子ページ
  • Certificate Issue Web Site Manual: Internet Explorer Edition

比較バージョン

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

Revision History

Rev.

Date (YYYY/MM/DD)

Description

Editor

V.1.0

2015/4/1

First revision

NII

V.1.1

2016/12/26

Amendment with addition of [NII Open Domain S/MIME CA] as a new Certificate Authority

NII

V.2.2

2018/2/26

Addition of steps to change the language in the certificate retrieval procedure and amendment associated with the operating environment change.

NII

V.2.32021/10/12Change of issuance method by web enrollment.NII


Table of Content

目次

Table of Content
1. Setting the Browser
1-1. Internet Explorer Settings
2. Retrieving the Certificate
2-1. Prerequisites
2-2. Certificate Retrieval
2-2-1. Notification of URL for the Certificate Retrieval
2-2-2. Retrieving the Certificate Using Internet Explorer
3. Exporting the Certificate (for Backup)
3-1. Exporting the Certificate Using Internet Explorer (for Backup) 
アンカー
_1._Setting_the
_1._Setting_the

...

You have to enable JavaScript and ActiveX in [Internet options], add [https://scia.secomtrust.net] to the Trusted sites and set up the Compatibility View.https://scia.secomtrust.net
See below for the procedures for these settings.

Setting Internet Options (O)


  1. You have to add the URL in the Trusted sites first. Open your Internet Explorer, click the [Tools] button, and then click [Internet options (O)].


  2. In the [Internet options] window, select the [Security] tab and then [Trusted sites]. Click the [Sites (S)] button.


  3. In the Trusted sites dialog box, Enter [https://scia.secomtrust.net] in the [Add this website to the zone:] box
    and click [Add (A)].https://scia.secomtrust.net


  4. Make sure that the entered URL now appears in the [Websites (W)] list and click [Close (C)] to finish.


    This completes addition of the URL in the Trusted sites.

  5. You have to set up JavaScript and ActiveX next. Return to the [Internet options] window and click [Custom level (C)...].  
    In the [Security Settings - Trusted Sites Zone] window, scroll down the Settings field
    until you see [Initialize and script ActiveX controls not marked as safe for scripting].


  6. Select [Prompt] for [Initialize and script ActiveX controls not marked as safe for scripting].


  7. Scroll the Settings field further down to make sure that the [Active scripting] and [Scripting of Java applets] is [Enabled] and then click [OK].
    (If [Enabled] is not selected, select it and then click [OK].)
     
      


  8. You will get the following dialog. Click [Yes (Y)].


  9. Returning to the [Internet options] window, click [OK] to finish. 
    Note: If the [Enable Protected Mode] checkbox is checked, uncheck it.
     
     

    This completes the JavaScript and ActiveX settings.

  10. You now have to set up the Compatibility View settings. Click the [Tools] button, and then click [Compatibility View settings (B)].
    Image Removed
    Make sure that [Image Added

  11. If "secomtrust.net] " is entered in the [Add this website (D)] box and click [Add (A)].
    Image Removed
    included in "Websites you've added to Compatibility View", click [Remove].
    Uncheck [Display intranet sites in Compatibility View] and [Use Microsoft Compatibility Lists] if they are checked, and then click [Close].
    Image AddedMake sure that [secomtrust.net] is duly added in the [Websites you've added to Compatibility View (W):] box and click [Close (C)].
    Image Removed

    This completes the Compatibility View settings.
    If the compatibility view is set, the error message "SPKAC analysis failed." will be displayed when the certificate is issued.


アンカー
_2._Retrieving_the
_2._Retrieving_the
2. Retrieving the Certificate

...

Process of Issuing the Certificate Using Internet Explorer

By specifying the web browser used for this system as the [Default] web browser, failure of the client authentication (including access failures) should be prevented.

In this document, setting up the following prior to retrieving the certificate is recommended. 
Select [Settings} in the Windows Menu, and after getting the Settings window,
make sure that Internet Explorer is specified as [Apps] > [Default apps] > [Web browser].
If not, specify [Internet Explorer]


.


  
   
 
  

  1. To retrieve the certificate using Internet Explorer, changing ActiveX controls in advance is required. For the details, see [1-1 Internet Explorer Settings].

  2. According to the instruction in [2-2-1. Notification of URL for the Certificate Retrieval], access the certificate retrieval URL provided in the e-mail. 
    If the following dialog box pops up, make sure that [https://scia.secomtrust.net] is specified in the Trusted sites and click [Yes].https://scia.secomtrust.net
     
     

    <<Getting the Windows Security dialog box instead?>> 
      If the selection dialog box of certificate pops up, click [Cancel].



