per sonal certificate must be imported into the Mozilla Thunderbird certificate man ager To import your personal certificate into the Thunderbird certificate manager open the certificate manager via Extras gt Options gt Advanced gt Certifi cates gt View Certificates and open up the Your Certificates tab Click on Import see Figure 56 5 Certificate Manager u y
33. ast name John First name Doe Company DoeTest E mail John D012345 gmx de In case the data is not correct in particular you are not the owner of the indicated e mail address or in case you do not want to obtain a certificate anymore please gt click here to cancel the process I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I The certificate holder confirms by checking the following boxes that he is legally authorized to accept the subsequent terms of use i and the exclusion of liability 1 for herself himself and or 2 on the basis of explicit authorization by his organisation contracting party of the Fraunhofer Gesellschaft Checking a box is considered as acceptance of the subsequent terms of use and the exclusion of liability and obligates both the certificate holder and his her organisation certificate holder and his her organisation are without l differentiation called CERTIFICATE HOLDER in the following i I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I confirm that the personal data given above is correct and in particular that am the owner of the e mail address ndicated above confirm that the conditions of the gt guidelines of the PKI for Fraunhofer Contacts are fulfilled took notice of and ccept th
34. ation e mail Provided there are valid certificates available that were as signed to the e mail address you entered you will receive a message informing you that a list of all valid certificates assigned to the e mail address has been sent out along with the option to revoke them see Figure 87 Revoke a Certificate of the PKI for Fraunhofer Contacts An e mail has been just now successfully dispatched to the address indicated below It contains a list of corresponding valid certificates and provides the opportunity to revoke them on a individual basis E mail address of certificate to be revoked John D0o12345 gmx de Figure 87 Message indicating that the user s request for revocation was successful If this is not the case a message appears informing you that an e mail has not been sent This concludes the process tor requesting a revocation e mail You must now wait for the automatically generated revocation e mail to appear in your inbox before you can revoke the certificate see Figure 88 This e mail will arrive after a short time 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Revoking a personal certificate I From Fraunhofer Gesellschaft lt no reply pki fraunhofer de gt Sent Fr 20 09 2013 12 19 l To John Do12345 gmx de l ce I Subject Link to revoke a certificate PKI for Fraunhofer Contacts gF l Dear Sir or Madam This e mail has automatically been generated by the website http c
35. aunhofer Root CA whose certifcate in turn is issued by Deutsche Telekom Root CA 2 User Manual Search Certificate of a Fraunhofer Employee In case the root certificate of Deutsche Telekom Root CA 2 is already installed on your system there is normally no need Request a Certificate to download and install the certificates provided on this page Revoke a Certificate For further assistance regarding the integration of the root certificate within your e mail application please refer to our gt detailed user guide For Fraunhofer Employees Overview and Login Load Root Certificate Revocation List Deutsche Telekom Root CA 2 The Fraunhofer Root CA has been certified by Deutsche Telekom AG The corresponding root certificate of Deutsche Telekom is already contained in many operating systems applications and browsers If this is not the case e g Mozilla Firefox Thunderbird Contact you may download this certificate below Imprint Daun gt Download root certificate gt Download certificate revocation list General Data Protection Conditions Deutsche Telek Open Link in New Tab Deutsche Telekom Root CA 2 Open Link in New Window Control data for the root certificate Open Link in New Private Window e Distinguished Name CN Deu aaa e Certificate issuer identical 5 e Certificate valid period 08 e SHA 1 Fingerprint 85 A4 08 C Trust Center O Deutsche Telekom AG C DE C DE 37 BF Inspect Element Q I
36. bed in section 4 1 1 1 If the Intermediate Certification Authorities certificates of the PKI for Fraunhofer Employees are to be imported these certificates Fraunhofer Root CA 2007 cer titicate and Fraunhofer User CA 2007 certificate should be imported into the Intermediate Certification Authorities certificate store instead of the Trusted Root Certification Authorities certificate store Apart from this integrating these certificates is done in exactly the same way as the method described in section 4 1 1 1 15 10 2013 35 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 4 1 2 2 Incorporating the PKI for Fraunhofer Employees root certificate certificate chain into the Mozilla Thunderbird certificate manager The method for integrating the PKI for Fraunhofer Employees root certificate Deutsche Telekom Root CA 2 certificate or the Intermediate Certification Au thorities certificates of the PKI for Fraunhofer Employees Fraunhofer Root CA 2007 certificate and Fraunhofer User CA 2007 certificate into the Mozilla Thunderbird certificate manager is exactly the same as the method described in section 4 1 1 2 4 2 Incorporating your own personal certificate into the e mail client 4 2 1 36 This section describes how to incorporate your personal certificate into your e mail client and configure it in order to be able to send digitally signed e mails The process for incorporating and configuri
37. carried out successfully Confirm it by clicking OK see Figure 24 Certificate Export Wizard The export was successful Figure 24 Microsoft certificate export wizard Message informing you that certificate and private key were successfully exported Version 1 0 15 10 2013 2 1 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate from the browser 3 2 Exporting your own personal certificate from Mozilla Firefox Note Regardless of the e mail program you use in combination with Mozilla Firefox secure e mail communication is possible only if personal certificates keys are first exported out of the browser and imported into the respective e mail program The Mozilla Firefox certificate manager can be accessed only from within the browser itself Beyond this it also makes sense to export the certifi cate and private key in order to back them up Open the Mozilla Firefox certificate manager via Extras gt Options gt Ad vanced gt Certificates gt View Certificates see Figure 25 General Tabs Content Applications Privacy Security Sync Advanced When a server requests my personal certificate 9 Select one automatically Ask me every time View Certificates Validation Security Devices Figure 25 Opening the Mozilla Firefox certificate manager 22 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate trom
38. cate Name Security Device TURKTRUST Elektronik Sertifika Hizmet Sa Builtin Object Token 4A Trust Ges f Sicherheitssysteme im elektr A Trust nQual 03 Builtin Object Token View Edit Trus amp gt port Delete or Distrust Figure 36 Screenshot showing the Thunderbird Certificate manager s Certificate authorities This opens a file selection dialog window Navigate to the location where you saved the PKI for Fraunhofer Contacts root certificate and select the root certifi cate that was downloaded previously Confirm the dialog window by clicking Open see Figure 37 15 10 2013 31 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 5 Select File containing CA certificate s to import Ga Computer gt Local Disk C Temp Certificates z 4 Search Certificates Organize v New folder Jr Favorites Date modified Type E Desktop 23 09 2013 11 50 Security Certificate m Downloads Recent Places Libraries Documents a Music Pictures Videos ME Computer hi Network File name fhg contacts root 2011 der Certificate Files crt cert ce v Figure 37 Selecting the PKI for Fraunhofer Contacts root certificate when importing it into the Thunderbird certificate manager Now confirm the purpose for which you would like the certificate to be trusted Ensure that at least the Trust this CA to identify email users option is se
39. cts under the General menu heading This opens an other page Right click on the Download root certificate Certification au thority for Fraunhofer Contacts link and select Save Link As from the con text menu that appears see Figure 30 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Mo 1 i gom Load Root Certificate Revocation List PKI for Fraunhofer Contacts l 1 l 1 F Startpage In order to establish secure communications both external partners and Fraunhofer employees must possess a personal digital Certificate Guidelines for Fraunhofer certificate These certificates are issued by different certification authorities CAs which also hold a certificate of their own For smooth I Cop communication it is necessary that both the communicating partners have available the respective certificate of his her partner and also I hat th h Fri nding CA ifi Therefore it is requir im h I Ar ifi in r e mail l Pen t se z trust the corresponding CA certificates Therefore it is required to import these so called CA root certificates in your e mai PKI for Fraunhofer Contacts N i f Os ERSTEN On this page you may download the root certificate of the PKI for Fraunhofer Contacts Please follow gt this link for downloading the i PKI for Fraunhofer Employees required root certificates of the Fraunhofer PKI I I For Partners For further assistance regardin
