Home

Carillon eShop User's Guide - Carillon Information Security Inc.

1. Certificate Export Wizard File to Export Specify the name of the file you want to export File name Cr Users coe Desktop Personal Certs for Export pfx 9 The Save As window will appear name the file and then save it to wherever you want i e desktop and then click Save r Te 5 r TS OU T Desktop d w Search Desktop p Organize New folder Fr Favorites g Libraries E Desktop a System Folder Mg Downloads al Music __ Icoe G3 Recent Places System Folder _ Computer Da System Folder E5 Documents a Music m Network Pictures System Folder E Videos 7 zs i ADS Handbooks 7 File name Personal Certs for Export Save as type Personal Information Exchange pfx x Hide foldes Identity Management Simplified Carillon eShop User Guide 10 The Certificate Export Wizard window will appear click Finish Certificate Export Wizard Completing the Certificate Export Wizard You have successfully completed the Certificate Export wizard You have specified the following settings File Name C Users coe Desktop Personal Certs for File Format Personal Information Exchange pfic Exporting your private exchange key An application is requesting access to a Protected item Page 46 Identity Management Simplified Carillon eShop User Guide 12 On the Certificate Export Wizard pop up advisin
2. Eat 2 On the left hand panel expand Your Identity Select Your Certificates E Certificates in your ID file oe _ Socunty Goms Your certificates provide a secure way to identify you to Notes and other programs Your ID may contain Your Identit cetficates used to secure Notes communications as well as certificates used with the Intemeat Your Hames Your Intemet Certificates May be used to exchange secure mad with users outside of Notes to access our Certificates rc oe Nt kat alice E E Identity of Others amp What Others Do Notes Data Mall Identity Management Simplified Carillon eShop User Guide 3 On the right hand side select Get Certificates gt Import Internet Certificates r Certificates in your ID fle hace 4 EEA EA R EEE dears Ge Your kderity certificates used io cue Notes rarere a al an tiea used Yos Notes Gerhees Diay bacada iag ba Niches te acceta Motes dalban ard bo exchange teare mal wth other Notes ueri agne Nen iana Costet breca iom Cetere irion a Senartcard Type haa ntemational mapio Epes a Rey iether THEI ELAS APF NURA HESNA 720 4 Navigate to your PKCS 12 file which you either downloaded or exported from your browser 5 Select and Open your PKCS 12 file twn eS 1 Name Date modified rR Paces Rick 14 06 2011 16 07 Type Person Page 68 Identity Management Simplified
3. Learn more about certificate stores Identity Management Simplified Carillon eShop User Guide 7 The following window will appear click on the Finish button Certificate Import Wizard __ 3s Completing the Certificate Import Wizard The certificate will be imported after you dick Finish You have specified the following settings Certificate Store Selected by User Intermediate Certifica Content Certificate Throughout the installation of the Trust Chain you may have Security Warning popups This is normal as you are installing the certificates for the first time It is okay to trust and install these certificates Page 27 Identity Management Simplified Carillon eShop User Guide 8 Click OK to complete the installation of the Boeing Secure Message G2 Certificate 9 Click the OK button to close the certificate window This certificate is intended for the following purpose s L3 6 L4 1L 73 15 3 L 2 All application policies Issued by The Boeing Company Root Certificate Authority Valid from 5 29 2014 to 5 29 2019 Install Certificate Issuer Statement Learn more about certificates This completes the installation of the Boeing Trust Chain Close all remaining windows Page 28 Identity Management Simplified Q Carillon eShop User Guide 2 4 Verifying the Trusted Site and Validating the EVSSL To verify if https pub carillon ca http
4. Carillon eShop User Guide 6 Select PKCS 12 Encoded and click Continue Select Import File Format In what format is your certificate stored in the file Binary encoded X 509 C Base 64 encoded X 509 PKCS 12 encoded C PKCS 7 encoded 7 Enter the password entered during export Click OK Enter the password for the file containing intemet certificates Password OOOO 8 Click Accept All De you wam to accept the following certificates into your ID All Intemet Certificates E Root CA Rost CA E Primary Class 2 CA Ron CA PersonalSign Cass ZCA Primary Gass 2 CA Selected Rem Issuedto rick z Tom Emad rick E cor Issued by PersonalSign Class 2 CA Emai Activated 14 06 2011 Type intemet mutipupose Epes 14 06 2014 Fingerprint Advanced Details There is a private key comesponding to this certificate cca ces i Identity Management Simplified Carillon eShop User Guide 9 Click OK The certificate should now appear in your Internet Certificate drop down menu IEM Lotus Notes i New certificates were accepted into your ID p If you have installed copies of your ID on multiple machines update each machine with a new ID copy Page 70 Identity Management Simplified Carillon eShop User Guide 8 FREQUENTLY ASKED QUESTIONS Q Why do you ask for Date of Birth and Place of Birth when applying to purchase certificates A These a
5. Clipboard Basic Text Names From pm Co Ctx Subject Identity Management Simplified l Carillon eShop User Guide 3 The Select Names Contact window should pop up and from the Address Book drop down select dir carillon ca Type in the email address in the space to the left of the GO button then select GO Select Names Contacts Search Name only More columns Address Book Conteds en wcreecen g Adysnced ra psmih exmanle com Contacts Type your search keywords and click Go other pe kie A Trusted Contacts dir carillon ca The name of the person should show up in the space below with ENC beside it Select their name then click on the TO then OK Fill out your email then open the Options tab and ensure that the Encrypt and Sign buttons on the Permission menu are selected 6 Click Send to send the digitally signed and encrypted email ECR oe test Message HTML Message Insert Format Text Review Developer E i on 4 Ty Ba colors A a ond _ Request a Delivery Receipt Ta i Se 4 to Fonts Themes Page Bcc From Permissio Use Voting Request a Read Receipt O Effects Color v Buttons 2 A Themes Show Fields Permission Save Sent Delay Diret Item To Delivery Replies To Tracking p More Options F joe somewhere com Testing 1 2 3 joe somewhere com Identity Management Simplifi
6. This wizard helps you copy certificates certificate trust lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are To continue dick Next Identity Management Simplified Carillon eShop User Guide 4 Select Place all certificates in the following store option and then click the Browse bution Certificate Import Wizard Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate E Automatically select the certificate store based on the type of certificate Learn more about certificate stores 5 Click on Intermediate Certification Authorities and then click OK Seire Select the certificate store you want to use Identity Management Simplified Carillon eShop User Guide 6 The following information will appear in the window click on the Next button Certificate Import Wizard Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate Automatically se
7. Identity Management Simplified Carillon eShop User Guide 2 2 1 Validate the Root Certificate Thumbprint 1 Click on the Start icon 2 Type in the Search programs and files box certmgr msc and press enter gt All Programs Search programs and files Sh ut down iga 3 The certmgr window will appear Click Trusted Root Certification Authorities then click Certificates On the right panel locate and double click the CISRCA1 certificate File Action View Help E m EE _ Personal Trusted Root Certification Au Certificates Enterprise Trust bt C Intermediate Certification Au b C Active Directory User Object b Trusted Publishers b Untrusted Certificates t Third Party Root Certificatior t C Trusted People t Other People e 4 Certificate Enrollment Reque t C Smart Card Trusted Roots i il il i i i i i i i SiR Si i i i Page 16 Identity Management Simplified 4 A Certificate window will open Click the Details tab In the Show dropdown select lt All gt In the field column scroll down to Thumbprint It should read Carillon eShop User Guide a6 9e 03 36 c4 e5 90 23 ff 65 3c 71 f9 28 eb 73 f2 1c 00 fO Value CISRCA1 Certification Authori RSA 4096 Bits E Subject Key Identifier ea 95 15 da 5c 39 00 e2 9a db j Basic Constraints Subject Type CA Path Lengt key Usage _ Signature Non Repudia E
8. Signature Certificate Acknowledgement By clicking below you will be using your Signature certificate to sign your acknowledgement of receipt of your Signature certificate Encryption Certificate Acknowledgement You have been sent an encrypted email with an acknowledgement code in it Please type this code below and click acknowledge You can also request another copy of the encrypted code by clicking Send email again Acknowledgement o O Code Serena oe 4 Enter your Acknowledgement Code from your Encryption Acknowledgement Code email and click on the acknowledge button identity Management Identity Certificate Acknowledgement Return to main page You have successfully generated your certificates and used your Identity certificate to view this page Therefore Test my certificate your Identity certificate is now acknowledged Check browser setup Download CA Certificate Chain Signature Certificate Acknowledgement Your Signature certificate has been acknowledged Encryption Certificate Acknowledgement You have been sent an encrypted email with an acknowledgement code in it Please type this code below and click I acknowledge You can also request another copy of the encrypted code by clicking Send email again Acknowledgement 7GpkvgsMXt Code Send email again Identity Management Simplified Carillon eShop User Guide 5 Your certificates have now been acknowledg
