Smart card installation and management guide Trace One Portal/Workstation Version 2.0
Trace One - 6, Avenue Marceau - 75008 Paris - Tel: +33 (0) 1 56 90 24 24 - Fax: +33 (0) 1 56 90 24 25 - www.traceone.fr
Smart card installation and management guide
1 Introduction
CONTENTS
1
INTRODUCTION...................................................................................................................................... 2
2
OVERVIEW.............................................................................................................................................. 3
3
INSTALLING SOFTWARE COMPONENTS................................................................................................ 4
4
SMART CARD MANAGEMENT AND CERTIFICATE REQUESTS ............................................................... 11 4.1 CHANGING YOUR SMART CARD PIN CODE ............................................................................ 11 4.2 CERTIFICATE REQUEST .................................................................................................................. 13 4.3 CERTIFICATE REQUEST VALIDATION ........................................................................................... 16 4.4 CERTIFICATE WITHDRAWAL ......................................................................................................... 17
5
USING THE SMART CARD ON ANOTHER COMPUTER ........................................................................... 19
6
CONNECTING TO TRACE ONE .............................................................................................................. 21
APPENDIX: PROBLEMS – DIAGNOSIS AND SOLUTIONS .............................................................................. 22
Copyright © Trace One S.A. 2005, No part of this document may be copied, reproduced, translated, or transmitted in any form or by any means without the prior written consent of Trace One S.A. The information contained in this document is subject to change without notice.
1 Introduction This guide explains how to install your workstation and manage your smart card. Before installing the Trace One client workstation, you must: 1.
Have a computer equipped and configured according to the prerequisites available on our Web site: http://www.traceone.net/installation
1.
Install software components supplied in the installation CD-ROM.
2.
Generate your certificate and register with Trace One.
If you need assistance, please contact Trace One Technical Support Centre. Contact details are as follows: Telephone: +33(0)1 56 90 24 34 (open Monday to Friday, from 8 AM to 8 PM) Technical Support E-mail:
[email protected] Would you have any other queries, please send an e-mail to:
[email protected]
Trace One Portal/Workstation/Version 2.0
Page 2 / 25
Smart card installation and management guide
2 Overview
2 Overview A user can be registered when his/her company has subscribed to Trace One services and has nominated a Correspondent acting as sole contact with Trace One. The user must then ask for the Certificate Request Form (CRF) from the nominated Trace One Correspondent, enter the information required and sign the form before returning it to the Correspondent, who will check the form, set user rights up for each workspace, sign the form and send it to Trace One. Trace One creates an user account from the information mentioned in the CRF. An e-mail is then automatically sent to the user indicating that his/her certificate request can be made directly on the portal. The user connects via the URL link indicated in the e-mail to make his/her certificate request. At this stage the following software components should have been installed:
)
Warning, do not connect the Gemplus card reader to your computer before step 6.
Step 1: Check your computer configuration. Step 2: Install Infomosaic SecureXML. Step 3: Install Trace One components. Step 4: Install Acrobat Reader 7.0. Step 5: Install Gemplus card reader driver. Step 6: Connect Gemplus card reader to your computer. When software components have been installed, each user must change the secret code of his/her smart card and request his/her certificate: Step 7: Change PIN code of your smart card. Step 8: Request your certificate. Step 9: Download the certificate validated by Trace One. Step 10: Log on and use the Trace One Portal.
Here are the Software components being installed: "Trace One components" include shortcuts to the portal, tool to check the configuration (which is installed on your workstation) and third-party product licenses. "Gemplus component" is required to have the smart card reader operational. "Infomosaic component" is required to sign electronic documents onto the Trace One portal.
Trace One Portal/Workstation/Version 2.0
Page 3 / 25
Smart card installation and management guide
3 Installing software components
3 Installing software components
)
At this stage, double-check that the smart card reader is NOT connected to your computer.
STARTING INSTALLATION PROCESS 1.
Insert the installation CD in your CD-ROM drive.
L
The following home page appears. If not, access the root directory of the CD using Windows explorer and click on the file Index.htm.
2.
Select the language: French or English.
3.
Click on "Next".
4.
