Digi-Sign, The Certificate Corporation
Published on Digi-Sign, The Certificate Corporation (http://www2.digi-sign.com)

Home > Digi-Access™ End User Help

By Digi-Sign
Created Apr 29 2010 - 13:26

Digi-Access™ End User Help

Digi-Access™ Certificate Support

This is the main Digi-Access™ Help page for end users and provides all the support pages you require to own and use your Digi-Access™ two factor authentication certificates. For Administrator help and instructions, view the Digi-Access™ Administrator [1] support section.


You can return to the Digi-Access™ [2] home page or continue browsing by using the links below.


Understanding how Digi-Access™ protects you

Understanding what a Digi-Access™ certificate is used for

The Digi-Access™ certificate offers what is called 'two factor authentication'. Secure online servers and systems offer protected access with a username and password. The username and password is 'something you know' and this is single factor authentication.

In the Digi-Access™ version of the same server, in addition to a username and password, to login you must also have a Digi-Access™ certificate. The Digi-Access™ certificate is 'something you have' and this adds a second layer of security known as two factor authentication.

Once the server or system is configured to support client certificate authentication using Digi-Access™ certificates, getting a Digi-Access™ certificate takes three simple steps [3]. The most important of these is the very first step.

The Importance of the Enrolment Form

In the first step, you will be directed to the Digi-Access™ enrolment page where you must complete a simple online web form.

webenrol
Sample of a customised enrolment form.

This web form has a help button for every field that offers you assistance and advice so that you correctly complete each field on the form.

IMPORTANT:- Ensure that you complete this form accurately and with correct information about yourself. Failure to complete this form correctly, may mean that your Digi-Access™ certificate is not a correctly configured certificate and you may also have to repeat the process.



Getting your Digi-Access™ certificate

How to get your Digi-Access™ certificate

The Digi-Access™ certificate web enrolment process is fully compatible with most commonly used web browsers, including: Google Chrome, Microsoft Edge, Mozilla Firefox, Opera and Apple Safari.


There are three very simple steps to getting your Digi-Access™ certificate.

1. Certificate Enrolment

You will receive a Digi-Access™ invitation email message and will be directed to the Digi-Access™ web enrolment page, where you need to complete a simple online web form. This web form has a help button for every field to ensure that you correctly complete it. Use these buttons as required:

webenrol
Sample of a customised enrolment form.

In this form - depending on your organisation's custom requirements - you may need to provide various details, such as for example:

        • Registered Company Name - the legal name of your organisation
        • Department - what department you work in
        • Address - the address for the organisation
        • Postal Code or area code for the organisation
        • Locality or City - the city the organisation is located in
        • State or Province - the state or province the organisation is located in
        • First Name - you first name
        • Last Name - you last name
        • Work Title - your job title or job description
        • Email - your email address
        • Telephone number - your direct dial phone number
        • Fax number - a fax number (if you have one)
        • Country - The country you are located in (e.g. Ireland)


In addition, you will also be asked to select a Secret Question, provide a Secret Answer, enter and confirm a Private Key Password:

        • Secret Question - make a selection
        • Secret Answer - answer the question using something you'll easily remember
        • Private Key Password - create a secure password for your private key
        • Confirm Password - confirm the secure password for your private key


IMPORTANT NOTE:- You MUST memorise and/or securely store the Private Key Password as it will be required to collect and install your Digi-Access™ certificate later in the process.

Once the above form is completed and submitted, your Digi-Access™ certificate request will be verified and approved by your organisation's appointed Certificate Operator.

2. Certificate Collection

Upon Digi-Access™ certificate request approval, you will receive an email message asking you to complete the certificate collection by clicking the unique link provided in the email message. Follow the on screen instructions to complete the certificate collection by entering your Private Key Password and downloading the certificate P12 file onto your computer device.

Please note the certificate P12 file download location and the name of the certificate file. In most instances, the certificate file name will contain your Full Name (without any white space characters) and will have a ".P12" file extension. You may change the certificate file name if you require so.

webcollect
Sample of a customised certificate collection form.