9. 14 2021 Learn more about certificates Page 23 Identity Management Simplified Carillon eShop User Guide 239 Install Boeing Intermediate CA Certificate 1 Go to the folder where the Boeing Certificates were downloaded Double click on the Boeing Secure Messaging G2 certificate and the following window will appear click on the Open button Open File Security Warning Do you want to open this file Name e5 Screenshots Boeing Secure Messaging G2 cer Publisher Unknown Publisher Type Security Certificate From lt G Users lcoe Desktop Boeing Certificates Dow potentially han your computer f you do not trust the source do not open this software What s the isk 2 Click on the Install Certificate button This certificate is intended for the following purpose s 15 6 1 4 1 75 15 3 L2 All application policies sued to Bess Sere Remora Issued by The Boeing Company Root Certificate Authority Valid from 5 29 2014 to 5 29 2019 Install Certificate Issuer Statement Learn more about certificates Page 24 Identity Management Simplified Carillon eShop User Guide 3 The following Certificate Import Wizard window will appear click on the Next button Certificate Import Wizard i Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists from your disk to a cer
10. 20 Identity Management Simplified Carillon eShop User Guide 7 For the Hash Algorithm select SHA1 Change Security Settings Security Setting Preferences Security Settings Name Cryptography Format S MIME Default Security Setting for this cryptographic message format Default Security Setting for all cryptographic messages Seay ib Certificates and Algorithms Enenpton Cerise cheese Encryption Algorithm Send these certificates with signed messages 8 Setup your Encryption Certificate by clicking on Choose Change Security Settings Security Setting Preferences Identity Management Simplified Security Settings Name Cryptography Format S MIME Default Security Setting for this cryptographic message format Default Security Setting for all cryptographic messages Certificates and Algorithms a Encryption Certs cese f Encryption Algorithm AES 256 bit Send these certificates with signed messages ox J canci Carillon eShop User Guide 9 On the Windows Security window select the encryption certificate you wish to use if you have more than one and click the OK button Windows Security Select a Certificate Reggie RA Encryption Issuer TEST RSA Signing CAL Valid From 14 01 2011 to 13 01 20 Click here to view certificate 10 For the Hash Algorithm select AES 256 bit Change Security Settings Security Settin
11. Certificate Import Wizard The certificate will be imported after you cick Finish You have specified the following settings You are about to install a certificate from a certification authority CA Windows cannot validate that the certificate is actually from The Boeing Company Root Certificate Authority You should confirm tts origin by contacting The Boeing Company Root Certificate Authority The following number will assist you in this process Thumbprint shal DO2FSA7F 7732FC4 FR42F82B 6DASIEL 6COP2CSB Warning Tf you install this root certificate Windows will automatically trust any certificate issued by this CA Installing a certificate with an unconfirmed thumbprint is a security risk If you click Yes you acknowledge this risk Do you want to install this certificate Throughout the installation of the Trust Chain you will get Security Warning pop ups This is normal as you are installing the certificates for the first time It is okay to trust and install these certificates Identity Management Simplified Carillon eShop User Guide 9 Click OK to complete the installation of the Boeing Company Root Certificate Authority certificate This certificate is intended for the following purpose s All issuance policies All application policies Issued to The Boeing Company Root Certificate Authority Issued by The Boeing Company Root Certificate Authority Valid from 3 17 2000 to 12
12. TEST SHAZ ecoCAl t D Trusted Peopl Devon William SIG TEST SHA2 ecoCAl i Other People Ea EADS ecoCAl EADS Root CA 2 b Certificate Enrollment Reque Heidi Irene ENC TEST SHA2 ecoClAl t C Smart Card Trusted Roots Heidi Irene ID TEST SHA2 ecoCAl Yl Heidi Irene SIG TEST SHA ecoCAl Ya Hilde Dora ENC TEST SHA2 ecoCAl al Hilde Dora ID TEST SHA ecoCAl Gl rr m rm Tror miss maa a l Personal store contains 57 certificates Identity Management Simplified Carillon eShop User Guide 4 The Certificate RA wea will Mean ee next Certificate Export W Wizard Welcome to the Certificate Export Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists from a certificate store to your disk A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue dick Next 5 On the Epor Private ere screen click on Yes aiak the private key Click Next Certificate ie Wizard Export Private Key You can choose to export the private key with the certificate Private keys are password protected If you want to export the private key with the certificate you must type a password on a later page Do you want to export the private key with the cert
13. certificates in the following store Certificate store Trusted Root Certification Authorities Learn more about certificate stores Identity Management Simplified Carillon eShop User Guide 7 The following window will appear click on the Finish button Certificate Import Wizard Completing the Certificate Import Wizard The certificate will be imported after you click Finish You have specified the following settings NOTE Throughout the installation of the Trust Chain you will get Security Warning pop ups This is normal as you are installing the certificates for the first time It is okay to trust and install these certificates 8 The Certificate Import Wizard pop up will appear advising the Import was successful click the OK button to complete the installation of the Carillon Root CA Certificate Certificate Import Wizard Page 10 Identity Management Simplified Carillon eShop User Guide 9 Click OK to close the certificate windows and click Close on the downloads window This certificate is intended for the following purpose s All issuance policies All application policies Issued to CISRCA1 Issued by CISRCA1 Valid from 10 16 2012 to 10 16 2032 Install Certificate Issuer Statement Learn more about certificates 2 2 Download amp Install Carillon Intermediate CA Certificate NOTE For Lotus notes users Please
14. ensure that the trust chain has been properly configured for use in Lotus Notes by your System Administrator or Notes Administrator before proceeding with the download and installation of your personal certificates The following link https oub carillon ca CAcerts CISCA1 cer will bring you to your View Downloads Internet Explorer window 1 Under name CISCAt1 cer Intermediate or Signing CA 1 certificate file click on the Open button a View Downloads Internet Explorer View and track your downloads Search downloads p Location Actions E CISCAL cer 248 KE Do you want to open or save this file Save v pub carillon ca m Identity Management Simplified Carillon eShop User Guide 2 The Certificate window will appear click on the Install Certificate button This certificate is intended for the following purpose s 1 3 6 L4 1 25054 3 L3 1 3 6 1 4 1 25054 3 1 4 1 3 6 1 4 1 250543 L5 1 3 6 1 4 1 250534 3 L6 1 3 6 1 4 1 250543 L7 1 3 6 1 4 1 25054 3 L8 Refer to the certification authority s statement for details Issued t Carillon PKI Services CA 1 Issued by CISRCA1 Valid from 10 23 2014 to 10 23 2027 Install Certificate Issuer Statement Learn more about certificates 3 The following Certificate Import Welcome Wizard window will appear click the Next button Certificate Import Wizard Welcome to the Certificate Import Wizard
15. sene ane Logon Information C This server requires me to log on Require Secure Password Authentication SPA User Mame Password 6 On the Add E mail Account pop up click OK Acie E rresdifiecewant i You must restart Outlook for these changes to take effect Identity Management Simplified T 8 9 Carillon eShop User Guide In the Microsoft LDAP Directory window ensure that dir carillon ca is the Display Name and that the Connection Details Port is set to 389 then click OK or Apply as necessary Microsoft LDAP Directory Display Name The display name as it appears in the Address Book Use Secure Sockets Layer Click the Finish button Add New Account l A D x P You have successfully entered all the information required to setup your account To close the wizard click Finish Click the Close Button 10 You will need to RESTART Microsoft Outlook for the email account changes to take effect You have now completed setting up the Carillon LDAP Proxy Page 55 Identity Management Simplified Carillon eShop User Guide 5 5 Confirming LDAP is Properly Configured To confirm that the changes have been applied open Outlook and select the File tab and Info tab from the corresponding menu items 1 Click on the Account Settings button and select the Account Settings pop up In the Accounts S