40. cts any longer or e an abuse or a compromise of the private key is suspected or has occured In order to avoid that a third party revokes your certificate the revocation is organised in a two stage process Firstly the certificate which is to be revoked must be identified Therefore please provide us below with the e mail address named within the corresponding certificate An e mail will be dispatched to this address containing a special link similar to the process for obtaining a certificate With the help of this link you are then able to revoke your certificate finally In case that several certificates are issued for the indicated e mail address the revocation e mail contains all attached certificates and you have the possibility to select individually the certicates which shall be revoked E mail address of certificate to be revoked For security reasons the date time and your IP address will be logged in the course of requesting the revocation e mail Namely the following data is recorded Date 20 09 2013 Time 12 16 47 Contact Your IP Address 129 26 100 168 Imprint i Please note that any misuse of this form might be prosecuted General Data Protection Conditions Request revocation e mail gt gt Figure 86 Requesting the revocation of a certificate Now enter the e mail address that is assigned to your personal certificate Into the E mail address of certificate to be revoked field Then click Request revoc
41. d for your e mail address 15 10 2013 4 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Change Security Settings Security Setting Preferences Security Settings Name My S MIME Settings ohn Do 12345 gmx de cryptography Fema Default Security Setting for this cryptographic message format Default Security Setting for all oryptographic messages Certificates and Algorithms Signing Certificate John Do 12345 gmx de Hash Algorithm Encryption Certificate John Do12345 qmx de oe Art Send these certificates with signed messages Figure 53 Outlook 2007 Configuring a personal certificate 4 2 1 3 Configuring your own personal certificate in Microsoft Outlook 2003 48 In order to inform Microsoft Outlook 2003 of the personal certificate and pri vate key it should use to sign decrypt e mails you must configure the certificate in the e mail client Begin by opening the Outlook S MIME Options via Extras gt Options Now select the Security tab and click on the Settings button under Encrypted e mail see Figure 54 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Security Encrypted e mail u Encrypt contents and attachments for outgoing messages F Add digital signature to outgoing messages V Send dear text signed message when sending signed messages F Request S MI
42. e gt terms of use and the exclusion of liability confirm that have noticed and accepted the gt data protection conditions will use the certificate for myself personally and or so far as request the certificate as employee freelancer for business use am authorized by my employer customer to use the indicated e mail address in business communication for signing and or encryption as well as to accept on his her behalf the above mentioned terms of use the exclusion of liability and data protection conditions Proceed to key generation gt gt Figure 10 Certificate issuance with Mozilla Firefox user s data check and confirmation of having read the guidelines for issuing certificates etc Now please check your personal information and confirm that it is correct Please also confirm that you acknowledge and comply with the remaining speci fied conditions and disclaimers in particular confirming that you have under stood and will comply with the guidelines for the issuance of certificates of the PKI tor Fraunhofer Contacts Click Proceed to key generation to be presented with a summary of the in formation you have entered and the confirmations you have given see Figure 11 You also have the option to cancel the certificate generating process at this stage Doing so means you will not receive a certificate 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Requesting your own per
43. e mail client you may now have to export it from your browser and import it into your e mail client This process depends on the type of browser and e mail client you use Section 3 1 describes how to export certificates from Internet Explorer and chapter O describes how to use your personal certificate in different e mail clients Note Please be aware that it is not necessary to export a certificate from Inter net Explorer if you intend to use it with an e mail client that also accesses the Microsoft certificate store such as Microsoft Outlook In such cases it is enough to configure the certificate in the e mail client see chapter 0 15 10 2013 9 PKI Contacts PKI for Fraunhofer Contacts Requesting your own personal certificate 2 2 Requesting your own personal certificate with Mozilla Firefox 10 The link contained in the automatically generated e mail takes you to a website that leads you through the certificate application process see Figure 10 Obtain a Free Certificate for the Contact to Fraunhofer Dear Doe John Juergen Baum an employee of Fraunhofer Institute Organisation SIT would like to communicate securely with you using encrypted and or signed e mail and has therefore initiated the issuance of a certficate for you Please check your personal data given below Subsequently a private public key pair is generated within your browser and the public key is transmitted for certification to a Fraunhofer server L
44. ee s certificate Version 1 0 15 10 2013 63 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client The certificate has now been added to the certificate store see Figure 77 and the process to integrate the Fraunhofer employee s certificate into Thunderbird is complete Close the certificate manager by clicking OK The certificate can now be used for secure e mail communication 5 Certificate Manager Certificate Name Expires On E Mail Address UweBendisch 18 02 2018 uwe bendisch sit fraunhofer de Edit Trust Figure 77 Thunderbird certificate manager featuring the Fraunhofer employee s certificate 4 4 Sending digitally signed and or encrypted e mails 64 Signed e mails that you send use your personal certificate and do not require recipients certificates Your e mail client calculates a checksum from the text in your e mail and adds a digital signature to it using your certificate The under lying mathematical process means the recipient is able to verify both the integ rity of the e mail that it was not changed during transmission and the authen ticity of the sender that the e mail is indeed from you Encrypted e mails that you send require the encryption certificates of all recipi ents Using the encryption certificates the message is encrypted in such a way that only the person in possession of the private key that goes with the encryp tion ce
45. employees whose surnames contain the part you searched for Note For reasons of data protection the number of search results shown is limited to three Should the Fraunhofer employee you are searching for not be listed it may be worth refining your search by entering a name part of a name that contains more letters If the search finds a Fraunhofer employee whose name corresponds to the name you entered you will be presented with a window displaying that em ployee s publicly available data as depicted in Figure 2 If this Fraunhofer em ployee is in possession of a digital encryption certificate the details are shown in the section entitled Zertifikat Certificate 15 10 2013 3 PKI Contacts PKI for Fraunhofer Contacts Obtaining a Fraunhofer employee s certificate a Fraunhofer Uwe Bendisch A Institut SIT Standort Sankt Augustin Fax 49 2241 14 4143122 E Mail uwe bendisch sit fraunhofer de Adresse schloss Birlinghoven 53757 Sankt Augustin G ltiges Zertifikai Zur ck zur Suche Figure 2 Results of search for a Fraunhofer employee s certificate To save a valid certificate on your computer click on Download and select the option Save File Now select the folder in which you want to save the certificate and click on Save You can replace or change the suggested filename but please ensure the file extension cer remains unchanged see Figure 3 4 15 10 2013 Version 1 0 Version 1 0 PKI