3. Certificate Installation

Now that you have your Digi-Access™ certificate P12 file downloaded to your computer device, you can complete the process by installing the certificate and use it with your preferred web browser.

Depending on your web browser choice, the Digi-Access™ certificate import instructions may vary. Please refer to the list below for further certificate import instructions relevant to your web browser.

        • For Microsoft Windows versions of Google Chrome, Microsoft Edge and Opera:
          Import Certificate into Windows Certificate Store [4].
        • For Microsoft Windows versions of Mozilla Firefox:
          Import Certificate into Mozilla Firefox [5].



When certificate installation is complete, you can view the Digi-Access™ certificate by following these instructions:
Viewing Your Digi-Access™ Certificate [6].


Importing Certificate into Windows Certificate Store

Importing Client Certificate into Windows Certificate Store

On the PC, where you intend to import/install the Client Certificate from a previously downloaded or exported 'Personal Information Exchange - PKCS#12' P12 file:

        • Using Windows file explorer, locate the '.p12' file you downloaded/exported and double click it.
        • A 'Certificate Import Wizard' will appear on your screen. Select option: 'Current User' under 'Store Location' and click the 'Next' button.
        • Leave the certificate 'File path' unchanged and click the 'Next' button.
        • In the 'Password' field, enter the 'Private Key Password' you created when you enroled for (or exported) the certificate. Under the 'Import options', you may want to enable the option 'Mark this key as exportable.' and leave the other options unchanged. The private key export option will allow you to export the certificate (with the associated private key) from your current computer device and import it into another computer device - if and when needed in future. Click the 'Next' button.
        • Under 'Certificate Store', leave the option: 'Automatically select the certificate store based on the type of certificate' selected and click the 'Next' button.
        • Click the 'Finish' button. You will receive a confirmation message: 'The import was successful.' and this confirms the certificate is now installed on your computer device.


Importing Certificate into Mozilla Firefox


Importing Client Certificate into Mozilla Firefox

To import a certificate along with the associated private key from a PKCS#12 file (.pfx/.p12) into your Mozilla Firefox web browser:

  • Launch Mozilla Firefox web browser
  • Open Tools
  • Select Options
  • Switch to Advanced tab
  • Click the View Certificates button
  • Switch to Your Certificates tab
  • Click the Import button
  • Locate the '.pfx/.p12' file you transported/exported, select it and click Open
  • Enter the password you created when exporting the certificate
  • Click OK to complete the certificate import
  • Your certificate is now installed and it should be visible on the list of your certificates


Viewing Your Digi-Access™ Certificate

How to view your Digi-Access™ Certificate

Depending on your operating system and browser version, you can view your Digi-Access™ two factor authentication certificate using the instructions below:

Microsoft® Internet Explorer®

 

Mozilla Firefox

1. To view your Digi-Access™ certificate in Microsoft® Internet Explorer®, use the Tools menu (you may have to press the 'Alt' button on your keyboard to view this menu) and then select Internet Options




2. In the Internet Options dialog box, select the Content tab and then click the Certificates button




3. In the Certificates dialog box, select the certificate you wish to examine and then click the View button




4. The chosen certificate will be displayed where you will be able to see:
  • The name of the person the certificate was Issued To

  • The fact that it is a Digi-Access™ certificate issued by Digi-Sign

  • When the certificate was issued (Valid from) and when it will expire (Valid to)



Here is an example of a Digi-Access™ certificate as seen in the Microsoft® Internet Explorer® dialog:




  1. To view your Digi-Access™ certificate in Mozilla Firefox, use the Tools menu and then select Options




2. In the Options dialog box, select the Encryption tab and then click the View Certificates button




3. In the Certificate Manager dialog box, select the certificate you wish to examine and then click the View button




4. The chosen certificate will be displayed where you will be able to see:
  • The name of the person the certificate was Issued To

  • The fact that it is a Digi-Access™ certificate issued by Digi-Sign

  • The date the certificate was Issued on and the date it Expires on



Here is an example of such a Digi-Access™ certificate as seen in the Mozilla Firefox dialog:





Deleting an Unwanted Digi-Access™ Certificate

Instructions on how to delete an unwanted certificate

Depending on your operating system and browser version, you can delete your Digi-Access™ two factor authentication certificate using the instructions below:

Microsoft® Internet Explorer®

 

Mozilla Firefox

1. To view your Digi-Access™ certificate in Microsoft® Internet Explorer®, use the Tools menu (you may have to press the 'Alt' button on your keyboard to view this menu) and then select Internet Options




2. In the Internet Options dialog box, select the Content tab and then click the Certificates button




3. In the Certificates dialog box, select the certificate you wish to examine and then click the View button




4. The chosen certificate will be displayed where you will be able to see:
  • The name of the person the certificate was Issued To

  • The fact that it is a Digi-Access™ certificate issued by Digi-Sign

  • When the certificate was issued (Valid from) and when it will expire (Valid to)



Here is an example of a Digi-Access™ certificate as seen in the Microsoft® Internet Explorer® dialog:





5. Once you have viewed and confirmed this is the Digi-Access™ certificate you wish to remove, return to the Certificates dialog box, select the certificate and click the Remove button

  1. To view your Digi-Access™ certificate in Mozilla Firefox, use the Tools menu and then select Options




2. In the Options dialog box, select the Encryption tab and then click the View Certificates button




3. In the Certificate Manager dialog box, select the certificate you wish to examine and then click the View button




4. The chosen certificate will be displayed where you will be able to see:
  • The name of the person the certificate was Issued To

  • The fact that it is a Digi-Access™ certificate issued by Digi-Sign

  • The date the certificate was Issued on and the date it Expires on



Here is an example of such a Digi-Access™ certificate as seen in the Mozilla Firefox dialog:





5. Once you have viewed and confirmed this is the Digi-Access™ certificate you wish to delete, return to the Certificate Manager dialog box, select the certificate and click the Delete button



Getting your Digi-Access™ Chain Certificates

Ensuring you have the full Digi-Access™ Chain Certificates

The instructions below are for the two most popular browsers (i.e. Microsoft Internet Explorer® and Mozilla®). If you are using different web browser you may experience support issues and for security reasons, it is advisable to work with only Microsoft Internet Explorer® and Mozilla® when using Digi-Access™.

Microsoft Internet Explorer®

Enabling Digi-Access™ client certificates for two factor authentication will take you 5 minutes (or less). Configure your browser by following these simple steps:


1. Download and save this certificate to 'My Documents' or your C: drive:

Digi-Acess™ Root CA [7]

2. Download and save this certificate to 'My Documents' or your C: drive:

Digi-Acess™ Intermediate CA [8]

3. Click the 'Tools' menu and then select 'Internet Options'. Click the 'Contents' tab and then click the 'Certificates' button. Then select the Trusted Root Certificate Authorities tab and click the Import... button.

TEXT

4. Run through the six steps of this wizard and ensure that on step v, as below that "Place all certificates in the following store" is selected and points to "Trusted Root Certification Authorities". When the wizard is finished, move to the next step.

TEXT

5. Repeat step 3. above except this time, select the Intermediate Certification Authorities tab and click the Import... button.

TEXT

6. Repeat step 3. above except this time, ensure "Place all certificates in the following store" is selected and points to "Intermediate Certification Authorities"

7. Exit out of all the open dialog boxes to finish.

Mozilla®
1. Download and save this certificate to 'My Documents' or your C: drive:

Digi-Acess™ Root CA [7]

2. Download and save this certificate to 'My Documents' or your C: drive:

Digi-Acess™ Intermediate CA [8]

3. Click the 'Tools' menu and then select 'Options'. Click the 'Advanced' tab and then click the 'Encryption' tab and then the View Certificates button.

TEXT

4. Then click the Import... button and browse to the DigiSignRootCA.cer certificate and click 'Open'

5. Ensure to enable all (3) three trust options for this CA certificate and click 'OK' to complete the import.

6. Repeat step 5. above except this time, ensure to use DigiSignDigiAccessCA.cer

7. Exit out of all the open dialog boxes to finish.

Digi-Access™ Demonstration

Read these instructions before taking any Digi-Access™ Demonstration

There are three demonstrations for Digi-Access™. Read the sections below to learn more about this two factor authentication technology and to help complete your understanding of why Digi-Access™ is your best and simplest, online security solution.