16. thumborint a6 Je 03 35 c4 e5 90 23 F65 a6 Je 03 36 c4 e5 90 23 ff 65 so 71 f9 26 eb 73 2 ic OO 0 Edit Properties Edit Properties Copy to File Copy to File Learn more about certificate details 5 Click OK to close the window Page 17 Identity Management Simplified Carillon eShop User Guide 2 3 Installing the Boeing Trust Chain 2 3 1 Download Boeing Certificates 1 Visit the Boeing website at the following address http www boeing com crl 2 Under the Authority Information heading download the Boeing Secure Messaging G2 crt by right clicking on the link then in the pop down menu select the Save target as to save the file The Boeing Company PKI Public Repository Index Created Fri Aug 1 06 30 04 PDT 2014 Policy Information Document Date Boeing BCA PKI CP 1 4 pdf Boeing Med Assurance Domain CP v10 9 pdf Authority Information Boeing CAGA pic BoeingPCAGs pic Boeing Company OSCA G2 crt Company OSC 4A crt Feb 25 21 44 58 2021 GMT 3 Select a directory on your computer to save the file to and click the Save button 4 Repeat steps 2 and 3 for the downloading of The Boeing Company Root Certificate Authority crt and then close your browser Nov 15 22 15 15 2017 GMT Jan 11 19 02 14 2014 GMT Dec 15 00 16 20 2021 GMT Nov 15 22 08 24 2033 GMT Identity Management Simplified Carillon eShop User Guide 2 3 2 Install the Boeing Root CA Cert
17. 4 2 4 Verifying the Trusted Site and Validating the EVSSL cece ceee cece ee eeeeees 29 2 Whe REL RUE VAL PROCESS eeen accede E T ieee ea nie neetemetantemedeent 33 THE ACKNOWLEDGING PROCESS icsciesedcsics cocdencwenmnteceecetusacunl metauedasanineneeccnesstaat 39 HOW TO EXPORT ID SIG amp ENC CERTIFICATES cccceceeeeeeeeeeeeeeee eee eeeees 42 5 1 Export ID SIG amp ENC Certificates from Your Personal Store c cece eee ees 42 5 2 Deletion of Certificates from Hard Drive ssesssssssrsrrrrsrerrrrerrrrerrrrrrerrrrsren 47 5 3 TO AMMDOM COMINCAleS erreren eraren EEEE EEA EE ARRI 48 5 4 Setting Up Access to the Carillon LDAP Proxy cccccccee cece eee eeeeneeeeeeenenes 52 5 5 Confirming LDAP is Properly COnfiQured ccccccceeeeeeeeeeeeeeeeeeeeeeeeeetsnenees 56 6 HOW TO USE YOUR CERTIFICATES IN OUTLOOK ccc cece cece cece cece eee eeeeeeees 58 6 1 Setting up Outlook to use your Certificates cece cece cece eee eeeeeeeeeeeeeeenenees 58 6 2 Signing and Encrypting E mail cece ccc ccc cece cece seen cece eeeeeeeeeeeeeeeeeeeteeeaes 63 7 INSTRUCTIONS FOR LOTUS NOTES USERS cccccceeeeeee cence ee eeeeeeeeeeeeeeeeeneees 66 7 1 Download the Carillon Trust Chain cccccccccc cece cece cess eeeeeeeeeeeeeeeseeenennnees 66 7 2 Downloading amp Installing Personal CertificateS ccc cccccc eee e cece eteeeeeeeeeeeees 66 To IDA PROXY SCUD te
18. Carillon guia INFORMATION SECURITY Carillon eShop User s Guide Prepared by Carillon Information Security Inc Version 0 Updated on 2015 01 29 Status PUBLIC Carillon eShop User Guide Contents I WMP OGUUICUIOND aicaueeacdcccestiadanesvedece snbanadeqesavevetecdbaweacseucteddecnatsaecubenedveeseeeouadesasiocee 4 it PRCFCOUISILGS ccascnuqacussarvaatresvuaauiotteanwiseree nance EE EEEE AER 4 LLL WV OURS CQRION ese camer E E E ag accesses aeesesa sie esecoagneueaeesase ce 4 LL22 INCU WOTIC ENVTONMENE espren unne EEr EO EEE ERRONEO RONE 5 2 HOW TO SET UP A CA CERTIFICATE CHAIN TRUST CHAIN IN WINDOWS 7 6 2 1 Installing the Carillon CA Trust Chain sesssesesueresrererersrnrerrrrrrrrrrerrrererrrrrene 7 2 1 1 Download amp Install the Carillon Root CA Certificate ccccccccee eee es 7 2 2 Download amp Install Carillon Intermediate CA Certificate ccccccceee eee e ees 11 2 2 1 Validate the Root Certificate TNUMDDriNt c cece cece seen cette eeeeeeeeeeees 16 2 3 Installing the Boeing Trust Chaln cc cc cccccceee cece eeeeseeeeeeeeeseeeeeeeeueeeetenagaes 18 2 3 1 Download Boeing Certificates cc cecccccc cece eee eeee sees eeeeeeeeeeteeageeeeenegs 18 2 3 2 Install the Boeing Root CA Certificate ccc cccccc cece eee seee nents eeeeeeeeeeeaas 19 2 3 3 Install Boeing Intermediate CA Certificate cc cece cc ccceee cece eeeeeeeeeeeaas 2
19. Personal Certificates The indicated way in this Guide for downloading retrieving and installing certificates is the same for Lotus Notes users although Lotus Notes users may need Administrator rights on their machine 7 3 LDAP Proxy Setup The System Administrator or Lotus Notes Administrator may need to set up the LDAP proxy to include dir carillon ca on the Lotus Notes Domino Server The method for configuring Lotus Notes with the LDAP proxy may differ from the outlined instructions provided Be sure to contact your Lotus Notes Administrator should you require assistance to set this up on your system Page 66 Identity Management Simplified Carillon eShop User Guide 7 4 Enable Certificates in Lotus Notes These instructions are general guidelines only and may differ from the Lotus Notes currently deployed at your organization Should you encounter inconsistencies consult with your Lotus Notes Administrator 1 Select File gt Security gt User Security ere IBM Lotus Notes q te ee Edit View Create Actions Text Tools Window Help na i ning Intemet mail Priority gt Open Close Ese ie Save Ctrl S Save As Ctrl Shift S AutoSave Application Replication Locations S Attach Import Export Page Setup Print Preview Print Ctrl P Preferences Properties Alt Enter Securit User Security Sametime a LockNotesID Ctrl F5 Close All E Switch ID
20. RTIFICATES INOUTLOOK This section gives step by step instructions on how to set up and use Secure Email S MIME with your email client and how to properly import the certificates into the Microsoft Office Outlook 2010 email management tool These instructions will guide you on how to set up your email account to use these certificates as well as set up your email client to use the Carillon LDAP Proxy so that you can look up and find other users with whom you may wish to exchange secure email To ensure these certificates are properly recognized and trusted by your email client be sure to install the associated Trust Chain certificates on your computer or laptop before proceeding 6 1 Setting up Outlook to use your Certificates 1 Start Outlook 2 Select the File tab and then select Options ol 9 utloo a icrosoft Outloo Home Send Receive Folder View Account Information No account available Add an e mail account to enable additional features P Add Account Open p Account Settings Print Pay Modify settings for this account and configure additional connections Account Help Settings E o Exit Mailbox Cleanup Manage the size of your mailbox by emptying Deleted Items and archiving Cleanup Tools Page 58 Identity Management Simplified e Carillon eShop User Guide 3 In the Outlook Options window select Trust Center from the side menu and then select the Trust Center
21. Settings button Outlook Options General Help keep your documents safe and your computer secure and healthy Mail Calendar Protecting your privacy Contacts Microsoft cares about your privacy For more information about how Microsoft Outlook helps to protect your privacy please see the privacy statements Tasks Show the Microsoft Outlook privacy statement Notes and Journal Office com privacy statement Customer Experience Improvement Program Search Mobile Security amp more Language Learn more about protecting your privacy and security from Office com Advanced Microsoft Trustworthy Computing Customize Ribbon Microsoft Outlook Trust Center Quick Access Toolbar The Trust Center contains security and privacy settings These settings help keep your computer secure We recommend that you do not Trust Center Settings Add Ins change these settings 4 Inthe Trust Center window under the E mail Security tab click the Settings button Trust Center Trusted Publishers Encrypted e mail a Q Encrypt contents and attachments for outgoing messages Privacy Options Add digital signature to outgoing messages E mail security Send clear text signed message when sending signed messages Request S MIME receipt for all S MIME signed messages Attachment Handling Default Setting z Automatic Download Digital IDs Certificates Macro Settings Digital IDs or Certificates are documents t
22. This is to ensure confidentiality Page 75 Identity Management Simplified Q Carillon eShop User Guide 10 CUSTOMER SERVICE Should you require assistance at any time please feel free to contact us and we will be happy to assist you Carillon Information Security Inc Customer Service Group 9 00AM 5 00PM Eastern Telephone 1 514 485 0789 Email customer _service carillon ca Page 76 Identity Management Simplified
23. ates before the trust anchor was installed you will need to contact us to cancel your current certificate request and have new certificates requested Q My computer was rebuilt and I lost my certificate Can I get it back A The certificate you use to access the Carillon Provisioning System and sign encrypt emails is stored on your personal computer Carillon does not have a copy lf your computer is rebuilt and you do not have a backup copy of your certificate you will need to request a new one You may want to store a backup copy of your Carillon issued certificates in a secure location such as a password protected USB key kept in a secure location such as a safe or a locked drawer Page 71 Identity Management Simplified Carillon eShop User Guide Q I have a certificate but am unable to access the Carillon Provisioning System A Make sure you are using the same browser that you created your certificate with You cannot create a certificate in Internet Explorer and then use Mozilla Firefox to access the Carillon Provisioning System without first transferring the certificate into Mozilla Firefox Check your browser to be sure that it supports 256 bit encryption If it does not you will need to upgrade your browser Also verify that SSL 2 0 and SSL 3 0 are disabled and ensure that Use TLS 1 0 1 1 and 1 2 are enabled through Tools gt Internet Options gt Advanced tab Q Why can I receive encrypted e mails b