46. er I nn 2 u Perieen_s t_fraunhofer_de cer Files of type Digital ID Files p c cer Figure 73 Selecting the Fraunhofer employee s certificate Version 1 0 15 10 2013 61 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client The certificate has now been added to the certificate store Now click on Save amp Close see Figure 74 i 8 Uwe Bendisch Contact Co CE x Fil dit View Inset Format Tools Actions Help i led Save and Close 4 DD 2 7 N General Details Activities Certificates AllFields Outlook will use one of these certificates to send encrypted mail to this contact You can get a certificate by receiving digitally signed mail from this contact or by importing a certificate file for this contact Certificates Digital IDs Uwe Bendisch Default Properties Export Remove Uwe Bendisch rg a v Show social network updates in Outlook x s All Items There are no items to show in this view E Activities EJ Mail O Attachments fH Meetings GP Add Status Updates Figure 74 Saving the certificate allocation in Outlook 2003 This concludes the process for integrating the Fraunhofer employee s certificate into Outlook 2003 meaning the certificate can be used for secure e mail communication 4 3 4 Incorporating a Fraunhofer employee s certificate into Mozilla Thunderbird To embed the Fraunhofer empl
47. g digitally signed mail from this contact or by importing a certificate file for this contact Certificates Digital IDs Uwe Bendisch rg wy Connect to social networks to show profile photos and activity updates of your colleagues in Outlook Click here to add networks x GS All Items There are no items to show in this view ri E Activities BJ Mail U Attachments EB Meetings gp Add Status Updates a Figure 64 Importing the Fraunhofer employee s certificate into Outlook 2010 Now go to the directory where you saved the Fraunhofer employee s certificate and select it Click Open see Figure 65 x Overs gt Computer Local Disk C Temp Certificates v 4 Search Certificates P Organize New folder A Date modified T Name ype i ed gt wr Favorites E Cal Uwe Bendisch cer 23 09 2013 14 44 Security Certificate 2 KB E Desktop p Downloads Recent Places Libraries BE Documents a Music Pictures Videos ME Computer tu Network u d File name me Bendisch cer Digital ID Files p7c cer v Figure 65 Selecting the Fraunhofer employee s certificate 56 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client The certificate has now been added to the certificate store Now click on Save amp Close see Figure 66 s3 H
48. g the integration of the root certificate within your e mail application please refer to our l User Manual gt detailed user guide l 1 l Search Certificate of a Fraunhofer gt Download root certificate gt Download certificate revocation list i l Employee Certification authority for Fi Open Link in New Tab Certification authority for Fraunhofer Contacts Request a Certificate Open Link in New Window 1 I a Control data for the root certificate of th Open Link in New Private Window 1 I Revoke a Certificate I l e Distinguished Name CN Fraunhc TE cre raunhofer Contacts O Fraunhofer C de l For Fraunhofer Employees e Certificate issuer identical since s LEO 1 1 x Certificate valid period 28 02 201 Su I Overview and Login e SHA 1 Fingerprint 09 2A D3 31 A Den 5 C3 F4 I r Inspect Element Q l i i 1 l 1 1 Contact i I l Imprint I General Data Protection Conditions l 1 ee en See ae eae ee oe ee ee eee Sees j Figure 30 Downloading the PKI for Fraunhofer Contacts root certificate Now select the file where you wish to save the certificate and click Save see Figure 31 p Enter name of file to save to F di Temp Certificates Organize New folder Mame Date modified z Favorites E Desktop pi Downloads L i Recent Places No items match your search Libraries E Documents a Music Pictures E Videos jE Computer al Hide Folders
49. hange key An application is creating a Protected item Security level set to Medium C Set Security Level gt Figure 45 Adjusting the security level for access to personal private keys at a later point when importing personal certificates into the Microsoft certificate store First you will have to reconfirm that you wish to be prompted to enter a pass word every time you use the private key that goes with your certificate To do so change the private key security level from Medium to High and then exit the dialog window by clicking Next see Figure 46 15 10 2013 41 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client equest my permission with a password when this item is to be used Medium Request my permission when this tem is to be used Figure 46 Changing the security level so that a password is requested whenever the user s private key is accessed at a later point You will now be prompted to set the password that you wish to be asked for whenever the private key is used For security reasons you must enter it twice Complete the dialog window by clicking Finish see Figure 47 Note The password you set at this point will be requested whenever an appli cation needs to access your private key for instance when digitally signing or decrypting e mails It does not have to be the same as the transport password for the key and certificate file that you entered in Figure 43
50. hen it is not necessary to export personal certiticates keys to enjoy secure e mail communica tion Users are however still recommended to make a backup copy of the cer tificate and private key Open the Microsoft certificate store in Internet Explorer by going to Extras gt Internet Options gt Content gt Certificates see Figure 16 Internet Options Fe Use certificates for encrypted connections and identification AAO O O U L Clear SSL state AutoComplete AutoComplete stores previous entries on webpages and suggests matches HTL for vn Figure 16 Opening the Microsoft certificate store in Microsoft Internet Explorer 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate trom the browser Select the certificate you wish to export trom the options listed under the Per sonal tab and click Export see Figure 17 4053 John 0o12345 qm Fraunhofer Contacts 23 09 2014 lt None gt Certificate intended purposes Secure Email Encrypting File System Document Signing Client Authentication Learn more about certificates Figure 17 Selecting the certificate that is to be exported from the Microsoft certificate store This opens the Microsoft certificate export wizard which will take you through the exporting process Click Next see Figure 18 15 10 2013 15 PKI Contacts PKI for Fraunhofer Contacts Expor
51. i fraunhofer de 1 1 Receiving a certificate by e mail In order to obtain a Fraunhofer employee s digital encryption certificate by e mail you need to request that they send you a signed e mail Once the root cer tificates and remaining certificates in the PKI for Fraunhofer Employees certifi cate chain are integrated correctly into your e mail client see chapter 4 1 2 the Fraunhofer employee s certificate will be available for secure communication by e mail You can now answer the Fraunhofer employee s e mail directly with an encrypted e mail Note The root certificate and the corresponding certificates from the PKI for Fraunhofer Employees certificate chain need to be imported only once into your e mail program s certificate store 1 2 Downloading a certificate from the PKI Contacts website If you wish to send an encrypted e mail to a Fraunhofer employee who already has a valid Fraunhofer PKI certificate that you are not yet in possession of then you can obtain this certificate trom https contacts pki fraunhofer de Open the link in your browser and select Search Certificate of a Fraunhofer Employee under the For Partners section of the menu see Figure 1 2 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Obtaining a Fraunhoter employee s certificate Search for Certificate of a Fraunhofer Employee General Startpage In order to establish secure communications with a Fraunhofer emp
52. icate A Your personal certificate has been installed You should keep a backup copy of this certificate Figure 15 Certificate issuance with Mozilla Firefox Confirmation that the certificate was installed successfully Before the certificate can be used in your e mail client it must first be exported out of the browser and into your e mail client This process varies depending on the type of browser or e mail client you use How to export certificates from Mozilla Firefox is described in Section 3 2 How to use personal certificates in different e mail clients is described in Chapter O 15 10 2013 13 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate from the browser 3 Exporting your own personal certificate from the browser This chapter describes how to export personal certificates out of the browser Exporting certificates and the keys that go with them is necessary in order to be able to create local backup copies of the certificates Furthermore some combi nations of browser and e mail client require certificates and private keys to be integrated into the respective e mail client manually The following sections deal with the specifics of various possible combinations 3 1 Exporting your own personal certificate from Microsoft Internet 14 Note If you use Internet Explorer in combination with Microsoft Outlook or any other e mail program that accesses the Microsoft certificate store t