Read the Trace One license contract - Approve it by clicking on "Next".
STEP 1: CONFIGURATION CHEKING 5.
Step 1 – Check your computer configuration, click on "Check" :
Trace One Portal/Workstation/Version 2.0
Page 4 / 25
Smart card installation and management guide
6.
If the following "Download file" dialog box appears, click on "Execute":
7.
This is the configuration check tool :
3 Installing software components
The "System Configuration" frame gives you information about your O/S and Internet Explorer Versions. The "Installed Products" frame indicates the software components already installed on your workstation. The "Missing Products" frame indicates system and software components not installed on your computer. This frame may appear empty if all the needed components are present.
) 8.
If the "Missing Products" frame appears with components listed inside, you must install these components before proceeding further.
Close the window and return to the page displaying Step 1. Click on "Next".
Trace One Portal/Workstation/Version 2.0
Page 5 / 25
Smart card installation and management guide
3 Installing software components
STEP 2: INFOMOSAIC 1.
Step 2: Installation of Infomosaic SecureXML ActiveX, Click on "Install":
2.
If the "Download file" dialog box appears, click on "Execute".
3.
The following dialog box appears:
4.
Click on "Next".
5.
The dialog box containing conditions of use of the Infomosaic SecureXML component appears. Read them and click "Yes" to agree.
6.
Enter your name, first name, and the name of your company. Check that the option "Anyone who uses this computer (all users)" is selected. Click on "Next".
7.
Select your installation directory and click "Next" to continue.
8. The "Setup Type" dialog box appears. Select option "Typical" and click "Next" until the installation of this component ends, then click on "Finish". Closing this dialog box automatically opens a file titled Readme.txt. You can read it later, for now close it without reading. 9.
Return to the page displaying Step 2. Click on "Next".
Trace One Portal/Workstation/Version 2.0
Page 6 / 25
Smart card installation and management guide
3 Installing software components
STEP 3: TRACE ONE COMPONENTS 1.
Step 3: Installation of specific Trace One components. Click on "Install":
2.
If the "Download file" dialog box appears, click on "Execute".
3.
You’re now in the process to install Trace One components:
4.
Click on "Next".
5.
Select your installation directory and click "Next" to continue.
6.
Select the shortcuts to be installed on the desktop of your workstation. Click "Next" to continue.
7.
Click on "Finish".
8.
Return to the page displaying Step 3. Click on "Next".
Trace One Portal/Workstation/Version 2.0
Page 7 / 25
Smart card installation and management guide
3 Installing software components
STEP 4: ACROBAT READER
L
If you have Acrobat Reader already installed, you can pass directly onto Step 5 by clicking Next.
1.
Step 4: Installation of Acrobat Reader. Click on "Install"
2.
If the "Download file" dialog box appears, click on "Execute".
3.
The dialog box proposing to install Acrobat Reader appears. Click "Next" until the end of the installation. You will then see this message: "Thank you for choosing Acrobat Reader".
4.
Click on "OK".
5.
Return to the page displaying Step 4. Click on "Next".
Trace One Portal/Workstation/Version 2.0
Page 8 / 25
Smart card installation and management guide
3 Installing software components
STEP 5: GEMPLUS 1. Step 5: installation of Gemplus card reader driver. Click on "Install":
2. If the "Download file" dialog box appears, click on "Execute".
3. The following dialog box appears:
4. Click on "Next". 5. The dialog box containing conditions of use of Gemplus software appears. Select the option: "I accept the terms in the license agreement". 6. Select your installation directory and click "Next" to continue. 7. Select option "Complete" and click on "Next".
Trace One Portal/Workstation/Version 2.0
Page 9 / 25
Smart card installation and management guide
)
3 Installing software components
6.
The following dialog box appears, select the first option and click on "Next":
7.
Click on "Install".
8.
Installation proceeds, when an "InstallShield Wizard" dialog box appears, Click on "Finish".
9.
The following dialog box appears:
Restart is needed to take into account the new parameters installed. Click "Yes" to restart your computer. After restarting, you can now connect the smart card reader to an USB port of your computer.
