Overitelj na MJU SIGEN-CA
SIGEN-CA

CENTRE FOR
USER SUPPORT:
tel.: +386 1 4788590

Search:

MJU Vlada RS SIGEN-CA Overitelj na MJU Slovensko
Print  

SECURE USAGE OF ENTERPRISE DIGITAL CERTIFICATES

 

 

1.1 Securing Reference Numbers and Authorisation Codes

For activating a digital certificate a reference number and an authorisation code is needed. You will receive them from the Certification Authority's issuer of SIGEN-CA digital certificates: by e-mail you will receive your reference number and by registered mail your authorisation code. You must activate the digital certificate as soon as possible, and no later than 60 days from the issue of the reference number and the authorisation code. Until then store them in a secure place to prevent access by unauthorised persons and at the same time also the possibility of misuse. After generating the keys and activating the digital certificate, the reference number and the authorisation code are useless.

1.2 Storing Private Keys

You have to ensure that unauthorised persons do not have access to your private cryptographic keys and the password by which they are protected. SIGEN-CA recommends that your profile with private keys is stored on a smart card. The usage of smart cards in comparison with other mediums, e.g., external drives, reduces the possibilities of misuse. For the usage of enterprise digital certificates, follow SIGEN-CA Policy and the instructions, which are described in chapter Storing Private Keys on a Smart Card. If you despite the recommendation, are not going to use a smart card, follow the instructions described in chapter Storing Private Keys on an External drive. For secure use of passwords, follow the instructions in chapter Using Passwords.

   1.2.2 Storing Private Keys on a Smart Card

 

Security

The usage of smart cards for storing private keys and profiles ensures that private keys are never transferred into the memory of the computer or on a disc, where they could be accessed by unauthorised persons. Keys are generated on a smart card and are also stored there. Also when extending a digital certificate, the keys on the smart card are automatically refreshed. Unauthorised persons can use your digital certificate and private keys, if they know your password or your PIN code. A smart card with a profile must be stored so that authorised persons do not have access to it. Follow instructions described in chapter Using passwords, when using a password for securing a smart card.

Usage

Choose the smart card of the manufacturer, recommended by SIGEN-CA (data can be found on the web pages of SIGEN-CA). You have to install the smart card reader, i.e., a device, which is connected to a computer. When using a digital certificate, we enter a smart card into the device. You will have to install the software for the smart card after installing software Entrust Desktop Solutions. Follow the instructions of the manufacturer of smart cards and the instructions for installing software Entrust Desktop Solutions precisely. Act in accordance with the instructions in chapter Software.

Use smart cards in accordance with manufacturer's instructions of smart cards.

Back-up Copy

The technology of smart cards disables the making of back-up copies. 

 

1.2.2 Storing Private keys on External drive 

 

Security

If you are, despite the recommendation, not going to use the smart card, then  you can use a external drive for storing your profile with your private keys, however, this will increase the possibility of misuse of your private keys in comparison with the use of smart cards. Store the external drive so that access by unauthorised personnel is not possible. Your profile must be secured with an adequate password, follow the instructions in chapter Using passwords.

Using External drive

Use external drive as stated in the manufacturer's recommendations and instructions.

 

Back-up Copy

We recommend the making of back-up copies on a CD ROM, provided that you have the means. Use the CD ROM as stated in the instructions of the manufacturer of CD ROMs.

If you do not have the possibilities of storing a back-up copy of your profile on the CD ROM, you can make a back-up copy on the external drive, however, it will offer a less reliable and less durable medium for storing security copies of your private keys. Use your external drive in accordance with manufacturer's instructions.

When changing a profile or keys, you must also refresh the copy. The back-up copy of your keys, on CD ROM or external drive, must be stored in a safe place to prevent misuse by unauthorised persons.

1.3 Using Passwords

While activating an enterprise digital certificate, the software instructs us about the choice of suitable passwords, namely:

miscellaneous use of Uppercase and Lowercase letters, numbers and special characters,
password, made up of at least 8 characters,
avoid using words, which are written in the dictionary.

We recommend that you memorise your password and not write it down. If you write the password down, store it in a place, where it can be accessed only by you.

1.4 Software

In accordance with SIGEN-CA Policy, use only licensed and certified software (Entrust Desktop Solutions) in agreement with SIGEN-CA and in an adequate manner. To install software Entrust Desktop Solutions, follow the instructions for installation. 

For installing software for the usage of smart cards, follow the instructions from chapter Storing Private Keys on a Smart Card and the manufacturer's instructions.