53. icate certificate chain Version 1 0 In order to be able to verity and use Fraunhofer employee certificates you must also trust the certification authority that issued the employee certificates Unlike the PKI for Fraunhofer Contacts the Fraunhoter Gesellschaft s PKI for its em ployees consists of a multi level hierarchy that has the Deutsche Telekom Root CA 2 certificate as root certificate at the very top Note In the great majority of cases the Deutsche Telekom Root CA 2 root cer tificate is pre installed as standard in operating systems browsers and e mail applications This means a separate import process is not usually necessary Per form the import only if you encounter problems when verifying or using Fraun hofer employee certificates In some individual cases it may be necessary to im port the remaining certificates in the Fraunhofer PKI certificate chain in addition to the Deutsche Telekom Root CA 2 root certificate these being the Fraunhofer Root CA 2007 certificate and the Fraunhofer User CA 2007 certificate You can download the PKI for Fraunhofer Employees root certificate and the remaining certificates of the corresponding certificate chain trom the https contacts pki fraunhofer de page Do so by clicking Load Root Certificate 15 10 2013 33 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 34 Revocation List PKI for Fraunhofer Employees under the General men
54. ing it into the Microsoft certificate store When you created and saved the certificate you will have set a password for the private key to prevent unauthorized access Enter that password now Select the Mark this key as exportable option and if applicable the Enable strong private key protection option in addition to the Include all extended prop erties option that is preselected by default see Figure 43 By selecting Mark this key as exportable you ensure that your certificate and private key can be exported again later Now click on Next 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Certificate Import Wizard Nord To maintain security the private key was protected with a password Type the password for the private key jark this key as exportable This will allow you to back up or transport your teys at a later time Indude all extended properties Learn more about protecting private keys Figure 43 Entering the password and setting the import options when importing a personal certificate into the Microsoft certificate store In the next dialog box accept the default settings and confirm by clicking Next see Figure 44 15 10 2013 39 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Certificate Import Wizard Certificate Store Certificate stores are system areas where certificates a
55. ing the PKI for Fraunhofer Employees root certificate certificate chain into the Microsoft certificate Store 35 4 1 2 2 Incorporating the PKI for Fraunhofer Employees root certificate Version 1 0 certificate chain into the Mozilla Thunderbird certificate manager 36 15 10 2013 PKI Contacts PKI for Fraunhofer Contacts Contents 4 2 4 2 1 4 2 1 1 4 2 1 2 4 2 1 3 4 2 2 4 3 4 3 1 4 3 2 4 3 3 4 3 4 4 4 4 4 1 4 4 2 4 4 5 4 4 4 5 1 5 2 Incorporating your own personal certificate into the e mail client 36 Incorporating your own personal certificate into the Microsoft CECE O O as ENEA 36 Configuring your own personal certificate in Microsoft Outlook 2 OVO a E EEN AE T extant EA N EEEE E A ENEA 44 Configuring your own personal certificate in Microsoft Outlook OD Pe ee ee en 46 Configuring your own personal certificate in Microsoft Outlook 200 8 RER RI EEE NEE REES peas NER ERNR EEE IRRRER EEE HERNE ECREER EHRUN RERERERR EEHEUNTR 48 Incorporating and configuring your own personal certificate in MOZILLA NUNGO O anreisen 51 Incorporating a Fraunhofer employee s certificate into the e mail ET ee E 54 Incorporating a Fraunhofer employee s certificate into Microsoft OUOOR ZT On ee ee eta ere 55 Incorporating a Fraunhofer employee s certificate into Microsoft OULSOR ZOO Taar ee aa ee 57 Incorporating a Fraunhofer employee s certificate into Microsoft O
56. is set up as a two stage process First the certificate that is to be revoked must be identitied Please do so by providing us with the e mail address named in the certificate An e mail will be dispatched to this address containing a special link similar to the process for obtaining a certificate This link then enables you to revoke the certificate yourself 5 1 Requesting the revocation of a personal certificate by e mail Please go to https contacts pki fraunhoter de and select Revoke a Certificate in the For Partners section of the menu see Figure 86 Version 1 0 15 10 2013 69 PKI Contacts PKI for Fraunhofer Contacts Revoking a personal certificate 70 General Startpage Certificate Guidelines for Fraunhofer Contacts L oad Root Certificate Revocation List PKI for Fraunhofer Contacts Load Root Certificate Revocation List PKI for Fraunhofer Employees For Partners User Manual Search Certificate of a Fraunhofer Employee Revoke a Certificate of the PKI for Fraunhofer Contacts If you already possess a certificate of the certification authority for Fraunhofer contacts you can revoke your certificate with the help of this webpage A revocation is for example necessary if e your e mail address has or will change e you do not want to use the certificate for secure communication within a Fraunhofer related context anymore e you do not accept and or fulfil the guidelines of the PKI for Fraunhofer conta
57. lected and close the dialog window by clicking OK after you have made sure that the certificate s SHA1 fingerprint precisely matches the root certificate fingerprint given on the website see Figure 38 To see the fingerprint for the certificate that is to be imported please click View The SHA1 fingerprint is shown at the bottom of the General tab All the characters letters and digits must be abso lutely identical to the fingerprint key given on the website 32 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Downloading Certificate You have been asked to trust a new Certificate Authority CA Do you want to trust Fraunhofer Contacts Root CA 2011 for the following purposes Trust this CA to identify websites Just this CA to identify email users Trust this CA to identify software developers Before trusting this CA for any purpose you should examine its certificate and its policy and procedures if available a mine CA certificate Figure 38 Selecting the trust settings for the PKI for Fraunhofer Contacts root certificate when importing it into Mozilla Thunderbird Cancel The PKI for Fraunhofer Contacts root certificate is now available in the certifi cate manager and can now be used by Mozilla Thunderbird to verify user cer tificates from the PKI for Fraunhofer Contacts 4 1 2 Integrating the PKI for Fraunhofer Employees root certif
58. loyee the message must be Certificate Guidelines for Fraunhofer encrypted with the help of his her encryption certificate In case the certificate in question is not Contacts already installed on your local system this page offers the possibility to retrieve the employee s Load Root Certificate Revocation List certificate from the central Fraunhofer directory PKI for Fraunhofer Contacts If this is the first time you d like to exchange encrypted messages with a Fraunhofer employee it Load Root Certificate Revocation List might be required to gt download the root certificate of the PKI for Fraunhofer Employees at PKI for Fraunhofer Employees first please refer to our gt detailed user guide Search for Certificate of a Fraunhofer p Search certificate Employee name Start search gt gt Employee Revoke a Certificate For Fraunhofer Employees I I I I I I I I I I I I I I I I I I I I I I I I l For Partners For further assistance regarding the integration of certificates within your e mail application 1 I I I I I I I I I I I I I I I I I l I i Overview and Login I I Figure 1 Screen with search field for looking up certificates of Fraunhofer employees Enter the surname of the Fraunhofer employee whose certificate you wish to obtain and click on Start search Note You do not have to enter the whole name Entering part of the name will produce a list of Fraunhofer
59. ng personal certificates in your e mail client varies depending on the e mail client you use For this reason this section describes the process for applications that access the Microsoft certifi cate store such as Microsoft Outlook as well as for applications that use their own certificate store such as Mozilla Thunderbird Incorporating your own personal certificate into the Microsoft certificate If you use Microsoft Outlook for your e mail communication then your personal certificate must be imported into the Microsoft certificate store that the differ ent versions of Microsoft Outlook also access Note If you used Internet Explorer to request your own certificate on your sys tem there is no need to incorporate your personal certificate into the Microsoft certificate store It will already have been added as part of the request process see section 2 1 In this case it is necessary only to configure the certificate for instance in Microsoft Outlook The method for doing so is described in sections AD Do so by opening the Microsoft certificate store via Start gt Control Panel gt Network and Internet gt Internet Options gt Content gt Certificates and opening up the Personal tab Click on Import see Figure 41 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Certificates Intended purpose lt All gt LS Ci Personal ther People Intermediate Cer