Trace One Portal/Workstation/Version 2.0
Page 10 / 25
Smart card installation and management guide
4 Smart card management and certificate requests
4 Smart card management and certificate requests 4.1 Changing your smart card PIN code The PIN code protects access to the content of your smart card and therefore to the personal and confidential data it contains.
)
When receiving your card, you must immediately change the default code and keep your new code secret.
A valid USER PIN code contains 4 alphanumeric characters excluding character ‘|’. You will be prompted to enter your USER PIN code each time an access to the content of your smart card is required. For security reason, the USER PIN code is blocked after 3 incorrect entries and the card can no longer be used. Only your Trace One Correspondent can unblock it.
How to change your PIN code? 1.
Run the GemSAFE Card Details Tools program, accessible via:
- Start/Programs/Gemplus for Windows 2000 workstations. - Start/All programs/Gemplus for Windows XP workstations. 2.
The following screen appears:
Enter your PIN code and click "Verify".
Trace One Portal/Workstation/Version 2.0
Page 11 / 25
Smart card installation and management guide
3.
Go to menu PIN > Change PIN…,
4.
The following dialog box appears. Select the option "User PIN":
4 Smart card management and certificate requests
In front of Old User PIN box, enter the value of the USER PIN code currently in use.
Then enter your new USER PIN code in the New User PIN box (4 alphanumeric characters excluding character ‘|’).
To confirm, re-enter your new code in the Confirm User PIN box.
Then, click on "Change".
5.
If values entered are different, you obtain an error message "The input for New PIN and PIN confirmation is not equal". In this case, click on "OK" and return to Step 3.
6.
Close the GemSAFE Card Details Tools program.
L
You may modify your USER PIN code at any time and as many times as you wish.
Trace One Portal/Workstation/Version 2.0
Page 12 / 25
Smart card installation and management guide
4 Smart card management and certificate requests
4.2 Certificate request You must have a digital certificate delivered by the Trace One Certification Authority in order to connect to Trace One services. The following procedure explains how to withdraw your certificate. How to request your certificate? 1.
Click on the "Trace One Portal" icon on the desktop or from the Windows toolbar: Select: - Start/Programs/Trace One/Trace One Portal for Windows 2000 workstations. - Start/All programs/Trace One/Trace One Portal for Windows XP workstations.
2.
In the application home page, click on : "For new subscribers":
3.
A "Security Alert" dialog box appears. Click on "Yes".
Trace One Portal/Workstation/Version 2.0
Page 13 / 25
Smart card installation and management guide
4 Smart card management and certificate requests
4.
In the next dialog box, enter your user name (indicated in the e-mail) and your password (corresponding to the secret code you indicated in your Certificate Request Form):
5.
You reach the Certificate Services Page. Select option 1: "Request a certificate from the Trace One Certification Authority"
Trace One Portal/Workstation/Version 2.0
Page 14 / 25
Smart card installation and management guide
4 Smart card management and certificate requests
If your computer is not up-to-date with some current Microsoft components, the following dialog boxes may appear. Click on "Yes":
6.
In the following page, check that the identification information displayed (your name, e-mail, company, town and country) are correct:
If
the
)
information
is
correct,
click
"Validate"
to
send
your
certificate
request.
This information represents the components of your "Electronic Identity Card". If the information is not correct: - Inform your Trace One Correspondent who will contact Trace One Support if necessary. - Click Exit to abandon the certificate request. - Wait until your Correspondent authorizes you to make a new request.
Trace One Portal/Workstation/Version 2.0
Page 15 / 25
Smart card installation and management guide
4 Smart card management and certificate requests
7.
The "Potential Scripting Violation" dialog box with message "Do you want to request a certificate now" appears. Click on "Yes".
8.
Enter your PIN code.
9.
When the operation has been successfully completed, you obtain the following page:
Click on "Exit". If a different page appears, contact your Trace One Correspondent.
4.3 Certificate request validation Trace One Certification Authority should approve your certificate request. Trace One may refuse a certificate request if information is missing in your membership form or in your Correspondent's request. Anyway, you will be informed by e-mail, about the decision taken.
Trace One Portal/Workstation/Version 2.0
Page 16 / 25
Smart card installation and management guide
4 Smart card management and certificate requests
4.4 Certificate withdrawal 1.
Connect to the Trace One portal and select the option "For new subscribers":
2.