24. chy ete et eden crsenty caer AE E E 66 7 4 Enable Certificates in Lotus NOtES ccccccceee cece cece cess eeeeeeeeeeeeeeeseneeenenees 67 Identity Management Simplified Carillon eShop User Guide FREQUENTLY ASKED QUESTIONS picrancetetntrcimaacnsircbamesanataateyerne EENE TE EEN RINN 71 9 NETWORK ADMINISTRATOR TROUBLESHOOTING ccccceeeeeeeeeeeeeeeeeeeeeeeees 73 9 1 Test link to the Carillon LDAP Proxy ccccccce cess eee eeeeeeeeeeeeeeeeeeeeetteeeentsaags 73 10 CUSTOMER SERVICE ceiccnsnccmsdpensccouerereseccunauusiesusseecesetauncetensaseactene mt austesse 76 Identity Management Simplified 1 Carillon eShop User Guide Introduction This document serves as a guide to assist you through the various steps that need to be performed using the Carillon eShop Interface from downloading the Carillon CA Certificate Chain Trust Chain retrieving and acknowledging your certificates through to setting up Outlook in order to be able to use these certificates on your computer or laptop 1 1 Prerequisites In order to successfully acquire your Certificates you need to ensure the following prerequisites are met with regards to your workstation and the network environment you will be operating on 1 1 1 Workstation Windows 7 Internet Explorer 8 0 or higher for security reasons we recommend that SSLv2 and SSLv3 be disabled Java 1 7 or higher 82 bit version it is recommended tha
25. d every time the private key is used by an application if you enable this option 7 Mark this key as exportable This will allow you to back up or transport your keys at a later time Indude all extended properties Learn more about protecting private keys Identity Management Simplified Carillon eShop User Guide 4 On the Certificate Import Wizard Certificate Store window click on Automatically select a certificate store based on the type of certificate and click Next Certificate Import Wizard Certificate Store Identity Management Simplified Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate Automatically select the certificate store based on the type of certificate O Place all certificates in the following store Certificate store Completing the Certificate Import Wizard The certificate will be imported after you click Finish You have specified the following settings Certificate Store Selected Automatically determined by t Content PFX File Name C Users coe Desktop Persor Carillon eShop User Guide 6 On the Importing a new private exchange key pop up s click OK Importing a new private exchange key _ 28 An application is creating a Protected item CryptoAP Private Key Seoutyeve sto Medium 7 Click OK on the Import was successful
26. do not hesitate to contact us at PKI Help Desk lt testing carillon ca gt Thank you The Carillon PKI Team Identity Management Simplified Q Carillon eShop User Guide 2 Click on the link mentioned in the email it will bring you to the following Certificate Services page Enter your email address and click on the Submit button Identity Management Thank you for registering for a certificate from The Carillon PKI Log in here to generate a private key and certificate 0 Check browser setup request which will then be securely transmitted to our Certificate Authority for signing i U Download CA Certificate Chain Please enter your email address and the access code that was emailed to you If you have lost your access code enter only your email address and a new code will be emailed to you Email Address lcoe7 tscp eads com Please contact us if you have any questions about this service or problems using issued certificates 3 Enter the Access Code from the email and click on the Log In and Retrieve Certificates button Thank you for registering for a certificate from The Carillon PRI Log in here to generate a private key and certificate Check browser setup uest which will then be securely transmitted to our Certificate Authority for signing iii 7 ly eres w Download CA Certificate Chain Please enter your email address and the access code that was emailed to you lf y
27. ection to the server is encrypted Should I trust this site 7 Click the Certification Path tab which shows pub carillon ca in the Certification path The Certificate status should read This certificate is OK FEA pub carillon ca View Certificate Certificate status is certificate is OK Learn more about certification paths Identity Management Simplified Carillon eShop User Guide 3 THE RETRIEVAL PROCESS NOTE For Lotus Notes users Please ensure that the trust chain has been properly Configured for use in Lotus Notes by your System Administrator or Notes Administrator before proceeding with the download and installation of your personal certificates 1 You will receive a Certificate Issuance email similar to the one below with instructions a link to pick up your certificates and an access code Sample email From PKI No Reply lt testing carillon ca gt To looe 7 tscp eads com Cc Subject Carillon FKE Certificate Issuance Dear Sheldon Glenn Your request for a Carillon PKI digital certificate has been approved To proceed with the retrieval of your certificate s please go to the following URL httos certserv carillon ca certserv To log on If you already have a valid Identity certificate you will automatically be logged in otherwise please enter your email address and the access code below If you encounter any difficulties or have any questions please
28. ed l Carillon eShop User Guide Delivered messages display the signing icon encryption icon or both depending on the options you selected You have now successfully sent a signed and encrypted email NOTE If you are using Windows Vista or Windows 7 recipients of your emails may not be able to read your encrypted messages if they are using an older email client To fix this problem follow the steps below From the File menu select Options then click the Trust Center tab Trust Center button 2 Under the Encrypted email header click the Setting button Under the Certificates and Algorithms section from the Encryption Algorithm drop down menu select 3DES 3 Click OK and then click OK again Page 65 Identity Management Simplified Carillon eShop User Guide 7 INSTRUCTIONS FOR LOTUS NOTES USERS 7 1 Download the Carillon Trust Chain Lotus Notes users need to determine whether the Carillon Trust Chain needs to be installed on the Lotus Notes Domino Server To accomplish this using the following links for the root and signing certificates download and install the Carillon Trust Chain https oub carillon ca CAcerts CISRCA1 cer Root CA and https pub carillon ca CAcerts CISCA1 cer Intermediate or Signing CA Please notify your System Administrator or Lotus Notes Administrator if the Carillon Trust Chain must be installed on the Lotus Notes Domino Server 7 2 Downloading amp Installing
29. ed Carillon 9 e s g Identity Management NFORMATION SECURITY gt edgement Identity Certificate Acknowledgemen You have successfully generated your certificates and used your identity certificate to view this page Therefore Test my certificate your Identity certificate amp now acknowledged ns Retum to main page te Check browser setup Pe Download CA Certificate Chain Signature Certificate Acknowledgement Your Signature certificate has been acknowledged Encryption Certificate Acknowledgement Your Encryption certificate has been acknowledged Copyright 2001 2014 Carillon Information Seourity Inc All rights reserved 6 Click on the Return to main Page option from the menu bar on the right you will now see serial numbers beside your issued certificates Lu a Identity Management Sheldon Glenn This personalized greeting confirms the validity of your certificate issued by the Carillon PKI Be Return to main page i Testr rtificat Your certificates my certificate Check browser setup identity Senal number 010107 35E6FEB0SF6510F38DD04056149F 7 167E46341 issued 2014 10 30 l w Download CA Certificate Chain Revoke Signature Serial number J0101385541661C35ACBA9EB0 706649 1658C9536BE8DE issued 2014 10 30 Revoke Encryption Serial number0101CFCS34E98268 724708584 62F6C8461FD DFS BFCE issued 2014 10 30 Revoke Please contact us if you have any questions about t
30. et browser windows and then go to this URL IMPORTANT NOTE If you have requested and retrieved an Encryption certificate you will have received a second encrypted email This encrypted email contains a code which is needed to complete the acknolwedgement for your encryption certificate To be able to read the encrypted email you will need to double click on it so that it is opened in a separate window Itis NOT possible to read an encrypted email in the Outlook preview window If you encounter any difficulties or have any questions please do not hesitate to contact us at PKI Help Desk lt testing carillon ca gt Thank you The Carillon PKI Team 2 Select your ID certificate with the Issuer CIS and then click OK Windows Security Select a Certificate Sheldon Glenn ID Issuer TEST CIS Signing CA1 Valid From 10 30 2014 to 10 29 2017 Click here to view certificate prope Identity Management Simplified Carillon eShop User Guide 3 The following window will appear Click on the acknowledge button to acknowledge your Signature Certificate Carillon j ESK i Identity Management Acknowledgement Identity Certificate Acknowledgement Return to main page You have successfully generated your certificates and used your Identity certificate to view this page Therefore Test my certificate your Identity certificate is now acknowledged Check browser setup Download CA Certificate Chain