60. ofer the Fraunhofer Gesellschaft or rather its Public Key Infrastructures Competence Center to be precise runs its own public key infrastructure PKI that is completely separate from the PKI for Fraunhoter Employees It is called PKI Contacts PKI for Fraunhofer Contacts and issues certificates to external communications partners of Fraunhofer employees You can use certificates issued to you to create signed e mails too Recipients of such e mails can be certain that the message is actually from you and that it was not modified during transmission Please note that PKI Contacts can issue certificates only when prompted to do so by a Fraunhofer Gesellschaft employee Note Unless otherwise indicated the screenshots contained in this manual were created using Mozilla Firefox and Thunderbird version 24 in Windows 7 The appearance of individual dialog windows may differ depending on the op erating system or browser used Internal browser processes may also vary slightly from product to product particularly when it comes to selecting certifi cates or entering smartcard PINs 15 10 2013 1 PKI Contacts PKI for Fraunhofer Contacts Obtaining a Fraunhofer employee s certificate 1 Obtaining a Fraunhofer employee s certificate In order to send a Fraunhofer employee an encrypted e mail you need his her digital encryption certificate You can receive this certificate by e mail or down load it from this website https contacts pk
61. onfirming the selection of a certificate that is to be revoked You will now receive a message informing you that the revocation was carried out and that a new revocation list will be published shortly see Figure 91 You will also receive an automatic e mail informing you that the revocation has taken place see Figure 92 This successfully concludes the revocation process Note The revocation list containing the serial number of the certificate that has been revoked will appear on the PKI for Fraunhofer Contacts website no later than 30 minutes after a successful revocation 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Revoking a personal certificate Revoke a Certificate of the PKI for Fraunhofer Contacts Your certificate has been successfully revoked A new certificate revocation list will be issued shortly comprising also your certificate This confirmation has just now also been sent to you per e mail I I From Fraunhofer Gesellschaft lt no reply pki fraunhofer de gt Sent Fr 20 09 2013 12 29 l To John Do12345 gmx de l Cc I Subject Confirmation of a certificate revocation PKI for Fraunhofer Contacts Dear Doe John Your certificate for the e mail address John Do12345 gmx de has been revoked on your demand In detail the following certificate is affected I I I I I I I i l Certificate issued for Doe John with serial number 13CC996500000000009A l valid from 20 09
62. ontacts pki fraunhofer de on request It contains a list of all valid certificates of the PKI for Fraunhofer Contacts for your e mail address John Do12345 gmx de In case one of the certificates listed below is no longer required or in order to prevent fraudulent use you may revoke the respective certificate In order to revoke a certificate please select the corresponding link Subsequently you will be redirected to our website to finalize the revocation process List of all valid active certificates for the e mail address John D012345 gmx de Certificate issued for John Doe with serial number 20A5AA0F000000000098 valid from 18 09 2013 until 18 09 2014 Revoke this certificate Certificate issued for Doe John with serial number 13CC996500000000009A valid from 20 09 2013 until 20 09 2014 Revoke this certificate Kind regards I I I I I I I I I I I I I I I I I I I I I I I In case you received this e mail by mistake or in case you do not want to revoke any of the certificates listed below you do not need to undertake any further actions I I I I I I I I I I I I I I I I I I I I I Fraunhofer Competence Center PKI I Figure 88 Example of a revocation e mail for revoking a certificate 5 2 Permanently revoking a personal certificate using the revocation e mail Version 1 0 In instances where several certificates have been issued for the e mail address given the revocation e m
63. oyee s certificate into Mozilla Thunderbird begin by opening the certificate manager found under Extras gt Options gt Ad vanced gt Certificates gt View Certificates and open up the People tab Click on Import see Figure 75 62 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Cerificate Manager eres ee Your Certificates People Servers Authorities You hawe certificates on file that identify these people Certificate Name xpires E Mail Address View View Edit Trust iror I Export Exporte Delete Figure 75 Importing a Fraunhofer employee s certificate into Mozilla Thunderbird Now go to the directory where you saved the Fraunhofer employee s certificate and select it Click Open see Figure 76 WERTE ee a eas ee eee ae a eae d PROPOR LU u iia l J e Snr Computer Local Disk C Temp Certificates v 4 Search Certificates p Organize New folder v 1 r T Name Date modified Type Size HE Desktop mo DT Root CA 2 der 23 09 2013 12 36 Security Certificate 8 Downloads 23 09 2013 11 50 Security Certificate T Recent Places ee Ure Bendisch cer_ Bendisch cer 23 09 2013 14 44 Security Certificate Libraries BE Documents a Music Pictures F Videos ME Computer u Network Filename Uwe Bendisch cer Certificate Files crt cert ce v Figure 76 Selecting the Fraunhofer employ
64. plain text Read all digitally signed mail in plain text Script in Folders Allow script in shared folders Allow script in Public Folders Cancel Figure 50 Outlook 2010 Trust Center This opens the Change Security Settings dialog window see Figure 51 If applicable change the name entered under Security Settings Name to one that matches your requirements and click on the uppermost Choose button to set the signing certificate You will be presented with a list of all certificates that have a digital signature function and for which you have a private key as a general rule there is only one certificate of this kind available on your system Select your own PKI for Fraunhofer Contacts personal certificate This certificate will also automatically be entered as an encryption certificate as it also has an encryption function Now close all open dialog windows by clicking OK This concludes the process for configuring your own personal certificate in Mi crosoft Outlook 2010 meaning you are now able to send digitally signed e mails and decrypt e mails encrypted for your e mail address 15 10 2013 45 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Security Setting Preferences MIME Settings John Bo12345i qmx de Cryptography Format 5 MIME Default Security Setting for this cryptographic message format Default Security Setting for all cryptographic messages
65. r Contacts Contents Contents INEOAUCHON ai a en 1 1 Obtaining a Fraunhofer employee s certificate 2 1 1 Receiving a certificate by e Mall oo cece cess eeeeecceeceeeeeeeeeeeeeeeeeeeeaeens 2 1 2 Downloading a certificate from the PKI Contacts website 2 2 Requesting your own personal certificate uuz22ususn20 6 2 1 Requesting your own personal certificate with Microsoft Internet 4 0 0 6 ee a ann ee es 7 2 2 Requesting your own personal certificate with Mozilla Firefox 10 3 Exporting your own personal certificate from the DF OW SOM ee 14 3 1 Exporting your own personal certificate from Microsoft Internet 3 40 0 I ee EER eee Tener TERE UPSET Creo ee er E eT eee ete 14 3 2 Exporting your own personal certificate from Mozilla Firefox 22 4 Using certificates within an e mail client 2 2 26 4 1 Preparing the e mail client to use certificates nnn 26 4 1 1 Integrating the PKI for Fraunhofer Contacts root certificate 26 4 1 1 1 Incorporating the PKI for Fraunhofer Contacts root certificate into the Microso lt erlilicate Sto E rese ee 28 4 1 1 2 Incorporating the PKI for Fraunhofer Contacts root certificate into the Mozilla Thunderbird certificate Manager n 31 4 1 2 Integrating the PKI for Fraunhofer Employees root certificate PUCE C Eaa A Me SRE Rc Penn Oe eto 33 4 1 2 1 Incorporat
66. rd py amp r Notes Actions Show Communicate Options Proofing OneNote Outlook will use one of these certificates to send encrypted mail to this contact You can get a certificate by receiving digitally signed mail from this contact or by importing a certificate file for this contact Certificates Digital IDs Propertie Figure 68 Importing the Fraunhofer employee s certificate into Outlook 2007 Now go to the directory where you saved the Fraunhofer employee s certificate and select it Click Open see Figure 69 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client mx JON Computer Local Disk C Temp Certificates v 4 Search Certificates pP Organize v New folder gz Gl Name Date modified Type Size Favorites x amp Uwe Bendisch cer 23 09 2013 14 44 Security Certificate BU Desktop t Bb Downloads Recent Places Libraries BE Documents a Music Pictures Videos ME Computer hi Network np File name Uwe Bendisch cer Figure 69 Selecting the Fraunhofer employee s certificate The certificate has now been added to the certificate store Now click on Save amp Close see Figure 70 fy BH Ues gt ass bendisch Aa ba ics OE te 7B en rag Proofing OneNote General Details 3 E mail Meeting Call Business Picture Categorize Follow g All Fields Y D Map Card r Y Up v Sho
