子ページ
  • Certificate Issue Web Site Manual: Internet Explorer Edition

このページの古いバージョンを表示しています。現在のバージョンを表示します。

現在のバージョンとの相違点 ページ履歴を表示

バージョン 1 次のバージョン »

Revision History

Rev.

Date (YYYY/MM/DD)

Description

Editor

V.1.0

2015/4/1

First revision

NII

V.1.1

2016/12/26

Amendment with addition of [NII Open Domain S/MIME CA] as a new Certificate Authority

NII

V.2.2

2018/2/26

Addition of steps to change the language in the certificate retrieval procedure and amendment associated with the operating environment change.

NII


Table of Content
1. Setting the Browser
1-1. Internet Explorer Settings
2. Retrieving the Certificate
2-1. Prerequisites
2-2. Certificate Retrieval
2-2-1. Notification of URL for the Certificate Retrieval
2-2-2. Retrieving the Certificate Using Internet Explorer
3. Exporting the Certificate (for Backup)
3-1. Exporting the Certificate Using Internet Explorer (for Backup) 

1. Setting the Browser

Sections to follow discuss how to set up the browser prior to using this system.

1-1. Internet Explorer Settings

You have to enable JavaScript and ActiveX in [Internet options], add [https://scia.secomtrust.net] to the Trusted sites and set up the Compatibility View.https://scia.secomtrust.net
See below for the procedures for these settings.

Setting Internet Options (O)


  1. You have to add the URL in the Trusted sites first. Open your Internet Explorer, click the [Tools] button, and then click [Internet options (O)].


  2. In the [Internet options] window, select the [Security] tab and then [Trusted sites]. Click the [Sites (S)] button.


  3. In the Trusted sites dialog box, Enter [https://scia.secomtrust.net] in the [Add this website to the zone:] box
    and click [Add (A)].https://scia.secomtrust.net


  4. Make sure that the entered URL now appears in the [Websites (W)] list and click [Close (C)] to finish.


    This completes addition of the URL in the Trusted sites.

  5. You have to set up JavaScript and ActiveX next. Return to the [Internet options] window and click [Custom level (C)...].  
    In the [Security Settings - Trusted Sites Zone] window, scroll down the Settings field
    until you see [Initialize and script ActiveX controls not marked as safe for scripting].


  6. Select [Prompt] for [Initialize and script ActiveX controls not marked as safe for scripting].


  7. Scroll the Settings field further down to make sure that the [Active scripting] and [Scripting of Java applets] is [Enabled] and then click [OK].
    (If [Enabled] is not selected, select it and then click [OK].)
     
      


  8. You will get the following dialog. Click [Yes (Y)].


  9. Returning to the [Internet options] window, click [OK] to finish. 
    Note: If the [Enable Protected Mode] checkbox is checked, uncheck it.
     
     
    This completes the JavaScript and ActiveX settings.

  10. You now have to set up the Compatibility View settings. Click the [Tools] button, and then click [Compatibility View settings (B)].


  11. Make sure that [secomtrust.net] is entered in the [Add this website (D)] box and click [Add (A)].


  12. Make sure that [secomtrust.net] is duly added in the [Websites you've added to Compatibility View (W):] box and click [Close (C)].


    This completes the Compatibility View settings.


2. Retrieving the Certificate

2-1. Prerequisites

The prerequisites for retrieving the Certificate are described. Replace the technical terms according to the user environment in which the Certificate will be retrieved.
(The procedures required for Microsoft Internet Explorer 11 are described in this document.)

Prerequisites

  1. You have the Access PIN issued by the certificate use administrator;
  2. you have received the e-mail designating the certificate retrieval URL; and
  3. Microsoft Internet Explorer is installed.


2-2. Certificate Retrieval

2-2-1. Notification of URL for the Certificate Retrieval

Once you complete the certificate application, you will receive the e-mail from this system that notifies the certificate retrieval URL for the certificate download.
Access the certificate URL in the e-mail message and retrieve the certificate.

Notification of URL for the Certificate Retrieval

[Title] 
client certificate issue acceptance notice 
 
 
snip 
 
# Please find below the URL for the requested certificate retrieval. 
 
Please download a client certificate accessing the following certificate acquisition URL.
Please correctly enter access PIN acquired at 1) for request of entering access PIN accessing the certificate acquisition URL.
The download of a certificate is going to start as the authentication by the access PIN is completed.

certificate acquisition URL:https://scia.secomtrust.net/~*(https://scia.secomtrust.net/~) + <- Access this URL to retrieve the Certificate. 
 
snip

2-2-2. Retrieving the Certificate Using Internet Explorer

Retrieving the Certificate using [Internet Explorer] is described.