31. ettings window select the Address Books tab ar aose BETIS ee eer vchiarelli carillon ca icrosoft Outloo 57 File Home Send Receive Folder View a i A Save As Account Information W Save Attachments g vchiarelli carillon ca 4 IMAP SMTP Add Account Account Settings Modify settings for this account and configure additional connections S Account Settings ahh Add and remove accounts or change existing connection settings Manage the size of your mailbox by emptying Deleted Items and archiving Cleanup Tools Rules and Alerts use Use Rules and Alerts to help organize your incoming e mail messages and receive updates Manage Rules when items are added changed or removed amp Alerts Identity Management Simplified Carillon eShop User Guide 2 Your directory should appear in the list on this page You can choose a directory or address book below to change or remove it Double click on dir carillon ca Click on More Settings Verify that dir carillon ca is the Display Name and that the Port is 389 click OK o pi e wW Click the Close button to close the window You have now verified that you have access to the Carillon LDAP Proxy Page 57 Identity Management Simplified Carillon eShop User Guide 6 HOW TO USE YOUR CE
32. form digital certificate operations on your behalf Do you want to allow this operation 12 Your certificates have now been retrieved and installed You must RESTART YOUR BROWSER before acknowledging them Identity Management Your certificates are being generated and will be installed when ready This should only take a few seconds Return to main page fe Check browser setup Download CA Certificate Chain After all certificates have been retneved and installed you will receive email with instructions to acknowledge your cenificates Identity Management Simplified Carillon eShop User Guide 4 THE ACKNOWLEDGING PROCESS You will receive two emails a Certificate Acknowledgement Instructions email and an Encryption Acknowledgement Code email 1 OPEN the Certificate Acknowledgement Instructions email to acknowledge your certificates then click on the link which will bring you to a Windows Security page From PKI No Reply lt testing carillon ca gt Sent Wed To lcoe7 tscp eads com Cc Subject Carillon PKE Certificate Acknowledgement Instructions Dear Sheldon Glenn Thank you for retrieving your certificates from the Carillon PKI In order to keep and use your certificates it is now necessary to validate that they are working properly therefore you must acknowledge them within 1 month of receipt To acknowledge your certificates ensure that you have CLOSED all your Intern
33. g Preferences Security Settings Name Cryptography Format S MIME Default Security Setting for this cryptographic message format Default Security Setting for all cryptographic messages Delete Password Certificates and Algorithms Signing Certificate Hash Algorithm Encryption Certificate Encryption Algorithm AES 256 bit Send these certificates with signed messages 11 Click the OK button to complete your Personal Certificate setup You have now finished setting up your Personal Certificates for use in Outlook Identity Management Simplified l Carillon eShop User Guide 6 2 Signing and Encrypting E mail The reasons for digitally signing and encrypting a document are simple e t ensures that the document was actually sent by YOU e t ensures that the document wasn t modified in route Additionally the reason for encrypting an email is that it ensures that no one else can read your message To proceed 1 Open Outlook and select New E mail on the Home tab ioi Home send Receive Folder View Developer h Ignore Pas F bal aL Meeting Clean Up Delete Reply Reply Forward miora amp tines pn p a More Delete Respond Message Insert Options Cut 7 Follow Up h x AA a Copy High Importance Paste Address Check Attach Attach Signature Book Names File Item y Include Tags iil ee ab BOF E A Low Importance F Format Painter
34. g the export was successful click OK Certificate Export Wizard x The export was successful 5 2 Deletion of Certificates from Hard Drive Any files containing your private key should be kept on removable media only When first exporting your certificates copy them to a local drive that is not accessible to a network Import your certificates into applications as necessary then remove them and any related files from your machine after you re done It is important to remember that all certificates exported from your web browser onto your computer be DELETED Failure to do so will put the security of your certificates and keys at risk Also ensure that once the certificates have been deleted that your recycling bin or trash has been emptied Page 47 Identity Management Simplified Carillon eShop User Guide 5 3 To Import Certificates 1 Double click on certificate file you saved and the Certificate Import Wizard screen will appear click Next G6 MM Desktop Search Desktop Organize Install PFA Share with E mail e r Favorites 3 E Desktop B Downloads 3 Personal Certs for Export a Music ia SP Personal Information Exchange S Recent Places ee O77 KB q y g es p Certificate Import Wizard Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust
35. hat allow you to prove your identity in electronic transactions Programmatic Access Get a Digtal D Read as Plain Text Read all standard mail in plain text Read all digitally signed mail in plain text Script in Folders Allow script in shared folders Allow script in Public Folders Identity Management Simplified Carillon eShop User Guide 5 In the Change Security Settings window under Security Settings Name enter a name for your security setting this would be a name you designate to your certificates Under the Certificates and Algorithms section setup your Signing certificate by clicking on Choose Change Security Settings Security Setting Preferences Security Settings Name Cryptography Format S MIME Default Security Setting for this cryptographic message format Default Security Setting for all cryptographic messages Certificates and Algorithms Signing Certificate Encryption Certificate Encryption Algorithm Send these certificates with signed messages 6 On the Windows Security window select the signature certificate you wish to use if you have more than one and click the OK button Windows Security Select a Certificate Ollie OA SIG Issuer EADS Test CA Valid From 02 06 2010 to 01 06 20 Reggie RA SIG Issuer EADS Test CA Valid From 28 05 2010 to 27 05 20 Tammy TA SIG Issuer EADS Test CA Valid From 28 05 2010 to 27 05
36. he validity or usage of your certificates Identity Management Simplified Carillon eShop User Guide 5 HOW TO EXPORT ID SIG amp ENC CERTIFICATES NOTE Lotus Notes users will need to perform steps 6 1 Export ID SIG amp ENC Certificates from Your Personal Store INDIVIDUALLY and 8 4 Enable Certificates in Lotus Notes BEFORE acknowledging their certificates Failure to do so will make acknowledgment emails unreadable 5 1 Export ID SIG amp ENC Certificates from Your Personal Store Click on the Start icon 2 Type in the search box certmgr msc and press enter the certmgr Certificates screen will appear 3 Under Personal gt Certificates highlight the three certificates you want to export right click on them then click on All Tasks and click on Export F certmgr Certificates Current User Personal Certificates File iene View Help e Fic lX l H Certificates Current User Issued To Issued By a C Personal TlAnnie Mcafee ENC 7 TEST SHA2 ecoCAl lial Certificates Pel Annie Mcafee ID TEST SHA2 ecoCAl t C Trusted Root Certification Au kark SIG TEST SHA ecoCAl 7 fo Annie Mcafee SI oe bt D Enterprise Trust rE i t C Intermediate Certification Au oe ae PI ICA arillon EADS TEST PIV I CA Active Directory User Objec n dj Tal Carillon EADS TEST PIV I CA EA Untrusted Certificates Devon William ENC TEST SHA2 ecoCAl t i Third Party Root Certificatior Devon William ID
37. ificate Yes export the private key No do not export the private key Learn more about exporting private keys Identity Management Simplified Carillon eShop User Guide 6 The Export File Format screen will appear ensure that the Personal Information Exchange PKCS 12 PFX button is highlighted click Next Certificate Export Wizard 28 m Export File Format Certificates can be exported in a variety of file formats Select the format you want to use DER encoded binary 509 CER Base 64 encoded X 509 CER Cryptographic Message Syntax Standard PKCS 7 Certificates P 7B Indude all certificates in the certification path if possible Personal Information Exchange PKCS 12 PFX Indude all certificates in the certification path if possible Delete the private key if the export is successful Export all extended properties Microsoft Serialized Certificate Store 55T Learn more about certificate file formats 7 Onthe Password Screen create a password and retype it then click Next ETAF J Certificate Export Wizard adah Password To maintain security you must protect the private key by using a password Type and confirm a password Password Type and confirm password mandatory Identity Management Simplified Carillon eShop User Guide 8 The File to Export screen will appear showing the file name to export click Browse aie oe E Cmi T al LET