Enter your user name (mentioned in the e-mail) and your password (corresponding to the secret code you indicated in the Certificate Request Form).
3.
Select option 2 "Withdraw the certificate that has been issued by Trace One".
4.
Select your certificate and click on "Next":
5.
Click "Download the certificate" to withdraw your certificate and those of the Trace One Certification Authority:
Trace One Portal/Workstation/Version 2.0
Page 17 / 25
Smart card installation and management guide
4 Smart card management and certificate requests
6. The "Potential Scripting Violation" dialog box with message "Do you want this program to add the certificate now?" appears. Click on "Yes". 7. Enter your PIN code. 8. The "Main certificates directory" dialog box with message "Do you want to add the following certificate to the main certificates directory" appears. Click on "Yes". 9.
When the certificate is correctly loaded onto your smart card, you obtain the following page:
If a different page appears, contact your Trace One Correspondent.
)
Downloading your certificate represents acceptance of the certificate and the conditions described in the SUBSCRIBER Certification Terms.
Trace One Portal/Workstation/Version 2.0
Page 18 / 25
Smart card installation and management guide
5 Using the smart card on another computer
5 Using the smart card on another computer You may have to change of computer, but you’ve already downloaded your certificate. In this case, you must: Install the software described in chapter 3, Register the Trace One Certification Authority certificates, Register the certificate of your smart card on the new workstation. This chapter describes how to execute the latter two operations.
How to register the Trace One Certification Authority certificate? 1.
Connect to the Trace One Portal and click on "For new subscribers ".
2.
Enter your user name (mentioned in the e-mail) and your password (corresponding to the secret code you indicated in the Certificate Request Form).
3.
Select option 3 "If necessary, withdraw the Trace One Authority authentication log… ".
4.
Click on the hyperlink "Install the Certification Authority certification access path":
5.
The "Potential Scripting Violation" dialog box with the message "Do you want this program to add the certificate now?" appears. Click on "Yes".
6.
The "Main certificates directory" dialog box with the message "Do you want to add the following certificate to the main certificates directory" appears. Click on "Yes".
Trace One Portal/Workstation/Version 2.0
Page 19 / 25
Smart card installation and management guide
7.
5 Using the smart card on another computer
When the Trace One Certification Authority certificates have been successfully installed, the following page comes up:
If a different page appears, contact your Trace One Correspondent.
How to register your certificate on the workstation? 1.
Run the GemSAFE Card Details Tools program, accessible via:
- Start/Programs/Gemplus for Windows 2000 workstations. - Start/All programs/Gemplus for Windows XP workstations. 2.
Enter your PIN code.
3. In the Card menu, select "Register Certificates":
4. Two messages will confirm the certificate installation.
Trace One Portal/Workstation/Version 2.0
Page 20 / 25
Smart card installation and management guide
6 Connecting to Trace One
6 Connecting to Trace One 1.
Click the "Trace One Portal" icon on the desktop or from the Windows toolbar: Select: - Start/Programs/Trace One/Trace One Portal for Windows 2000 workstations. - Start/All programs/Trace One/Trace One Portal for Windows XP workstations.
2.
Click on "Log on to the service":
3.
Then click on "Access to the Application":
Trace One Portal/Workstation/Version 2.0
Page 21 / 25
Smart card installation and management guide
6 Connecting to Trace One
APPENDIX: PROBLEMS – DIAGNOSIS AND SOLUTIONS This chapter explains how to diagnose and resolve possible technical issues you may encounter. For any problem not covered below, please contact your Correspondent or Trace One Support if necessary.