Process of Issuing the Certificate Using Internet Explorer

By specifying the web browser used for this system as the [Default] web browser, failure of the client authentication (including access failures) should be prevented.

In this document, setting up the following prior to retrieving the certificate is recommended. 
Select [Settings} in the Windows Menu, and after getting the Settings window,
make sure that Internet Explorer is specified as [Apps] > [Default apps] > [Web browser].
If not, specify [Internet Explorer]


.


  
   
 
  

  1. To retrieve the certificate using Internet Explorer, changing ActiveX controls in advance is required. For the details, see [1-1 Internet Explorer Settings].

  2. According to the instruction in [2-2-1. Notification of URL for the Certificate Retrieval], access the certificate retrieval URL provided in the e-mail. 
    If the following dialog box pops up, make sure that [https://scia.secomtrust.net] is specified in the Trusted sites and click [Yes].https://scia.secomtrust.net
     
     
    <<Getting the Windows Security dialog box instead?>> 
      If the selection dialog box of certificate pops up, click [Cancel].



  3. In the password prompt, enter the Access PIN you have received.


    • To change the language, click the link in the upper right corner.
      Clicking [日本語] changes the language to Japanese.
      Clicking [English] changes the language to English.



  4. A security warning dialog box will pop up. Click [Yes (Y)].


  5. If the [Web Access Confirmation] dialog box pops up instead, also click [Yes (Y)].


  6. Once you complete authentication by the Access PIN, the screen will change to the CSP (Cryptographic Service Provider) and Key Length selection.
    Select the CSP and a Key Length respectively. 
    Specify Microsoft Enhanced Cryptographic Provider v1.0 for CSP and 2048bit for Key Length. Then, click [Issue].


    Note: The default CSP is [Microsoft Base Cryptographic Provider v1.0].
    Be sure to select [Microsoft Enhanced Cryptographic Provider v1.0] instead of [Microsoft Base Cryptographic Provider v1.0] as they look alike.
     
  7. Now, you install the Client Certificate.
    Clicking the [Installing the Client Certificate] button, the security warning and the [Web Access Confirmation] dialog boxes will pop up.
    Click [Yes (Y)] for both.






  8. Then, the following message will pop up when the client certificate install is successful. Click [OK].


  9. Now, the screen changes to the [Take a Certificate] screen, make sure that the certificate for the registration personnel is actually installed in the web browser. 
    Follow the steps in the [blue box 1] shown in your browser, open the [Certificates] dialog box, make sure that [a user name in full] is specified to
    [Issued To] and [Open Domain CA - G4] or [Open Domain S/MIME CA] is specified to [Issued By], and click [Close].

    Note 1: Following the [blue box 1] steps will give what you see in the [blue box 2] that confirms successful download of the certificate for the registration personnel.
    Note 2: Actual [Issued To] and [Issued By] will be different from those in the screenshot.
     
      
     


  10. Moving to the [Confirmation of Certificate] screen, follow the steps in the web page and clear the browser SSL status. 
      Then, click the URL provided there and make sure that you can log in to this system.

  11. Once confirmed, click [Close] and log out of the system.


3. Exporting the Certificate (for Backup)

The procedure to export the certificate (for backup) is described.

3-1. Exporting the Certificate Using Internet Explorer (for Backup)

This section describes the procedure to export the certificate using [Internet Explorer].

Process of Issuing the Certificate Using Internet Explorer

  1. With Internet Explorer, click the [Tools] button, and then click [Internet options (O)].


  2. Select the [Content] tab in the [Internet Options] dialog box, and click [Certificates (C)]. 


  3. Select the installed certificate of the person in the [Personal] tab, and click [Export...(E)].

     
  4. In the resulting Certificate Export Wizard, click [Next (N)]. 


  5. Select [Yes, export the private key] in the Export Private Key dialog box, and click [Next (N)]. 


  6. Select both [Include all certificates in the certification path if possible (U)] and [Export all extended properties (A)] in the Export File Format dialog box, and click [Next (N)]. 


  7. Check the [Password (P)] checkbox and enter any preferred password. Retype the same password in the [Confirm password:] box. Click [Next (N)]. 
    Note: Forgetting to enter this password will disable use of the exported certificate.
     

  8. Enter any single-byte string in the [Filename: (F)] box as the name of the file to export.
    Then, click [Next (N)]. If the save-to location is not specified, the exported file will be stored in the Desktop (folder).


  9. In the [Completing the Certificate Export Wizard] dialog box, click [Finish].


  10. Click [OK] in the following dialog box.
     
     
    This completes exporting the certificate using Internet Explorer (for backup). 
    Store the exported certificate in a secure location. 
  • ラベルがありません