Digital Certificates
Once a Client Certificate has been created, it must be installed on the End User's system and made accessible to the client software. The installation process varies from product to product. Refer to the appropriate administrator's guide when using Client Certificates with non-BlueZone software.
The following procedure assumes that you are using the Security Server to create the Client Certificate and that you are using BlueZone as the secure client and you are making the secure connection (SSL or TLS) to the Security Server.
There are currently two options for storing the Client Certificate on the End User's machine.
Each of these options uses different files that were created during the Client Certificate generation process.
On the Security Server, locate the Client Certificate (.CER), Client Certificate Private Key (.KEY), and the hashed Signing Certificate (.0 file from the Certs\ Root directory) used to sign the Client Certificate. These files can be found in the following location:
C:\Program Files\BlueZone Security Server\Certs\New
The Certificate Name that was used during the certificate generation process, will be used as the file name.
NOTE If
you used the Security Server to create the Client Certificate and you
are using BlueZone as the secure client, you do not
need to copy the Signing Certificate. The
reason is that the Security Server Signing Certificate is automatically
included as part of the BlueZone client installation on the End User's
machine.
Copy the desired .CER and .KEY files to a diskette, email them to the End User, or otherwise make them available to the End User in a secure fashion.
NOTE For
maximum security, you may want to personally hand these files to the End
User. The
whole purpose of using Client Certificates is to insure the identity of
the End User.
Provide the End User with the Private Key password that was used during the Client Certificate generation process. This password will be needed by the End User during BlueZone client authentication.
IMPORTANT! For
security reasons, it is recommended that you provide the Private Key password
to the End User in such a way that it is not part of or included with
the distribution of the .CER and .KEY files.
On the End User's machine, launch the desired BlueZone emulation client. From the MenuBar, choose Session:Configure:Configure to display the Connections dialog.
Choose the desired connection from the Connection List by selecting it with your left mouse.
Click the Security tab to display the Security Options and make sure the Enable Secure Sockets Layer checkbox is enabled.
Click the Certificate tab and select the Client Certificate in Disk File option.
Browse to the supplied .CER file and click the Open button to complete the selection.
Browse to the supplied Private Key file and click the Open button to complete the selection.
Click OK two times to save the settings.
Test the connection by making a connection to the Security Server.
A dialog prompting for the Private Key Password will appear. Enter the Private Key Password and click the OK button.
On the Security Server, locate the Client Certificate PKCS #12 file (.PFX). This file can be found in the following location:
C:\Program Files\BlueZone Security Server\Certs\New
The Certificate Name that was used during the certificate generation process, will be used as the file name.
Copy the desired .PFX file to a diskette, email it to the End User, or otherwise make it available to the End User in a secure fashion.
NOTE For
maximum security, you may want to personally hand this file to the End
User. The
whole purpose of using Client Certificates is to insure the identity of
the End User.
Provide the End User with the Private Key password that was used during the Client Certificate generation process. This password will be needed by the End User during BlueZone client authentication.
IMPORTANT! For
security reasons, it is recommended that you provide the Private Key password
to the End User in such a way that it is not part of or included with
the distribution of the .PFX file.
On the End User's machine, launch the desired BlueZone client. From the MenuBar, choose Session:Configure:Configure to display the Connections dialog.
Choose the desired connection from the Connection List by selecting it with your left mouse.
Click the Security tab to display the Security Options and make sure the Enable Secure Sockets Layer checkbox is enabled.
Click the Certificate tab and select the Client Certificate in Certificate Store option.
Launch Internet Explorer.
From the IE MenuBar select Tools:Internet Options. The Internet Options dialog will be displayed.
Click on the Content tab and click the Certificates button.
Click the Import button. The Certificate Import Wizard will be displayed.
Click the Next button.
Click the Browse button and locate the .PFX file. You may have to select .PFX from the Files of Type: list box.
Select the .PFX file and click the Open button.
Click the Next button.
Provide the Private Key password that was used to create the certificate.
Enable the "Mark this key as exportable" checkbox.
Click the Next button.
Make sure the "Place all certificates in the following store" radio button is selected and Personal is selected as the Certificate store.
Click the Next button. A summary of your selections will be displayed.
Click the Finish button. A message will appear stating that the importation was successful.
Close out of the Wizard and close Internet Explorer.
Test the connection by making a connection to the Security Server.