Follow and consider the notices of the SIGEN-CA group, published on http://www.sigen-ca.si.

1.5 Acting in Cases of Changes and Misuse

If changes occur that are connected with digital certificates, misuse or possibilities of misuse, you must inform SIGEN-CA immediately. In cases of misuse or possibilities of misuse, file an application form for revocation of certificate, in person or via e-mail, or call the duty number for revocation of certificates: 01-4788-777.

 

SECURE USE OF WEB DIGITAL CERTIFICATES

 

2.1 Securing Reference Numbers and Authorisation Codes

We need a reference number and authorisation code for activating our digital certificate. You will receive them from the Certification Authority's issuer of SIGEN-CA digital certificates: by e-mail you will receive your reference number and by registered mail your authorisation code. You must activate the digital certificate as soon as possible, and no later than in 60 days from the issue of the reference number and the authorisation code. Until then store them in a secure place to prevent access by unauthorised persons and, at the same time, also the possibility of misuse. After accepting the digital certificate, the reference number and the authorisation code are unusable and can be eliminated.

2.2. Storing Private Keys

It has to be ensured that unauthorised persons do not have access to your private key or the password by which it is protected. The Certification Authority recommends that you store your digital certificate and private key on a smart card. The usage of smart cards in comparison with other mediums, e.g., external drive, reduces the possibilities of misuse. For the usage of web digital certificates, follow SIGEN-CA Policy (chapter Security Requirements for the Certificate Holder) and the instructions, described in chapter Storing Private Keys on a Smart Card. If you are not going to use the smart card, despite the recommendation, follow the instructions described in chapter Storing Private Keys on a External drive (in the browser base). For secure use of passwords, follow the instructions in chapter Using Passwords.

2.2.1 Storing Private Keys on a Smart Card

 

Security

The usage of smart cards for storing private keys and profiles ensures that private keys are never exported to the memory of the computer or on a disc, where they could be accessed by unauthorised persons. Keys are generated on a smart card and are also stored there. Unauthorised persons can use your digital certificate and private keys, if they know your password or your PIN code. A smart card must be stored so that authorised persons do not have access to it. Follow instructions described in chapter Using passwords, when using a password for securing a smart card.

Using Smart Cards

Choose a smart card, which corresponds to your computer system and your browser for storing 2048 bits RSA key. Before using your smart card, it is necessary to install a smart card reader, i.e., a device, which is connected to the computer - and when a digital certificate is used, a smart card is inserted into it. Follow the manufacturer's instructions of smart cards in detail and in accordance with chapter Software. 

Use the smart card in accordance with the manufacturer's instructions of smart cards. 

Back-up Copy

The technology of smart cards disables the making of back-up copies.

 

2.2.2 Storing Private Keys on a Disc

 

Security

If you, despite the recommendation, do not use smart cards, you can store the digital certificate and your private key on the disc of your computer or in the base of your browser, however, this will increase the possibility of misuse by unauthorised persons in comparison with the usage of smart cards. It is important that you secure your private key by a good password, following the instructions for the browser you are using.

Back-up Copy

It is recommended that you make a security copy on a CD ROM, provided that you have the means. Use your CD ROM as stated in the manufacturer's instructions.

If you do not have the possibility of storing a back-up copy of your digital certificate and private key on a CD ROM, you can make a back-copy on a external drive, but this is a less reliable and less durable medium for storing back-up copies of your private keys. Use your externla drive in accordance with manufacturer's instructions. 

You have to store your back-up copy, on CD ROM or external drive, in a secure place to prevent misuse.

2.3 Using passwords

Create passwords considering the following:

miscellaneous use of Uppercase and Lowercase letters, numbers and special characters,
password, made up of at least 8 characters,
avoid using words, which are written in the dictionaries.

We recommend that you memorise your password and not write it down. If you write the password down, store it in a place, where it can be accessed only by you.

2.4 Software

Use browsers that support strong encryption. Follow the instructions for using browsers.

Use manufacturer's instructions and instructions from chapter Storing Private Keys on a Smart Card.

Follow and consider the notices of the SIGEN-CA group, published on http://www.sigen-ca.si.

2.5 Acting in Cases of Changes and Misuse

 

If changes occur that are connected with digital certificates, misuse or possibilities of misuse, you must inform SIGEN-CA immediately. In cases of misuse or possibilities of misuse, file an application form for revocation of certificate, in person or via e-mail, or call the duty number for revocation of certificates: +386-1-4788-777.

 

 

 

© Certification Authority at the Ministry of Public Administration