67. re kept Windows can automatically select a certificate store or you can spedfy a location for the certificate Automatically select the certificate store based on the type of certificate Place all certificates in the following store Certificate store Learn more about certificate stores Figure 44 Selecting the certificate store to use when importing personal certificates into the Microsoft certificate store You will now be presented with the Completing the certificate import Wiz ard dialog window summarizing the settings you have specified By clicking Finish you give the final authorization for your personal certificate to be incor porated into the Microsoft certificate store If you have selected the Enable strong protection for the private key option see Figure 43 you will now be prompted to issue a password for instances when the private key Is used in fu ture A series of dialog windows will assist you with this process You will have to enter this password later for instance every time you sign or decrypt an e mail Do this by first selecting Set Security Level as shown in the dialog window in Figure 45 Note If you have not selected the Enable strong private key protection op tion see Figure 43 the four dialog windows shown below are not relevant AO 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Importing a new private exc
68. rtificate can read it This guarantees confidentiality It therefore follows that to send a signed and encrypted e mail you require both your own personal certificate sender s certificate and the certificates of all the recipients of the e mail 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client The dialog windows and the steps in the process for sending signed and or en crypted e mails vary slightly depending on the e mail client you use For this rea son the following subsections describe the process for different versions of Mi crosoft Outlook and Mozilla Thunderbird 4 4 1 Sending digitally signed and or encrypted e mails using Microsoft Outlook 2010 Create a new e mail You have the option to digitally sign the e mail when composing it by clicking on the Sign symbol in the Options tab see Figure 78 al Wo S Untitled Message HTML Message Insert oven Text Review Ba Colors s EEK gt pO n 5 Aa er Encrypt Request a Delivery Receipt um er Bee Al ae SS Ee ag Encryp I q ry p P Themes Bcc From Permissi Use Voting 7 Request a Read Receipt Save Sent Delay Direct r Effects v r Buttons Item To r Delivery Replies To Themes Show Fields Permission Tracking More Options In uwe bendisch sit fraunhofer de u Ce Send Subject This is a signed E Mail Figure 78 Adding a digital signature to an e mail in Outlook 2010 To
69. sked whether you also wish to use this certificate to decrypt e mails Contirm this by clicking Yes see Figure 62 Thunderbird You should also specify a certificate for other people to use when they send you encrypted messages Do you want to use the same certificate to encrypt amp decrypt messages sent to you CD Figure 62 Mozilla Thunderbird Setting up a signing certificate Now close all open dialog windows by clicking OK This concludes the process for configuring your own personal certificate in Mozilla Thunderbird meaning you are now able to send digitally signed e mails and decrypt e mails encrypted for your e mail address 4 3 Incorporating a Fraunhofer employee s certificate into the e mail client Note As a general rule it is not necessary to incorporate a Fraunhofer em ployee s certificate into the e mail client as this happens automatically as soon as you receive and reply to a signed e mail from a Fraunhofer employee If you have come by the certificate another way you can Import it into various e mail clients as described in the following subsections 54 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 4 3 1 Incorporating a Fraunhofer employee s certificate into Microsoft Outlook 2010 Begin by opening a new e mail from the Start tab by clicking New E mail En ter the e mail address of the Fraunhofer employee in the recipient field Right
70. soft certificate export wizard Entering the transport password for the backup certificate Now click on Browse and select a location in which to save the certificate Give the certificate and key file names that aptly describe the content click Save and confirm the remaining dialog by clicking Next see Figure 22 Version 1 0 15 10 2013 19 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate from the browser Organize New folder Downloads Name Date modified WE Recent Places No items match your search Libraries BE Documents a Music Pictures F Videos E Computer la Hide Folders Figure 22 Microsoft certificate export wizard Selecting where to save the backup certificate The Certificate Export Wizard now presents you with another summary of the settings you have chosen Click on Finish to execute and complete the export process see Figure 23 20 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate from the browser Certificate Export Wizard Completing the Certificate Export Wizard You have successfully completed the Certificate Export wizard You have spedfied the following settings Export Keys Yes Indude all certificates in the certification path No File Format Personi Figure 23 Microsoft certificate export wizard Finishing the wizard A message will appear to confirm that the export was
71. sonal certificate Obtain a Free Certificate for the Contact to Fraunhofer In the following the data relevant for the issuance of your certificate is summarised The private public key pair respectively certificate will be provided for Last name John First name Doe Company DoeTest E mail John Do12345 gmx de You have confirmed that e the personal data given above is correct and in particular that you are the owner of the indicated e mail address e the conditions of the gt guidelines of the PKI for Fraunhofer Contacts including the gt terms of use and the exclusion of liability are fulfilled and accepted e you have noticed and accepted the gt data protection conditions and e you will use the certificate for yourself personally and or so far you request the certificate as employee freelancer for business use you are authorized by your employer customer to use the indicated e mail address in business communication for signing and or encryption as well as to accept on his her behalf the above mentioned terms of use the exclusion of liability and data protection conditions Please gt click here to cancel the process As a consequence of this you do not obtain a certificate Figure 11 Issuing certificates with Mozilla Firefox summary of information entered by the user and the confirmations they have given Click on Start key generation to generate a cryptographic key pair in your browser and to transmit the public key
72. ss 7 Import Export Get a Digital ID Read as Plain Text Read all standard mail in plain text Read all digitally signed mail in plain text Script in Folders Allow script in shared folders Allow script in Public Folders in Figure 52 Outlook 2007 Trust center This opens the Change Security Settings dialog window see Figure 53 Change or set the name entered under Security Settings Name to one that matches your requirements If necessary and click on the uppermost Choose button to set the signing certificate You will be presented with a list of all cer tificates that have a digital signature function and for which you have a pri vate key as a general rule there is only one certificate of this kind available on your system Select your own PKI for Fraunhofer Contacts personal certificate This certificate will also automatically be entered as an encryption certificate as it also has an encryption function Unless already selected by Outlook as a de fault setting select the options Default Security Setting for this crypto graphic message format Default Security Setting for all cryptographic messages and Send these certificates with signed messages Now close all open dialog windows by clicking OK This concludes the process for configuring your own personal certificate in Mi crosoft Outlook 2007 meaning you are now able to send digitally signed e mails and decrypt e mails encrypte
73. stall your certificate Figure 8 Issuing certificates with Internet Explorer confirmation that the certificate was successfully issued Internet Explorer uses the same caution message as shown in Figure 7 to warn you of the potential security risk that installing the certificate poses Please confirm the security prompt by clicking Yes You will now receive a message informing you that the certificate has been successfully installed in your browser see Figure 9 Obtain a Free Certificate for the Contact to Fraunhofer The certificate has successfully been issued Please click on the link given below in order to install the certificate within your browser Afterwards you also should import unless already done the gt root certificate of the Fraunhofer Contacts PKI I I I I I I I I I I I I I I Note Fraunhofer does not maintain backup copies of the private key generated just now If you delete your certificate private key any e mails or documents encrypted for this key cannot be read any more Therefore it is strongly recommended that you create a I I I I I I I I I I I I I I I I I I I I I I backup copy of your key pair and that you keep it in a safe place and or that you to take precautions with your organisation for a key recovery Figure 9 Issuing certificates with Internet Explorer confirmation that the certificate has been installed In order to be able to use the certificate in your
