CERTTOOL GUIDE

Date Page Version

24.03.2017 1 (19) 3.0

TELIA CERTTOOL

CERTIFICATE INSTALLATION GUIDE

TABLE OF CONTENTS

1 INTRODUCTION .............................................................................................. 2

2 DELIVERY OF A WEB LINK ............................................................................ 2

3 HOW TO RETRIEVE AND INSTALL A CERTIFICATE .................................... 3

4 SAVING AND OPENING A CERTIFICATE WITH WINDOWS ......................... 5

4.1 INTERNET EXPLORER ................................................................................ 5

4.2 GOOGLE CHROME ...................................................................................... 6

4.3 MOZILLA FIREFOX ...................................................................................... 7

4.4 INSTALLATION OF THE CERTIFICATE IN WINDOWS 7, 8 AND 10 ........... 8

5 INSTALLATION OF A CERTIFICATE WITH APPLE DEVICES ....................... 11

5.1 IOS (IPHONE, IPAD) ..................................................................................... 11

5.2 OS X (MAC) .................................................................................................. 14

6 INSTALLATION OF A CERTIFICATE WITH ANDROID DEVICES ................... 16

7 FINISHING THE INSTALLATION ..................................................................... 17

8 USING A CERTIFICATE IN WEB AUTHENTICATION ..................................... 18

9 PLEASE NOTE FOLLOWING ON THE LOSS OF A CERTIFICATE ................ 19

CERTTOOL GUIDE

Date Page Version

24.3.2017 2 (19) 3.0

1 INTRODUCTION

Telia Certtool is a service used to install certificates into end-user devices.

A certificate is retrieved with an email or SMS-message sent by administrator from Secure User and a web browser.

2 DELIVERY OF A WEB LINK

Telia delivers SMS authentication credentials or a web link for certificate retrieval to customer’s administrators specified in the service agreement by email to the designated administrator’s email address.

After this, the customer’s administrator can independently create the rest of the administrator and user certificates needed in the organization.

Web links for certificate retrieval are valid for 90 days. If the link has expired, a new must be generated and sent by an administrator.

The email looks approximately like this:

Welcome Telia certificate user

Use link below to enroll your certificate:

https://ct.trust.teliasonera.com/ct4?o=3S1m3rKK1

If you want to revoke your certificate contact your system

administrator

Best Regards

Telia CA

cainfo@sonera.com

-------------------------------------------------------

Please do not reply to this email.

If problem occurs, contact your system administrator.

-------------------------------------------------------

CERTTOOL GUIDE

Date Page Version

24.3.2017 3 (19) 3.0

3 HOW TO RETRIEVE AND INSTALL A CERTIFICATE

This chapter deals with common procedures similar to all operating systems and browsers. Later in this document there are specific instructions for installation of a certificate in supported operating systems.

A user certificate needs to be saved to a workstation or other device and it is necessary to install it into certificate storage of an operating system or a web browser. This enables the web browser to access the certificate and use it for authentication.

When a user receives an email from address noreply@telia.com, he/she can retrieve his/her own certificate using the link in the email message.

To begin retrieving a certificate:

• Click the link in the email message

• Certtool service opens up. Please choose your language using flag symbols. On this page there is preformatted user information, which will be inserted into new certificate. Please check the information and click Accept.

CERTTOOL GUIDE

Date Page Version

24.3.2017 4 (19) 3.0

• If the user in question already has valid certificates, Certtool will propose revocation of these certificates. Please choose certificates to be revoked and click Revoke and Continue.

• Please set a password for the certificate in the next page. The password is needed in installation of the certificate, so it is advised to write it down or to save it in a computer. Input a password and click Continue.

• In some cases your administrator has set the password when creating the certificate installation email message and has sent it to you in a separate message. In these cases this view does not appear.

CERTTOOL GUIDE

Date Page Version

24.3.2017 5 (19) 3.0

• The last view in the retrieval process is the download instruction page. Please read the instructions and click Download. Please note that the download dialog may appear in background especially in earlier versions of IE and needs to be brought to front in order to finish the download. Now continue to the appropriate chapter for your operating system in this manual to finish the installation.

4 SAVING AND OPENING A CERTIFICATE WITH WINDOWS

4.1 INTERNET EXPLORER

• Open or save certificate file to hard disk or to removable media. We recommend saving of the file before installation. In IE 10 or 11, open Save pull-down menu, choose a location for the file and save the certificate file. It is also necessary to back up the installation password, as the certificate is impossible to install without an installation password.

• It is possible to install a certificate without saving by choosing Open. If you choose this method, it will be necessary to enroll a new certificate, if current certificate is lost, as there will be no backup copy. Clicking Open proceeds to certificate wizard.

CERTTOOL GUIDE

Date Page Version

24.3.2017 6 (19) 3.0

Edge

• If you do not wish to install certificate immediately, or if you need to reinstall the certificate, certificate wizard can be launched by clicking on certificate file.

4.2 GOOGLE CHROME

• Click on the downloaded certificate file in the download bar at the bottom of the screen. The click will launch a certificate import wizard.

CERTTOOL GUIDE

Date Page Version

24.3.2017 7 (19) 3.0

4.3 MOZILLA FIREFOX

• Open file by using Browse or save the file to hard disk or other media. If Save file is chosen, the file will be saved to the default download folder used by Firefox, which is usually Downloads folder in user’s home folder.

• If you do not wish to save the file, use Browse to select Internet Explorer as the software which opens the file.

• Click OK and select Open in next window. Windows Certificate Wizard will open up after this.

CERTTOOL GUIDE

Date Page Version

24.3.2017 8 (19) 3.0

4.4 INSTALLATION OF THE CERTIFICATE IN WINDOWS 7, 8 AND 10

• Opening the file launches the certificate import wizard.

