Request Digital Certificate by ndb36858

VIEWS: 0 PAGES: 7

More Info
									                          CWOPA - Request a Digital Certificate

The “Request a Digital Certificate” process is yearly and must be downloaded.

Issues:
    OS supported are Windows 2000, XP, Vista and “’7’ 32-bit” Professional, Enterprise.
    Internet Explorer 6, 7, or 8 ONLY - No Netscape, etc.; web site might not be viewable)
    Windows 7 Home Edition or Windows 7 (64-bit) versions are not supported.
    Windows XP Home Edition version is not supported.
    You MUST be on the commonwealth network or have your POC request the certificate
     using your credentials.
    The PC/Laptop MUST display the correct time (daylight saving time patch applied)
    If you are not being prompted for cwopa\Username and password when connecting to
     www.icopapki.state.pa.us, check your IE Internet Options > Security > Custom Level >
     check the “Prompt for user name and password”

Error Message:
1) Microsoft Internet Explorer “Unable to install certificate: Error 0x80090016 - Certificate is
   corrupt”:
   a) If non-commonwealth owned PC/Laptop, call your software support to correct Internet
      Explorer (usually a XP Home Edition OS).
   b) If commonwealth owned PC/Laptop, contact the agency affiliated with the certificate.

NEW Internet Explorer 8 Information:
If you are using Internet Explorer 8 you must perform some additional steps. Please refer to IE
8 cert request - CWOPA.doc before continuing.

Download the Digital Certificate:
  1. Open Internet Explorer to http://www.icopapki.state.pa.us. The Enterprise Certificate
     Services Registration Site screen is displayed.

   2. Select “Click here” below the disclaimer box. This will allow you to request a certificate
      that will ensure RAS security.




                                                                                                   1
3. Click “Yes” if the Security Alert screen is displayed.




4. Enter your cwopa Username and Password and then click “OK”.
      a. The RAS Username must be prefixed by cwopa\
      b. W2000 users will have the domain line displayed where cwopa can be entered.




                                                                                       2
5. Select the “Request a certificate” link.




6. Select the “Create and submit a request to this CA” link.




                                                               3
7. Select the following options on the Advanced Certificate Request screen:
      a. In the “Certificate Template” drop-down select the template type
              i. “CoPA Authentication Session-Auto”
             ii. Select a different option if required.
      b. In the “Key Options” drop-down make sure the following is displayed:
              i. CSP: “Microsoft Strong Cryptographic Provider”
      c. Select the “Submit” button to start generating the request.




8. Select “Yes” on the Potential Scripting Violation screen.




                                                                                4
9. Select the “Set Security Level” button.




10. Select “High” to make this certificate password protected and then click “Next>”.




                                                                                        5
11. Enter the following information on the Creating a new RSA signature key screen and
   select “Finish” when completed.
      a. Enter a unique password in the “Password” field that will also be used through
          the Export and Import process. Anything alpha and / or numeric will work.
      b. Re-enter the unique password in the “Confirm” field.
      c. This Password remains the same for this yearly certificate.




   NOTES: Please be aware of the following:
        Windows XP - “Password for:” field = CryptoAPI Private Key will be displayed.
        Windows 2000 - “Password for:” field will be empty.

12. Select “OK” to confirm the setting.




                                                                                          6
13. Select “Install this certificate”. It may take a few moments for the certificate icon to
   appear so please be patient and wait for the icon to appear before clicking the link.




14. Select “Yes”. The next screen may take a few minutes to appear.




15. A “Certificate Installed” confirmation message is displayed when the certificate has
   been successfully downloaded and installed. Close (X) the screen.




16. Open the “Export and Import a digital certificate” doc and complete the instructions
   for exporting/importing the digital certificate to your machine.

                                                                                               7

								
To top