74. t this certificate backup Figure 58 Entering the password for your PKI for Fraunhofer Contacts personal certificate when importing it into the Thunderbird certificate manager Once your certificate and private key have been successfully imported you will receive a confirmation message see Figure 59 Click on OK This concludes the process for importing your own personal certificate into Mozilla Thunderbird meaning you can now configure the certificate for secure e mail communication to then be able to sign and decrypt e mails 52 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Alert Figure 59 Personal certificate and private key have been successfully imported into the Thunderbird certificate manager Begin by opening S MIME Security via Extras gt Account Settings gt Secu rity see Figure 60 Click on the uppermost Select button to set the signing certificate Account Settings 4 John Do12345 gmx de Server Settings Copies amp Folders Composition amp Addressing Junk Settings Synchronization amp Storage Return Receipts Security 4 Local Folders Junk Settings Disk Space Outgoing Server SMTP Account Actions To send and receme signed or encrypted messages you should specify both a digital signing certificate and an encryption certificate Digital Signing Use this certificate to digitally sign messages you send
75. the PKI for Fraunhofer Contacts including the gt terms of use and the exclusion of liability are fulfilled and accepted you have noticed and accepted the gt data protection conditions and you will use the certificate for yourself personally and or so far you request the certificate as employee freelancer for business use you are authorized by your employer customer to use the indicated e mail address in business communication for signing and or encryption as well as to accept on his her behalf the above mentioned terms of use the exclusion of liability and data protection conditions Please gt click here to cancel the process As a consequence of this you do not obtain a certificate Start key generation gt gt Figure 6 Issuing certificates with Internet Explorer summary of information entered by the user and the confirmations they have given Click on Start key generation to generate a cryptographic key pair in your browser and to transmit the public key to the web server that will use it to cre ate your certificate As this is a security sensitive process Internet Explorer issues a caution warning you of the security risks involved and asks you to contirm that you wish to proceed see Figure 7 Please confirm the security prompt by clicking Yes and wait for a moment until the keys have been generated Web Access Confirmation This Web site is attempting to perform a digital certificate operation on A your behalf https contac
76. tificate Figure 89 Selecting a certificate you wish to revoke from the list provided in the revocation e mail The link takes you to a special PKI Contacts web page that will lead you through the certificate revocation process see Figure 90 Read through the text on the web page carefully making sure you understand that 15 10 2013 71 PKI Contacts PKI for Fraunhofer Contacts Revoking a personal certificate 72 e regardless of whether the revocation takes place you should not de stroy the private key that goes with the certificate as without it you will be unable to read i e decrypt e mails that were encrypted for you using the certificate in question For this reason you should if applicable retain a backup copy of your certificate along with its private key and keep it in a safe place such as an external hard drive Alternatively both certifi cate and private key are still available in the certificate store of the browser you used to request the certificate in the first place You can use the method described in Chapter 3 to export it from here e it is not possible to undo a revocation If you realize after revoking a certificate that you need it after all you will have to request a new dit ferent certificate To revoke the certificate in question please check the tick box by the selected certificate entry and click Revoke certificate see Figure 90 Revoke a Certificate of the PKI for Fraunhofer Contacts
77. tificate msued by this CA Installing a certificate with an unconfirmed thumbprint is a security risk If you click Yes you acknowledge this risk Do you want to install this certificate Figure 34 Security warning when importing the PKI for Fraunhofer Contacts root certificate into the Microsoft certificate store A message will appear to confirm that the import was carried out successfully Close the window by clicking OK see Figure 35 Figure 35 Importing the PKI for Fraunhofer Contacts root certificate into the Microsoft certificate store was successful 30 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 4 1 1 2 Incorporating the PKI for Fraunhofer Contacts root certificate into the Mozilla Thunderbird certificate manager Version 1 0 If you use Mozilla Thunderbird for your e mail communication then the PKI for Fraunhoter Contacts root certificate must be imported into the Mozilla Thun derbird certificate manager Note Mozilla Firefox and Mozilla Thunderbird each use their own certificate managers To import the root certificate into the Thunderbird certificate manager open the certificate manager via Extras gt Options gt Advanced gt Certificates gt View Certificates and open up the Authorities tab Click on Import see Figure 36 5 Certificate Manager You have certificates on file that identify these certificate authorities Certifi
78. tificates within an e mail client 4 Using certificates within an e mail client This section describes how to use your own personal certificate to communicate securely with a Fraunhofer employee To do you will first have to integrate both the root certificate of the PKI for Fraunhofer Contacts and your own certificate into your e mail client application A further requirement for setting up encrypted communication with a Fraunho fer employee is that you integrate their encryption certificate in your e mail cli ent In exceptional cases it may also be necessary to integrate the root certifi cate that is to say the PKI for Fraunhofer Employees certificate chain into the e mail client as well Instructions on how to proceed in such instances are also in cluded in this section 4 1 Preparing the e mail client to use certificates 4 1 1 26 Different e mail clients have to be prepared in different ways so you must follow the instructions applicable to the kind of e mail client you use This section describes the process for applications that access the Microsoft certificate store such as Microsoft Outlook as well as for applications that use their own certificate store such as Mozilla Thunderbird Integrating the PKI for Fraunhofer Contacts root certificate First download the root certificate from the website at https contacts pki fraunhofer de Do so by clicking Load Root Certificate Revocation List PKI for Fraunhofer Conta
79. tification Authorities Trusted Root Certification re Di Export REMOVE Certificate intended purposes Learn more about certificates Figure 41 Screenshot showing Personal Certificates in the Microsoft certificate store This opens the certificate import wizard Confirm the first window by clicking Next Now click the Browse button and select your certificate Confirm the di alog window by clicking Open and then on Next see Figure 42 Note To make sure your personal certificate is shown in the selection dialog window you must change the filter that determines the file types shown from x 509 Certificate cer crt to Personal Information Exchange pfx p12 Only then will you also be able to see files containing a corre sponding private key as well as a certificate Version 1 0 15 10 2013 37 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 38 4 gt Certificate Import Wizard File to Import Specdify the file you want to import File name Organize New folder 6 17 UY Favorites Name Date modified Type Desktop 34 John Do pfx 7309201314 21 Personal Infor a Downloads Recent Places Libraries Documents al Music E Pictures E Videos JE Computer th Network 4 File name John Do pfx gt Cancel Figure 42 Selecting your personal certificate when import