                • Understanding the Digi-Access™ Demonstration

                • What You Will Learn from the Digi-Access™ Demonstration

                • Where to See the Interactive ‘Live Demonstrations’

                • Digi-Access™ Demonstration Step-by-Step Instructions

                • Important Things To Do Once You’ve Completed the Demonstration


                • Take the simple Digi-Access™ demonstration [9]

                • Introduction to Digi-Access™ for Online Banking [10]

                • Introducing Digi-Access™ for a customised VPN/Extranet [11]


     
1. Understanding the Digi-Access™ Demonstration
       
1.1 Show how Digi-Access™ works ‘live’   The live and interactive demonstrations of Digi-Access™ are excellent tools to help you complete your understanding of this identification and authentication solution. The demonstrations actually show you Digi-Access™ ‘in action’
     
2. What You Will Learn from the Digi-Access™ Demonstration
       
2.1 Person’s actual identity is fully checked   Before a Digi-Access™ certificate is issued to any person, the ‘real world’ physical identity of that person is first validated and verified to ensure they are who they claim to be. In the demonstration, this does not occur, but would normally
       
2.2 Digitally bound identity   The Digi-Access™ certificate mathematically binds the person’s physical identity into the code that is used to create it. It is this bound identity that provides the assurance that protects who can access the specific online system or site
       
2.3 Unique identity cannot be copied or shared   Once issued, the Digi-Access™ certificate is unique and cannot be copied or shared with other people. Users may be able to share usernames and passwords, they can even share devices such as One-Time-Password [OTP] token, but users cannot share a Digi-Access™ certificate
     
3. Where to See the Interactive ‘Live Demonstrations’
       
3.1 Here  
http://www.digi-sign.com/demos/digi-access [9]

     
4. Digi-Access™ Demonstration Step-by-Step Instructions
       
4.1 Step 1 – Request Certificate   Go to the above URL for the see the Certificate Request form and once you are ready to request your certificate, it is critical that you complete this form correctly
       
 
       
4.2 Step 2 – Order confirmation   This is a simple confirmation of the submitted Certificate Request form
       
       
       
4.3 Step 3 – Activate Certificate   After some time you will receive an email confirming your certificate is ready for collection. Simply click the URL provided in this email to complete the certificate activation
       
 
       
4.3 Step 4 – Test the newly secured login   Now you can simply click the button at the bottom of the Confirmation screen to see use the Digi-Access™ certificate to log into the secured location using Digi-Access™ two factor authentication
       
 
       
     
5. Important Things To Do Once You’ve Completed the Demonstration
       
5.1 View the test Digi-Access™ certificate   Depending on your operating system and browser version, you can view your Digi-Access™ two factor authentication certificate using these instructions [6]
       
5.2 Delete the test Digi-Access™ certificate   It is good practice to remove unwanted, or test, certificates from your computer. To remove the demonstration test Digi-Access™ certificate from your computer, choose the browser you are using and follow these steps [12]
       


  • IIS Implementation Guide

Source URL: http://www2.digi-sign.com/support/digi-access/user

Links:
[1] http://www2.digi-sign.com/support/digi-access/administrator
[2] http://www2.digi-sign.com/digi-access
[3] http://www2.digi-sign.com/support/digi-access/user/enrol
[4] http://www2.digi-sign.com/support/digi-access/user/import-windows
[5] http://www2.digi-sign.com/support/digi-access/user/import-firefox
[6] http://www2.digi-sign.com/support/digi-access/user/view
[7] http://www.digi-sign.com/downloads/certificates/dsroot/DigiSignRootCA.cer
[8] http://www.digi-sign.com/downloads/certificates/dsroot/DigiSignDigiAccessCA.cer
[9] http://www2.digi-sign.com/demos/digi-access
[10] http://www2.digi-sign.com/demos/introductions/online+banking
[11] http://www2.digi-sign.com/arp/2x/help/demo
[12] http://www2.digi-sign.com/support/digi-access/user/delete