Scribd Logo
Upload

Welcome to Scribd!

  • 15 views

    CLP FLOW All

    Uploaded by

    Marcos Vinicius Santos souza
    1. The document provides instructions for setting up and configuring a Managed PKI (MPKI) user, including loading necessary certificates, configuring policies, and enrolling and approving a user. 2. It includes steps to access various URLs to purchase an MPKI, load certificates onto the ECA server, configure the digital ID policy, enroll a user, approve the request, and install the issued certificate. 3. URLs, commands, and steps are provided to configure the MPKI from initial setup through user enrollment and certificate issuance.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    CLP FLOW All

    Uploaded by

    Marcos Vinicius Santos souza
    15 views50 pages
    1. The document provides instructions for setting up and configuring a Managed PKI (MPKI) user, including loading necessary certificates, configuring policies, and enrolling and approving a user. 2. It includes steps to access various URLs to purchase an MPKI, load certificates onto the ECA server, configure the digital ID policy, enroll a user, approve the request, and install the issued certificate. 3. URLs, commands, and steps are provided to configure the MPKI from initial setup through user enrollment and certificate issuance.

    Original Description:

    Original Title

    CLP_FLOW_all

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document provides instructions for setting up and configuring a Managed PKI (MPKI) user, including loading necessary certificates, configuring policies, and enrolling and approving a user. 2. It includes steps to access various URLs to purchase an MPKI, load certificates onto the ECA server, configure the digital ID policy, enroll a user, approve the request, and install the issued certificate. 3. URLs, commands, and steps are provided to configure the MPKI from initial setup through user enrollment and certificate issuance.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    15 views50 pages

    CLP FLOW All

    Uploaded by

    Marcos Vinicius Santos souza
    1. The document provides instructions for setting up and configuring a Managed PKI (MPKI) user, including loading necessary certificates, configuring policies, and enrolling and approving a user. 2. It includes steps to access various URLs to purchase an MPKI, load certificates onto the ECA server, configure the digital ID policy, enroll a user, approve the request, and install the issued certificate. 3. URLs, commands, and steps are provided to configure the MPKI from initial setup through user enrollment and certificate issuance.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 50

    For MAS user:

    Go https://172.22.0.73:460

    Challenge : test123
    Go to email copy the highlight then pest it to after https://172.22.0.73:460/onsiteadmingetid.htm
    Pest to above PIN field and put password which I use in MSA user

    Approve MSA user:

    https://172.22.0.73:461/cgi-bin/getorder.exe
    Then go View certificate

    Then go view details


    Then check All 3 update Privileges

    For ESA all process as MSA only access https://172.22.0.73:461 using MSA user

    For Mki account go to below link

    Log in as esa

    https://72.22.0.74/
    Mpki approve:
    Then log in as ESA

    No privilege allows from ESA :461 for MPKI account


    RA user for web service when create MPKI account, we see manual and automatic we can choose
    automatic for RA.

    After getting CSR we get CSR information form (go to google type CSR decode copy CSR and pest to site,
    then we get CSR information after that we create MPKI account AS per CSR information then we go to
    mail and getting PIN and web link config user site and select automatic for RA user and without RA user
    we select manual.

    Go to : https://172.22.0.74/

    Then go Purchase Private Managed PKI

    Enter your information then check your mail


    Then go https://172.22.0.73:461/cgi-bin/getorder.exe

    Log in as ESA

    Then go Jurisdiction Management


    Then go --Process Jurisdiction then put the Organization name which I put MPKI accountant form(TVN)
    Then its show the below screen

    Go view details: Check mark step2 five components --click update


    Click Activite

    The Continute
    Then go to edit Jurisdiction for enabling OCSP put the Orgznization name (TVN)—click submit

    Click edit as per your company and department


    Check OCSP,local Hosting,automated Administration -- Enable No Roaming then click Set features

    Then click Submit


    Then click Continue

    Check Mail Copy the pin, then go to mentioned URL into the mail

    Then pest the pin and put the password which I put MPKI from 172.22.0.74
    Then click Accept

    Certificate install in browser for MPKI

    Browser ---option ---Advanced---Certificate tab---View certificate


    Then Load MPKI Account for user and ocsp

    Go to putty

    Apps Serrver --- 172.22.0.72

    root

    Password: teapp@bccca

    root@bccca # su – pin

    root@bccca # cd /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s

    BCCTESTSubCAClass3OCSPResponder.509.cer ---------for class 0

    -bash-3.2$ cd /ecas/clp/tools
    ./LoadCA.pl -f /ecas/clp/config/master.cfg -x -m initial -c "TVN" -d "TVNBD"
    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAforClass0C
    ertificates.509.cer

    For OCSP load

    -bash-3.2$ cd data

    -bash-3.2$ ls

    -bash-3.2$ cd certificates

    -bash-3.2$ cd bcc/

    -bash-3.2$ cd BCC_TEST_MPKI_509s/

    -bash-3.2$ cd /ecas/clp/tools

    -bash-3.2$ ./LoadOCSP.pl -f /ecas/clp/config/master.cfg -c


    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAforClass0Certificates.509.cer -s
    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAClass0OCSPResponder.509.cer -o
    "TVN" -d "TVNBD"
    Copy BCCTESTSubCAforClass0Certificates.509.cer -------for Class 0
    Load MPKI and OCSP go to cd /ecas/clp/tools path
    Then Run below command For MPKI user:

    ./LoadCA.pl -f /ecas/clp/config/master.cfg -x -m initial -c "TVN" -d "TVNBD"


    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAforClass0C
    ertificates.509.cer
    Go to /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s

    Copy BCCTESTSubCAClass0OCSPResponder.509.cer to below command

    $ ./LoadOCSP.pl -f /ecas/clp/config/master.cfg -c
    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAforClass0Certificates.509.cer -s
    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAClass0OCSPResponder.509.cer -o
    "TVN" -d "TVNBD"
    Go to

    ./LoadOCSP.pl -f /ecas/clp/config/master.cfg -c
    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAforClass0Certificates.509.cer -s
    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAClass0OCSPResponder.509.cer -o
    "TVN" -d "TVNBD"

    For OSCP go cd /ecas/clp/tools path and run below command

    ./LoadOCSP.pl -f /ecas/clp/config/master.cfg -c
    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAforClass0Certificates.509.cer -s
    /ecas/clp/data/certificates/bcc/BCC_TEST_MPKI_509s/BCCTESTSubCAClass0OCSPResponder.509.cer -o
    "TVN" -d "TVNBD"
    Then go to https://172.22.0.75/

    Log in as MPKI

    Then click End-User Digital ID Policy Configuration Wizard


    Click continue

    Click continute
    Click continue

    Click continue
    Click manual for various certificate and Automated for web service and RA user

    Click continue
    Click Continute

    Click continue
    Click publish

    Go to URL for enroll


    Click ENROLL fill up the page and submit

    Challenge Phrase same as MPKI password


    Go to mail see the submission details

    Then go to below link

    https://172.22.0.75/OnSiteHome.htm
    go to Prceess request

    Go to view details and click approve


    Click continue

    FOR pick certificate go mail copy the pin and click the link for certificate PICK UP

    IF not page show then go to below URL

    https://172.22.0.75/cgi-bin/getorder.exe

    Then go User services click the below URL


    Then click PICKUP ID

    Pest the pin and submit


    Then we can get the certificate in browser and backup to my PC

    You might also like