38. ificate 1 Go to the folder where the Boeing Certificates were downloaded Double click on The Boeing Company Root Certificate Authority certificate and the following window will appear click on the Open button Do you want to open this file Name e Boeing Company Root Certificate Authority crt Publisher Unknown Publisher Type Security Certificate From G Users Downloads The Boeing Comp V Always ask before opening this file potentially harm your computer f you do not trust the source do not open this software What s the isk 2 Click on the Install Certificate button This CA Root certificate is not trusted To enable trust install this certificate in the Trusted Root Certification Authorities st Issued to The Boeing Company Root Certificate Authority Issued by The Boeing Company Root Certificate Authority Valid from 17 03 2000 to 17 03 2020 Learn more about certificates Identity Management Simplified Carillon eShop User Guide 3 The following Certificate Import Wizard window will appear click on the Next button Certificate Import Wizard ll Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or
39. lator Help and Support All Programs F gt ae 5 2 The following window will appear type the command ping dir carillon ca SX E C Windows system32 cmd exe Microsoft Windows Version 6 1 7601 Copyright c 2009 Microsoft Corporation A11 rights reserved C Users John Smith gt Page 73 Identity Management Simplified 6 Carillon eShop User Guide 3 If you were successful in connecting to the directory you should have 0 lost packets receiving the following output Fa EI C Windows system32 cmd exe C Users John Smith gt ping dir carillon ca Pinging dir carillon ca 207 115 107 277 with 32 bytes of data Reply from 207 115 107 277 bytes 32 time 64ms TTL 242 Reply from 207 115 107 277 bytes 32 time 63ms TTL 242 Reply from 207 115 107 277 bytes 32 time 63ms TTL 242 Reply from 207 115 107 277 bytes 32 time 63ms TTL 242 Ping statistics for 207 115 107 27 Packets Sent 4 Received 4 Lost 0 0 loss Approximate round trip times in milli seconds Minimum 63ms Maximum 64ms Average 63ms C Users John Smith gt lf no connection was established 100 packet loss try again Telnet to port 389 if you get a connected message the firewall from your organization will let the traffic through If you get a connection denied message please open your company firewall to allow traffic on TCP 389 to dir carillon ca 6 To ensure that
40. lect the certificate store based on the type of certificate Place all certificates in the following store Certificate store Learn more about certificate stores Certificate Import Wizard Completing the Certificate Import Wizard The certificate will be imported after you click Finish You have specified the following settings Certificate Store Selected by User Intermediate Certifice Content Certificate Identity Management Simplified Carillon eShop User Guide 8 The Certificate Import Wizard pop up will appear advising the Import was successful click the OK button to complete the installation of the Carillon Intermediate CA 1 Certificate Certificate Import Wizard NOTE Throughout the installation of the Trust Chain you will get Security Warning pop ups This is normal as you are installing the certificates for the first time It is okay to trust and install these certificates 9 Click OK to close the certificate windows and click Close on the downloads window This certificate is intended for the following purpose s 1 5 6 14 1 25054 35 13 1 35 6 1 4 1 25054 3 1 4 1 3 6 1 4 1 25054 3 1 5 1 3 6 1 4 1 25054 3 1 6 1 3 5 1 4 1 25054 3 1 7 1 3 6 1 4 1 25054 3 1 8 Refer to the certification authority s statement for details Issued to Carillon PKI Services CA 1 Issued by CISRCAL Valid from 10 2014 to 10 23 2027 Learn more about certificates Page 15
41. lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue dick Next Identity Management Simplified Carillon eShop User Guide 2 On the Certificate Import Wizard File to Import screen click Next iy r eee Certificate Import Wizard File to Import Specify the file you want to import File name C Users coe Desktop Personal Certs for Export pfic Note More than one certificate can be stored in a single file in the following formats Personal Information Exchange PKCS 12 PFX P12 Cryptographic Message Syntax Standard PKCS 7 Certificates P 7B Microsoft Serialized Certificate Store S5T Learn more about certificate file formats 3 On the Certificate Import Wizard Password screen enter the Password you created during export Make sure that you check off all three boxes especially Mark this key as exportable This will allow you to back up or transport your keys at a later time Click Next Certificate Import Wizard Password To maintain security the private key was protected with a password Type the password for the private key Password Enable strong private key protection You will be prompte
42. ncoming e mail messages and receive updates Manage Rules when items are added changed or removed amp Alerts Page 52 Identity Management Simplified Carillon eShop User Guide 2 In the Accounts Settings window select the Address Books tab and click on the New Directories and Address Books You can choose a directory or address book below to change or remove it button Mobile Address Book Outlook Address Book 3 Make sure the Internet Directory Service LDAP option is selected and click the Next button i n E x J Directory or Address Book T You can choose the type of directory or address book you d like to add Connect to an LDAP server to find and verify e mail addresses and other information C Additional Address Books Connect to an address book to find and verify e mail addresses and other information Identity Management Simplified Carillon eShop User Guide 4 Fill out the Server Name information only The Carillon LDAP Proxy directory is dir carillon ca 5 Click on the More Settings button NOTE Do not select This server requires me to log on User Name and Password are not required Directory Service LDAP Settings You can enter the required settings to access information in a directory service Server Information Type the name of the directory server your Internet service provider or system administrator has given you
43. ng Secure Messaging G2 crt These certificates can be downloaded individually from the Boeing PKI public repository website http www boeing com crl Identity Management Simplified Carillon eShop User Guide 2 1 Installing the Carillon CA Trust Chain 2 1 1 Download amp Install the Carillon Root CA Certificate IMPORTANT NOTE Lotus Notes Users Please note that you must have Administrator rights on your machine in order to download and Install the Carillon Trust Chain The following link https oub carillon ca CAcerts CISRCA1 cer will bring you to your View Downloads Internet Explorer window 1 Under name CISRCA1 cer Root CA file click on the Open button View Downloads Internet Explorer View and track your downloads Search downloads Mame Location Actions CISRCAL cer 141 KB Doyou want to open or save this file Save v pub carillon ca 2 The Certificate window will appear click on the Install Certificate button This certificate is intended for the following purpose s All issuance policies All application polices Issued to CISRCA1 Issued by CISRCA1 Valid from 10 16 2012 to 10 16 2032 Install Certificate Issuer Statement Learn more about certificates Identity Management Simplified Carillon eShop User Guide 3 The following Certificate Import Wizard window will appear click the Next button Certificate Import Wizard Welcome t
44. nnot recommend that GPOs not be enforced however be aware that some of these network rules may prevent you from successfully connecting to the provisioning system CertServ or prevent you from properly retrieving and installing the certificates onto your smartcard It is recommended that your network administration and security teams be engaged and to have testing for the various functionalities required by CertServ added to the desktop management quality assurance process to ensure that no network or Active Directory changes prevent CertServ from correctly and securely enabling Certificate Provisioning to the user population Ideally you will need open access to the internet PLEASE NOTE The instructions in this handbook are typical guidelines of how to download and install CA certificates on your system There may be some variance between what is presented here and what your own system will display Please be aware that you may require Administrator rights to perform these actions If you do not have Administrator rights on your workstation seek assistance of your System Administrator to help with this setup Identity Management Simplified Carillon eShop User Guide 2 HOW TO SET UP A CA CERTIFICATE CHAIN TRUST CHAIN IN WINDOWS 7 This section describes the steps for installing the Carillon Trust Chain and the Boeing Trust Chain on a Windows 7 computer or laptop We refer to the Carillon CA and Boeing Trust Chains as o
45. o the Certificate Import Wizard This wizard helps you copy certificates certificate trust lists and certificate revocation lists from your disk to a certificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue dick Next 4 Select the Place all certificates in the following store option and then click the Browse button ae age Import Wizard Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate Automatically select the certificate store based on the type of certificate Learn more about certificate stores Identity Management Simplified Carillon eShop User Guide 5 Click on Trusted Root Certification Authorities and then click OK Select Certificate Store 6 The following information will appear in the Certificate Store window click on the Next button Certificate Import Wizard _ 38 Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate Automatically select the certificate store based on the type of certificate Place all