TRACE ONE USER WORKSTATION INSTALLATION PROBLEMS You must have a computer equipped and configured according to Trace One recommendations. You will find the prerequisites on our web site: http://www.traceone.net/installation For any problem, first of all, you may contact your IS/IT Dept, to check the configuration of your computer and the network (anti-virus software, Internet access, bandwidth, firewall, automatic pop-up blocking, etc…) SMART CARD READER PROBLEMS Problem: You receive the following error message:
AND the following icon appears at the bottom, right-side of your screen:
Note: the reader is displayed WITHOUT SMART CARD. Solution: Your smart card may be incorrectly inserted in the reader. Remove the card from the front of the reader. Check that the chip is on the side of the reader that reads the card (transparent reader: dark colored part on the card; grey reader: side with Gemplus logo), then reinsert the card in the reader If necessary, lightly clean your card before reinserting in the reader. You should obtain the following icon:
-
If the problem persists, contact Trace One Hotline for assistance.
Trace One Portal/Workstation/Version 2.0
Page 22 / 25
Smart card installation and management guide
6 Connecting to Trace One
Problem: You obtain the following error message:
AND no icon appears at bottom, right-side of your screen. OR the following icon appears at bottom, right-side of your screen:
Note: the reader is displayed with a RED CROSS. Solution: the reader may be incorrectly inserted in your computer. Check that the card reader plug is fully inserted in your USB port. Restart your computer. You should obtain the following icon:
-
If the problem persists, contact Trace One Hotline for assistance.
NO REPLY TO YOUR CERTIFICATE REQUEST Problem: No reply from Trace One You completed, signed and sent the Certificate Request Form (CRF) to your Trace One Correspondent. But after several days, you have not received any response from Trace One services confirming the creation of your user account or informing that your request has been rejected. Solution: First, check with your Correspondent that your form has indeed been sent to Trace One services. If necessary, contact Trace One Hotline.
INFORMATION LOST TO CONNECT ONTO TRACE ONE PORTAL Problem: You need to return to "For new subscribers", but you have lost the information enabling you to connect: your "User name" and your "Password". Solution: 1. If you have lost your "User name", sent to you by e-mail from Trace One, contact Trace One Technical Support. 2. If you have lost your "Password", the secret code you entered in the Certificate Request Form (CRF), contact your Trace One Correspondent who should have kept a copy of your CRF. If not, contact Trace One Hotline.
Trace One Portal/Workstation/Version 2.0
Page 23 / 25
Smart card installation and management guide
6 Connecting to Trace One
PIN CODE PROBLEMS
Problem: You have forgotten your USER PIN code. Solution: A valid USER PIN code has exactly 4 alphanumeric characters excluding the character ‘|’. Warning: after 3 incorrect entries, your USER PIN code is blocked and its content is inaccessible. Ask your Correspondent to unblock it. You can then reset your USER PIN code.
Problem: Your USER PIN code is blocked following three incorrect entries. You obtain the following dialog box:
Solution: Ask your Correspondent to unblock it, and you can then reset your USER PIN code.
Problem: Your ADMINISTRATOR PIN code is blocked following 3 incorrect entries. You obtain the following dialog box:
Solution: An ADMINISTRATOR PIN code cannot be unblocked. Call Trace One Hotline to request your certificate to be cancelled and instructions on how to get a new one.
Trace One Portal/Workstation/Version 2.0
Page 24 / 25
Smart card installation and management guide
6 Connecting to Trace One
CERTIFICATE REQUEST AND DOWNLOAD PROBLEMS Problem: You obtain the following error message when validating your certificate request: "An error has occurred in creation of your certificate request …. Error: 0x80090019 (NTE_KSET_NOT_DEF) » Solution: 1. Your smart card reader may be incorrectly installed. Ask your IS/IT Dept to reinstall the reader following the procedure described in chapter 3. 2. If the problem persists, check that your card is not defective (see the following paragraph). 3. Contact Trace One Hotline for assistance, with the help of your IS/IT Dept. Problem: You obtain the following error message: "An error has occurred in creation of your certificate request …. Error: 0x8009000E (unknown) » Solution: This error occurs when there is not enough space on your card to store information. Contact your Trace One Correspondent to erase the content of the card.
DEFECTIVE SMART CARDS Problem: Your card does not function. Solution: The chip itself may be damaged. To check its state: 1. Run the GemSAFE Card Details Tool program. 2. Access the Card menu and select "Information". 3. Check if you have either of the two following issues:
4.
Call Trace One Hotline to request the replacement of the card.
Trace One Portal/Workstation/Version 2.0
Page 25 / 25