80. ting your own personal certificate from the browser Certificate Export Wizard Welcome to the Certificate Export Wizard l This wizard helps you copy certificates certificate trust E lists and certificate revocation lists from a certificate 7 store to your disk A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue dick Next Figure 18 Microsoft certificate export wizard Select the option Yes export the private key in the dialog window that fol lows and confirm by clicking Next see Figure 19 16 15 10 2013 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Exporting your own personal certificate from the browser Certificate Export Wizard You can choose to export the private key with the certificate Private keys are password protected If you want to export the private key with the certificate you must type a password on a later page C No do not export the Learn more about exporting private keys Figure 19 Microsoft certificate export wizard Selecting the option for exporting the private key You do not need to make any changes in the dialog windows that follow and can simply click Next see Figure 20 Version 1 0 15 10 2013 17 PKI Contacts PKI for Fraunhofer Contacts
81. tings Security setting for this message Classification Figure 82 Adding a digital signature to an e mail in Outlook 2003 To encrypt the e mail select the Encrypt message contents and attach ments option under the Security tab found under File gt Properties for the e mail see Figure 83 ais is a signed E Mail Message HTML F ee _ Send this message as dear text signed Request S MIME receipt for this message Security settings Security setting for this message Security label Policy module lt None gt Configure Classification o nn x came Am Figure 83 Encrypting an e mail Outlook 2003 15 10 2013 6 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client 4 4 4 Sending digitally signed and or encrypted e mails using Mozilla Thunderbird Create a new e mail You have the option to digitally sign the e mail when composing it by selecting the Digitally Sign This Message option under the Security header in the message Menu see Figure 84 Open the S MIME op tions by clicking on the little arrow next to the menu item i j a _ Write no subject File Edit View Insert Format Options Tools Help 8 Send Spelling U Attach CE Security FFF save x From John Do lt John Do1234 E KY Digitally Sign This Message v To amp uwe bendisch sit View Security Info Subject Body Text
82. to the Microsoft certificate store Figure 49 Personal certificate and private key have been successfully imported into the Microsoft certificate store 4 2 1 1 Configuring your own personal certificate in Microsoft Outlook 2010 In order to inform Microsoft Outlook 2010 of the personal certificate and pri vate key it should use to sign decrypt e mails you must first configure the cer tificate in the e mail client 44 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client Begin by opening the Trust Center via File gt Options gt Trust Center gt Trust Center Settings gt E mail Security Now click on the Settings but ton under Encrypted e mail see Figure 50 Trust Center g x Trusted Publishers Encrypted e mail DEP Settings i Ba Encrypt contents and attachments for outgoing messages tJ Privacy Options v Add digital signature to outgoing messages E mail Security 4 Send clear text signed message when sending signed messages Request S MIME receipt for all S MIME signed messages Attach t Handli achment Handling Default Setting Automatic Download Digital IDs Certificates Macro Settings Digital IDs or Certificates are documents that allow you to prove your identity in electronic transactions Programmatic Access Import Export Get a Digital ID Read as Plain Text Read all standard mail in
83. ts pki fraunhoter de partner handleCertRequest asp You should only allow known Web sites to perform digital certificate operations on your behalf Do you want to allow this operation C vs Dow ee Figure 7 Issuing certificates with Internet Explorer security prompt as part of key generation process Once keys and certificate have been generated you will receive a message that the certificate is ready to be installed To do so click on the link Install your 8 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Requesting your own personal certificate certificate see Figure 8 This installs the certificate in the Internet Explorer certificate store Microsoft certificate store Obtain a Free Certificate for the Contact to Fraunhofer The certificate has successfully been issued Please click on the link given below in order to install the certificate within your browser Afterwards you also should import unless already done the gt root certificate of the Fraunhofer Contacts PKI Note Fraunhofer does not maintain backup copies of the private key generated just now If you delete your certificate private key any e mails or documents encrypted for this key cannot be read any more Therefore it is strongly recommended that you create a backup copy of your key pair and that you keep it in a safe place and or that you to take precautions with your organisation for a key recovery 1 G In
84. u heading This opens another page Right click on the Download Root Certifi cate Deutsche Telekom Root CA 2 link and select Save Link As trom the context menu that appears see Figure 39 Gans Load Root Certificate Revocation List PKI for Fraunhofer Employees Startpage In order to establish secure communications both external partners and Fraunhofer employees must possess a personal digital Contacts smooth communication it is necessary that both the communicating partners have available the respective certificate of his her partner and also that they trust the corresponding CA certificates Therefore it is required to import these so called CA root Root Certificate Revocation List i f u certificates in your e mail application I I I I I I IB Certificate Guidelines for Fraunhofer certificate These certificates are issued by different certification authorities CAs which also hold a certificate of their own For I I I I I I I Load Root Certificate Revocation List b PKI for Fraunhofer Employees On this page you may download the root certificates of the PKI for Fraunhofer Employees Please follow gt this link for downloading the required root certificate of the PKI for Fraunhofer Contacts For Partners The PKI for Fraunhofer Employees has been established by a three tier public key infrastructure User certificates of Fraunhofer employees are issued by the Fraunhofer User CA This CA is certified by the Fr
85. ve a message informing you that you can now install the certificate Click on the Install your certificate link see Figure 14 This process installs the certificate in the Firefox certificate store Obtain a Free Certificate for the Contact to Fraunhofer The certificate has successfully been issued Please click on the link given below in order to install the certificate within your browser Afterwards you also should import unless already done the gt root certificate of the Fraunhofer Contacts PKI Note Fraunhofer does not maintain backup copies of the private key generated just now If you delete your certificate private key any e mails or documents encrypted for this key cannot be read any more Therefore it is strongly recommended that you create a backup copy of your key pair and that you keep it in a safe place and or that you to take precautions with your organisation for a key recovery Or y gt X gt Install your certificate Figure 14 Certificate issuance with Mozilla Firefox Confirmation that the certificate was issued successfully Mozilla Firefox generates a separate window to notify you that installation of the certificate was successful see Figure 15 The system will issue an explicit re minder suggesting that you save a backup copy of the certificate Confirm this suggestion with OK 15 10 2013 Version 1 0 Version 1 0 PKI Contacts PKI for Fraunhofer Contacts Requesting your own personal certif
86. w Communicate Options Outlook will use one of these certificates to send encrypted mail to this contact You can get a certificate by receiving digitally signed mail from this contact or by importing a certificate file for this contact Certificates Digital IDs disch Default Set as Default Figure 70 Saving the certificate allocation in Outlook 2007 Version 1 0 15 10 2013 59 PKI Contacts PKI for Fraunhofer Contacts Using certificates within an e mail client This concludes the process for integrating the Fraunhofer employee s certificate into Outlook 2007 meaning the certificate can be used for secure e mail communication 4 3 3 Incorporating a Fraunhofer employee s certificate into Microsoft Outlook 2003 Begin by opening a new e mail from the Start tab by clicking New E mail En ter the e mail address of the Fraunhofer employee in the recipient field Right click on this e mail address and select Add to Outlook Contacts from the context window see Figure 71 Note If the Fraunhofer employee is already saved in your list of contacts select Look Up Outlook Contact and open their contact details 3 Untitled Message HTML Cole i File Edit View Insert Format Tools Actions Help a Send id 4a 0 2 3 amp 3 Options Uwe Bendisch sit fraunhofer de lt a Schedule a Meeting Office B3 035 Call Work 3122 gt J Send Mail Uwe Bendisch sit fraunhofer de

Download Pdf Manuals

image

Related Search

Related Contents

"user manual"    GENUINE PARTS INSTALLATION INSTRUCTIONS CAUTION  Télécharger le mode d`emploi - Desvres  FilterStream Air Purifier User Manual  dreamGEAR 18 In 1 Starter Kit f/ DSi  Sección 6 - Recordcase.de  Red Hat Enterprise Linux 5 Sinopsis de la suite para Cluster  取扱説明書 21  Eagle Series DVR Quick Start Guide Version 6.0.0  

Copyright © All rights reserved.
Failed to retrieve file