46. ou have lost your access code enter only your email address and a new code will be emailed to you Email Address lcoe tscp eads com Please contact us if you have any questions about this serice or problems using issued certificates Hello Sheldon Glenn You are scheduled to retrieve certificates Please enter the access code you received by email and press the button to continue lf you have lost this access code you can press the button to request a new one Request New Access Code Identity Management Simplified Carillon eShop User Guide 4 Click on the Pick up your certificates button Carillon 7 s g Identity Management Sheldon Glenn Youve used a one time password to access this page In the future access to this page will be supported by the Identity certificate that you will shortly be retieving issued by the Canllon PRL b Return to main page fe Check browser setup Your certificates Download CA Certificate Chain Identity Waiting for pickup Signature Waiting for pickup Encryption Waiting for pickup gt Pick up your certificates Please contact us if you have any questions about the validity or usage of your cenificates 5 Click Yes Web Access Confirmation This Web site ts attempting to perform a digital certificate operation on your behalf https certserv carillon ca certsery browsercheck php You should only allow known Web sites to perfo
47. owed levels for this zone All Medium Prompts before downloading potentially unsafe content Unsigned Activex controls will not be downloaded Enable Protected Mode requires restarting Internet Explorer Default level Reset all zones to default level oc Geena ae Identity Management Simplified Carillon eShop User Guide 5 In the Settings window scroll down to Security and make sure Use SSL 2 0 and Use SSL 3 0 are unchecked and ensure that all the Use TLS options are checked and then click the OK button Enable Integrated Windows Authentication Enable native XMLHTTP support Enable SmartScreen Filter Enable Strict P3P Validation Warn about certificate address mismatch Warn if changing between secure and not secure mode d Warn if POST submittal is redirected to a zone that does n i Takes effect after you restart your computer Reset Internet Explorer settings Resets Internet Explorer s settings to their default You should only use this if your browser is in an unusable state 6 In the address bar type hitos oub carillon ca and press Enter There will be a lock icon as in the following screenshot Click the lock and click the View certificates button Identity Management Simplified Carillon eShop User Guide gt Website Identification Entrust has identified this site as Carillon Information Security Inc Vaudreuil Dorion Quebec CA This conn
48. pop up Page 51 Identity Management Simplified Carillon eShop User Guide 5 4 Setting Up Access to the Carillon LDAP Proxy The Carillon LDAP Proxy is a link to a directory of recipient encryption certificates containing public encryption keys which can then be used to encrypt email intended for the person associated with the retrieved certificates This is done in order to avoid having to manually enter each person s certificates so that you may send receive encrypted e mail with them IMPORTANT NOTE Lotus Notes Users The System Administrator or Lotus Notes Administrator needs to set up the LDAP proxy to include dir carillon ca on the Lotus Notes Domino Server 1 Select the File tab and then Info tab from the corresponding menu items Click on the Account Settings button and select the Account Settings pop up Ole ere Inbox vchiarelli carillon cal Microsoft Outiook gt E ia x File Home Send Receive Folder View Account Information g vchiarelli carillon ca IMAP SMTP a Add Account Open Print Account Settings Modify settings for this account and configure additional connections Help 23 Options Exit Account Settings Sh Add and remove accounts or change existing connection settings Y Manage the size of your mailbox by emptying Deleted Items and archiving Cleanup Tools Rules and Alerts use Use Rules and Alerts to help organize your i
49. re used for the creation of your certificates They are unique markers that will allow the system to differentiate between two people with the same name Ex John Doe born on 10 10 1970 in Austin Texas as compared to John Doe born on 15 09 1991 in Burlington VT Q I do not have Java installed on my workstation is it necessary A Yes Java is a requirement for you to be able to retrieve and acknowledge your certificates as well as perform other functions through the Carillon eShop or the Carillon CA Provisioning System Q How do use this certificate in Thunderbird A Please download and read from the Carillon e Shop website the How To guide for information on using your certificate in Thunderbird Q I tried to retrieve my certificates but got an error instead What went wrong A It is absolutely necessary to have downloaded and installed the Carillon CA Trust Chain on your workstation BEFORE attempting to retrieve your Carillon CA issued certificates The presence of the Trust Chain allows for a path to the Carillon Certificate Authority CA to be made so that it can digitally sign the certificates you are requesting Q I get unable to validate errors with these certificates what should I do A Please ensure that the CISRCA1 cer Root CA certificate is configured as a trust anchor in your application or installed in the Trusted Root Store of certificates lf you have already attempted to validate your certific
50. rm digital certificate operations on your behalf Do you want to allow this operation w Identity Management Simplified Q Carillon eShop User Guide 6 Your browser will be checked then click on the Continue button identity Management Before you can retrieve your certificates we need to ensure your web browser meets certain requirements and is correctly configured If these tests do not succeed unfortunately you will not be able to retrieve your certificates at this time PASSED A PASSED 7 Read and confirm the Terms of Service and place a check in the I hereby accept the terms of service box and then click Continue Identity Management Please follow the next screens to generate your certificate s s Return to main page Check browser setup Terms of Service Download CA Certificate Chain By using this service the Subscriber agrees that he has read and understood the applicable Subscriber Agreement and or Certificate Policy and that Certificates generated herein are to be used in accordance with those documents Futhenmore the Subscriber and or the Subscriber s Employer agrees to indemnify Carillon against any and all claims that may arise due to the Subscriber s use of this certificate Please confirm the Terms of Service MI hereby accept the terms of service Identity Management Simplified Carillon eShop User Guide 8 Click Yes Web Acce
51. s www carillon ca and http certstore carillon ca are trusted sites on your computer 1 On the web browser menu click on the Tools menu and select Internet Options In the Internet Options window select the Security tab 2 Click on the Trusted Sites check mark then click on the Sites button This zone is for Internet websites except those listed in trusted and restricted zones Security level for this zone Allowed levels for this zone Medium to High Medium high Appropriate for most websites Prompts before downloading potentially unsafe content Unsigned ActiveX controls will not be downloaded Enable Protected Mode requires restarting Internet Explorer Av Identity Management Simplified Carillon eShop User Guide 3 If in the box of Websites you do not see the above addresses you will have to click on the Add button and add them and then click Close button You can add and remove websites from this zone All websites in this zone will use the zone s security settings Add this website to the zone https pub carillon ca https fcertstore carillon ca Remove https piv cassidiancommunications com https pub carillon ca https www carillon ca Internet Local intranet Trusted sites Trusted sites This zone contains websites that you trust not to damage your computer or your files You have websites in this zone Security level for this zone All
52. ss Confirmation i This Web site is attempting to perform a digital certificate operation on your behalf https certsery carillon ca certsery cert req php You should only allow known Web sites to perform digital certificate operations on your behalf Do you want to allow this operation We will generate a request for each of your certificate s with the following name The certificate type will be appended to JOEF tame Return to main page Subject te Check browser setup C CA B Download CA Certificate Chain O Carnillon Information Security Inc OU Subscribers OU Carillon CN Sheldon Glenn ID SIG or ENC serialnumber 42000000006 Certificates to be issued Identity at Basic Software 256 Signature at Basic Software 256 Encryption at Basic Software 256 BEE ovine 10 The generating certificates screen will appear PLEASE WAIT Your certificates are being generated and will be installed when ready This should only take a few seconds gt ii Fetching Encryption certificate sta v Fetching Signature certificate se Fetching Identity certificate Identity Management Simplified Carillon eShop User Guide 11 You will have to Click Yes a few times Web Access Confirmation This Web site is attempting to perform a digital certificate operation on your behalf https certserv carillon ca certsery req gen ms php You should only allow known Web sites to per
