How to configure NetSign CAC 4.x with Netscape 7.x for use with CAC cards
Description:
Saflink Technical Bulletin 00000069 (04-07-2005)
Product:
- NetSign CAC 4.x
- Netscape 7.x
Version:
- NetSign CAC 4.x
-Windows platforms
Issue / Problem:
Netscape 7.x is not officially supported by NetSign CAC 4.x. However, the following information is provided as workaround help for users attempting to use Netscape 7.x even as an unsupported platform. This Knowledge Base (KB) article provides the steps needed to install and configuring Netscape 7.x to work with NetSign CAC cards and readers.
Solution:
After installing Netscape 7.x and NetSign 4.x (it is best to have Netscape installed before you install NetSign) on the system, the following must be done to get Netscape to work with CAC cards.
1. Have the user insert their CAC card in to the reader and let NetSign register the certificates with IE. NetSign will do this automatically when the card is inserted in the reader. Within a few seconds the smart card icon will blink red then open Internet Explorer (IE) and select Tools > Internet Options and then the Content tab. Select Certificates and make sure you are on the Personal tab. There will be one (1) ID and two (2) Email certificates listed.
2. Open the ID certificate and go to the Certification Path tab. Select (click) the root certificate and click the View Certificate button.
3. When it is opened, select the Details tab and select the Copy to File button.
- Root Cert
- Intermediate Cert
- End User Cert
4. This will start a Microsoft certificate wizard to copy it. Select Next and then on the following screen choose Base-64 encoded X.509 (.CER) and select Next.
5. Now choose a folder/location on your system and a name for this certificate export to save the root certificate as you will need access to the certificates at a later time. Now select Next and then Finish.
6. Repeat the steps above for all intermediate certificate(s) for all Email and ID certificates. (Note: You don't need to make duplicate copies of the root).
7. Now open Netscape 7.x and drag and drop (one at a time) each of the .CER files you just exported/copied from IE onto the open Netscape browser. It will prompt you to install the certificate with a dialog box with the following options: Trust this CA to identify web sites, Trust this CA to identify email users, and Trust this CA to identify software developers. Select the ones that are appropriate and that apply to that root or intermediate certificate and click OK.
8. Now select Edit and Preferences. Choose the Privacy & Security then Certificates. Select the Manage Security Devices. You will need to Load the cryptographic module for NetSign if it is not already installed. To do this, select Load and then name it NetSign CAC and browse for the file CORE32.DLL, located in the %sysroot%\sysstem32 directory. Select Yes when prompted to add the security module.
9. It should now have NetSign CAC and list the reader type under that in the Security Device Manger of Netscape.
10. Click OK to close that window and Netscape and remove and reinsert the users CAC card.
11. Open Netscape and revisit the Privacy & Security settings and Manage Certificates. The user's certificates should now be listed and valid within Netscape.
12. Now you're ready to use your CAC card with NetSign and Netscape 7.x. Keep in mind that as of the time of product release and this subsequent Knowledge Base Article that Netscape is not an officially supported application. Please check with your system or CAC administrator if you have further questions.
Additionally, if you have other users with different CAC cards with certificates issued by other Certificate Authorities (CA's) that have not been through the steps listed above to add the new intermediate certificates to the Netscape trusted certificates then you will need to repeat the steps outlined above.
= =
An alternative to downloading the user certificates from IE would be to download them from DISA at https://ca-3.c3pki.chamb.disa.mil/reg1.html .
Keywords:
Netscape, 7.x, 7.1, 7.2
Description:
Saflink Technical Bulletin 00000069 (04-07-2005)
Product:
- NetSign CAC 4.x
- Netscape 7.x
Version:
- NetSign CAC 4.x
-Windows platforms
Issue / Problem:
Netscape 7.x is not officially supported by NetSign CAC 4.x. However, the following information is provided as workaround help for users attempting to use Netscape 7.x even as an unsupported platform. This Knowledge Base (KB) article provides the steps needed to install and configuring Netscape 7.x to work with NetSign CAC cards and readers.
Solution:
After installing Netscape 7.x and NetSign 4.x (it is best to have Netscape installed before you install NetSign) on the system, the following must be done to get Netscape to work with CAC cards.
1. Have the user insert their CAC card in to the reader and let NetSign register the certificates with IE. NetSign will do this automatically when the card is inserted in the reader. Within a few seconds the smart card icon will blink red then open Internet Explorer (IE) and select Tools > Internet Options and then the Content tab. Select Certificates and make sure you are on the Personal tab. There will be one (1) ID and two (2) Email certificates listed.
2. Open the ID certificate and go to the Certification Path tab. Select (click) the root certificate and click the View Certificate button.
3. When it is opened, select the Details tab and select the Copy to File button.
- Root Cert
- Intermediate Cert
- End User Cert
4. This will start a Microsoft certificate wizard to copy it. Select Next and then on the following screen choose Base-64 encoded X.509 (.CER) and select Next.
5. Now choose a folder/location on your system and a name for this certificate export to save the root certificate as you will need access to the certificates at a later time. Now select Next and then Finish.
6. Repeat the steps above for all intermediate certificate(s) for all Email and ID certificates. (Note: You don't need to make duplicate copies of the root).
7. Now open Netscape 7.x and drag and drop (one at a time) each of the .CER files you just exported/copied from IE onto the open Netscape browser. It will prompt you to install the certificate with a dialog box with the following options: Trust this CA to identify web sites, Trust this CA to identify email users, and Trust this CA to identify software developers. Select the ones that are appropriate and that apply to that root or intermediate certificate and click OK.
8. Now select Edit and Preferences. Choose the Privacy & Security then Certificates. Select the Manage Security Devices. You will need to Load the cryptographic module for NetSign if it is not already installed. To do this, select Load and then name it NetSign CAC and browse for the file CORE32.DLL, located in the %sysroot%\sysstem32 directory. Select Yes when prompted to add the security module.
9. It should now have NetSign CAC and list the reader type under that in the Security Device Manger of Netscape.
10. Click OK to close that window and Netscape and remove and reinsert the users CAC card.
11. Open Netscape and revisit the Privacy & Security settings and Manage Certificates. The user's certificates should now be listed and valid within Netscape.
12. Now you're ready to use your CAC card with NetSign and Netscape 7.x. Keep in mind that as of the time of product release and this subsequent Knowledge Base Article that Netscape is not an officially supported application. Please check with your system or CAC administrator if you have further questions.
Additionally, if you have other users with different CAC cards with certificates issued by other Certificate Authorities (CA's) that have not been through the steps listed above to add the new intermediate certificates to the Netscape trusted certificates then you will need to repeat the steps outlined above.
= =
An alternative to downloading the user certificates from IE would be to download them from DISA at https://ca-3.c3pki.chamb.disa.mil/reg1.html .
Keywords:
Netscape, 7.x, 7.1, 7.2