• The location of the certificate file is pre-filled. Press Next.

CERTTOOL GUIDE

Date Page Version

24.3.2017 9 (19) 3.0

• Enter the installation password of the certificate and, if necessary, set strong security level. The password is either set by you during certificate download process or it may be sent to you by your administrator in a separate message.

• You can allow the operating system to select the Certificate Store.

CERTTOOL GUIDE

Date Page Version

24.3.2017 10 (19) 3.0

• Complete the installation by pressing Finish. Now you can log in to Secure Manager.

• You can view your installed certificates in Internet Explorer by choosing Internet Options / Content / Certificates.

CERTTOOL GUIDE

Date Page Version

24.3.2017 11 (19) 3.0

5 INSTALLATION OF A CERTIFICATE WITH APPLE DEVICES

5.1 IOS (IPHONE, IPAD)

This document is drafted from iPhone point of view, but installation process is similar in all iOS devices.

• iPhone will display a view called Install Profile after you have tapped Continue.

Tap Install.

• iPhone asks for your passcode. Enter the code.

CERTTOOL GUIDE

Date Page Version

24.3.2017 12 (19) 3.0

• Choose Install from top row and tap on Install button.

• Enter the password you set when downloading the certificate or which was sent to you by your administrator and choose Next.

CERTTOOL GUIDE

Date Page Version

24.3.2017 13 (19) 3.0

• The certificate will be displayed as a trusted certificate now. You can view certificate details by choosing More Details or you can finish the action by tapping Done.

• You can view all certificate properties by tapping name area of the certificate in More details view.

CERTTOOL GUIDE

Date Page Version

24.3.2017 14 (19) 3.0

• After reviewing certificate information, return to installed profile view and choose Done. Please proceed to chapter 8 in this manual.

• An alternative way of installing a certificate to an Apple device is to create a PKCS#12 certificate installation package using a Windows or Mac computer and send it via email to the mobile device. When certificate package attachment is tapped, Apple device will display Install Profile view. The installation proceeds in the same manner as when using Certtool. It is recommended to send the certificate password in a separate message for maximum security.

• You can view the certificate later by choosing Settings / General / Profile. Tap on the “profile” (certificate) name and tap on More details.

• An Apple device with certificates must be protected by an access code in order to prevent unauthorized certificate usage. Code is enabled by choosing Settings / General / Passcode lock. It is recommended to enable removal of data after 10 false codes. This will also erase the certificate from a device under brute force attack.

• An installed certificate can be deleted by entering Settings / General / Profile and choosing appropriate “profile” (the certificate in question). Tap Remove to delete the certificate.

5.2 OS X (MAC)

• With Mac, the certificate will be saved to Downloads after browser download process.

• Choose Show in Finder.

• Choose Open from mouse menu.

CERTTOOL GUIDE

Date Page Version

24.3.2017 15 (19) 3.0

• OS X Keychain Access view will open. Click Add.

• Enter certificate installation password either set by you during the download process or sent to you by your administrator in a separate message.

CERTTOOL GUIDE

Date Page Version

24.3.2017 16 (19) 3.0

• Please close the Keychain Access view and proceed to chapter 8. You can view certificate details from Keychain Access when needed.

6 INSTALLATION OF A CERTIFICATE WITH ANDROID DEVICES

• After tapping on Download in Certtool, the device will proceed to Extract certificate wizard. Enter the password set by you during download process or sent to you by your administrator in a separate message when prompted.

• The device will ask for a name for the certificate. The view lists also keys and certificates contained in the PKCS#12 package. In usual use case the contents look similar to example image. Type in a name and choose OK.

CERTTOOL GUIDE

Date Page Version

24.3.2017 17 (19) 3.0

• An empty browser window has appeared. Please close it and proceed to chapter 8 in this manual.

7 FINISHING THE INSTALLATION

• When the certificate has been installed successfully and seems to be functional, please exit Certtool by choosing Exit and close. If there have been problems during download or installation, you can redownload the certificate by clicking Redownload.

• It is necessary to restart web browser completely until installation of another certificate is attempted. After installation of a certificate, an installation attempt even with a valid web link will cause an error message to be displayed and the browser will be redirected to Telia CA menu.

CERTTOOL GUIDE

Date Page Version

24.3.2017 18 (19) 3.0

8 USING A CERTIFICATE IN WEB AUTHENTICATION

• A certificate menu may pop up when you enter a web service requiring certificate authentication. Please choose the certificate from certificate menu. If you have several certificates, remember to use correct one. Otherwise you have to close all browser windows and restart browser for re-login.

Windows 7

Apple iOS

CERTTOOL GUIDE

Date Page Version

24.3.2017 19 (19) 3.0

Android

• In Windows 7 and Apple devices a certificate selection popup will be shown only when several user certificates are installed. If there is only one user certificate, the browser proceeds directly to Secure Manager service menu.

• In Android devices the certificate dialogue is displayed always. Please choose Allow.

• If you have enabled High security level, the browser requests the password set for the certificate. Enter the password and press OK.

• The browser proceeds to the certificate-authenticated service.

9 PLEASE NOTE FOLLOWING ON THE LOSS OF A CERTIFICATE

If you have lost your certificate or suspect that it may have been abused or if you stop using the certificate before it expires, you should contact Telia revocation service to cancel the certificate in a controlled manner and to prevent its abuse.

CONTACT INFORMATION OF THE REVOCATION SERVICE:

♦ Telephone number: +358 800 156677 (24/7)

♦ Telia revocation service requests the certificate user’s data.

♦ The service inquires the Common Name (User ID) of the certificate to be cancelled.

♦ Telia revocation service calls the user back within half an hour to ensure that the request is valid.

♦ The certificate is cancelled after the call-back.