53. t you have the latest version of Java installed That the Carillon Trust Chain including the Carillon Root CA and the Carillon Signing CA Certificates are installed These must be installed either by a workstation administrator or Active Directory administrator to the appropriate Trust Stores Instructions to download can be found in Section 2 of THIS document That the user who will be provisioned with Certificates has the ability to generate keys and install certificates into their personal trust store That the CARILLON CA domain is allowed to send emails to the users to be provisioned with certificates without having any URLs in the emails being modified replaced or otherwise altered This may involve whitelisting the CARILLON CA domain in your email filtering software or provider This is required to ensure that users can interact with the Certification Authority in a secure manner Should the users be using provisioned certificates for encrypted email the following will need to be ensured in the user environment o Each user must be able to access dir carillon ca on port TCP 389 and be able to communicate using the LDAP protocol Please ask your Carillon Sales representative about our enterprise Certificate Discovery Service if this is not desirable in your environment Identity Management Simplified 6 Carillon eShop User Guide o That emails that are encrypted using S MIME be configured to not be filtered disallo
54. tificate store A certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue click Next 4 Select on the Place all certificates in the following store and then click the Browse button Serge ts Import Wizard Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate Automatically select the certificate store based on the type of certificate ome Learn more about certificate stores Identity Management Simplified Carillon eShop User Guide 5 Click on Intermediate Certification Authorities and then click on the OK button Select Certificate Store C Trusted Roo Ente pris Show physical stores lt 2 6 The following information will appear in the window click on the Next button Certificate Import Wizard __ 3s Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate C Automatically select the certificate store based on the type of certificate Place all certificates in the following store Certificate store
55. to establish secure network connections A certificate store is the system area where certificates are kept To continue click Next 4 Select the Place all certificates in the following store option and the click the Browse button Certificate Import Wizard pzs _ o RE eee Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate C Automatically select the certificate store based on the type of certificate a Learn more about certificate stores Identity Management Simplified Carillon eShop User Guide 5 The following window will appear click on Trusted Root Certification Authorities and then click OK Select Certificate Store Certificate Import Wizard Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location for the certificate Automatically select the certificate store based on the type of certificate Place all certificates in the following store Certificate store Trusted Root Certification Authorities Learn more about certificate stores Page 21 Identity Management Simplified Carillon eShop User Guide 7 The following window will appear click on the Finish button Certificate Import Wizard Completing the
56. ur principle examples because these are the ones we use for Carillon CA issued certificates purchased from our Carillon eShop Installing the appropriate Trust Chain certificates on your computer or laptop ensures that your personal certificates will then be correctly installed recognized and trusted by your applications such as your web browser or email client You will need to first download the Carillon Trust Chain certificates These trust chain certificates are required in order to validate the certificates that will be purchased from the Carillon Certificate eShop The Carillon Trust Chain is comprised of the following two certificates The https pub carillon ca CAcerts CISRCA1 cer Root Certificate and The Carillon PKI Services CA 1 https pub carillon ca CAcerts CISCA1 cer Intermediate or Signing Certificate These certificates can also be downloaded directly from the Carillon PKI public repository website https oub carillon ca by clicking on the DER button for each certificate lf you are using these certificates as part of the Boeing supply chain you need to download the Boeing Trust Chain certificates The Boeing Trust Chain certificates are required for secure email communication between Boeing and its partners The Boeing Trust Chain is comprised of the following two certificates The Boeing Root CA certificate The Boeing Company Root Certificate Authority crt and The Boeing Secure Messaging G2 certificate Boei
57. ut cannot send encrypted e mails A There may be a problem with how your LDAP proxy was configured on your Workstation Using Outlook Check under Account Settings gt Address books verify that the LDAP is setup and pointing to dir carillon ca Under Name double click on the directory dir carillon ca Click on the More Settings button to verify that port 389 is selected If in the Connection Details box the port setting is not correct you should change it to 389 lf the configuration is properly setup as described then there may be some firewall policies in place on the network and you will need to resolve those issues with your company s Network Administrators Page 72 Identity Management Simplified 6 Carillon eShop User Guide 9 NETWORK ADMINISTRATOR TROUBLESHOOTING This section is to assist Network Administrators in diagnosing certain common problems that may occur after setting up the certificates on your system References are made to tools that the Network Administrator will have at their disposal in order to perform these tasks 9 1 Test link to the Carillon LDAP Proxy 1 To test your configuration to the Carillon LDAP Proxy click the Start Menu button and in the Search programs and files field type cmd and press the Enter key to open the Windows Command Prompt F see Computer Control Panel clo Microsoft Outlook 2010 Devices and Printers sy iTunes Default Programs m Calcu
58. wed or blocked when passing through your organisations mail filtering and content scanning systems or services e That there are no network proxies that interfere with Client Server mutual TLS authentication between any of the following URLs o https pub carillon ca o https certstore carillon ca o https www carillon ca This includes any TLS SSL firewall or inspection products that involve technology that man in the middle TLS sessions for the purposes of content scanning If such products are used the above URLs must be white listed to pass through such devices without any interference or interception e That the Java applet is not prohibited from running in Secure mode i e is able to perform security sensitive operations and is able to interact with the smartcard and Microsoft Cryptographic Application layer e That the user s computer is synchronized to a timesource that ensures that the system clock is no more than 20 seconds out of alignment with true time in that users timezone or GMT e That there be no Javascript blockers popup blockers or other content filters at the user s browser that would interfere with the operation of the CertServ or other Carillon provided or hosted applications 1 1 2 Network Environment Many corporate computer networks enforce something called Group Policy Objects GPOs which set rules on any workstation that is connected to the enterprise Active Directory systems We ca
59. you can in fact lookup certificates open the shell and make sure you are in the directory with OpenLDAP or equivalent tool in order to do an ldapsearch 7 Then type this command ldapsearch xh dir carillon ca mail captainbob carillon ca Where captainbob carillon ca is the email address of the certificates you are looking for If the search was successful you should see a user Certificate entry returned a giant block of text certificate should be displayed This means the email is correct If you re still unable to send the person email it is likely due to their certificate being expired or revoked mail captainbobicarillon ca WIZE SIERILTISAbI pL Luar BH HACC bgegAWlbaAgLeLIShRig tGaAcIL i eli AUIE Abe Boo oe TRE we MATE A ea TM Cote Ge Cras tg ahi Pe RP si Se ede A Te Identity Management Simplified 6 Carillon eShop User Guide lf the search was not successful the following output will be returned This means that this email address is not in the certificate directory Contact the owner of the email address and make sure the email address you typed in is correct If the email address is spelled correctly the owner does not hold a certificate and should not be communicated with NOTE You CANNOT use a directory browser to verify connectivity The directory is configured to answer specific queries for user Certificate entries by people knowing email addresses and to not allow for browsing

Carillon eShop User's Guide - Carillon Information Security Inc.

Contents

Download Pdf Manuals

Related Search

Related Contents