  3. In the password prompt, enter the Access PIN you have received.
    Image Removed Image Added

      • To change the language, click the link in the upper right corner.
        Clicking [日本語] changes the language to Japanese.
        Clicking [English] changes the language to English
    .
    Image Removed
    A security warning dialog box will pop up. Click [Yes (Y)].
    Image Removed
    If the [Web Access Confirmation] dialog box pops up instead, also click [Yes (Y)]
      • .
    Image Removed
    Once you complete authentication by the Access PIN, the screen will change to the CSP (Cryptographic Service Provider) and Key Length selection.
    Select the CSP and a Key Length respectively. 
    Specify Microsoft Enhanced Cryptographic Provider v1.0 for CSP and 2048bit for Key Length. Then, click [Issue].
    Image Removed
    Note: The default CSP is [Microsoft Base Cryptographic Provider v1.0].
    Be sure to select [Microsoft Enhanced Cryptographic Provider v1.0] instead of [Microsoft Base

  4. Cryptographic Provider v1.0] as they look alike.
     Now, you install the Client Certificate.
    Clicking the [Installing the Client Certificate] button, the security warning and the [Web Access Confirmation] dialog boxes will pop up.
    Click [Yes (Y)] for both.
    Image Removed
    Image Removed
    Image Removed
    Then, the following message will pop up when the client certificate install is successful. Click [OK].
    Image Removed
    Now, the screen changes to the [Take Issue a Certificate] screen, make sure that the certificate for the registration personnel is actually installed in the web browserdownloaded
    Follow the steps in the [blue box 1] shown in your browser, open the [Certificates] dialog box, make sure that [a user name in full] is specified to
    [Issued To] and [Open Domain CA - G4] or [Open Domain S/MIME CA] is specified to [Issued By], and click [Close].
    Note 1: Following the [blue box 1] steps will give what you see in the [blue box 2] that confirms successful download of the certificate for the registration personnel.
    Note 2: Actual [Issued To] and [Issued By] will be different from those in the screenshot.
    Image Removed 
      
     
    Image Removed
  5. Moving to the [Confirmation of Certificate] screen, follow the steps in the web page and clear the browser SSL status. 
      Then, click the URL provided there and make sure that you can log in to this system.
    Image Removed
    Image Removed
  6. Once confirmed, click [Close] and log out of the system.

...

  1. Image Added

  2. After the certificate is successfully issued, select "Save".
    Image Added

  3. If the certificate is successfully issued, the certificate will start downloading.
    When the download is complete, click the "X" button on your browser to close the browser.
    Image Added

  4. In order to import the downloaded P12 file, please refer to the Please refer to the manual below to import it.
    It is recommended that you back up this file. However, please handle it with care.

    Internet Explorer/ Edge/ Chrome/ Opera (Windows) Edition


  5. Checking the existence of the certificate
    To check if the certificate import is complete, refer to the following manual.

The procedure to export the certificate (for backup) is described.

...

This section describes the procedure to export the certificate using [Internet Explorer].

Process of Issuing the Certificate Using Internet Explorer

    With Internet Explorer, click the [Tools] button, and then click [Internet options (O)].
    Image Removed
    Select the [Content] tab in the [Internet Options] dialog box, and click [Certificates (C)]. 
    Image Removed
  1. Select the installed certificate of the person in the [Personal] tab, and click [Export...(E)].
    Image Removed
     
  2. In the resulting Certificate Export Wizard, click [Next (N)]. 
    Image Removed
    Select [Yes, export the private key] in the Export Private Key dialog box, and click [Next (N)]. 
    Image Removed
    Select both [Include all certificates in the certification path if possible (U)] and [Export all extended properties (A)] in the Export File Format dialog box, and click [Next (N)]. 
    Image Removed
    Check the [Password (P)] checkbox and enter any preferred password. Retype the same password in the [Confirm password:] box. Click [Next (N)]. 
    Note: Forgetting to enter this password will disable use of the exported certificate.
     Image Removed
    Enter any single-byte string in the [Filename: (F)] box as the name of the file to export.
    Then, click [Next (N)]. If the save-to location is not specified, the exported file will be stored in the Desktop (folder).
    Image Removed
    In the [Completing the Certificate Export Wizard] dialog box, click [Finish].
    Image Removed
    Click [OK] in the following dialog box.
    Image Removed 
     
    This completes exporting the certificate using Internet Explorer (for backup). 
    Store the exported certificate in a secure location. 

    Checking Existence of the Certificate Using Internet Explorer