artl Information Leaflet 5 How to renew an artl user's digital signing certificate. This Information Leaflet is intended to provide instruction for the Local Registration Authority (LRA) to renew an existing artl user's digital signing certificate. It is recommended that you have the following to hand prior to beginning the renewal process: ♦ ♦ ♦ ♦ ♦ Your LRA artl username and password; Your LRA artl SmartCard and PIN code; Your PC has the Gemplus software installed; Your artl SmartCard reader, connected to a USB port on your PC; Your firm's Organisation Account ID, also known as the PKI number. You will find this on the artl User Details form supplied by your Account Manager at the time your firm was signed up to use artl. You will also require a blank artl SmartCard for each of the users whose certificates require renewal. Should you require a supply of blank cards please request these using the email address below: [email protected] Please return expired cards to the address below: artl Admin Registers of Scotland Meadowbank House (Room 3S-01) 153 London Road Edinburgh EH8 7AU DX 5554000 LP 54 EDIN 15 These instructions should be followed in conjunction with the artl Troubleshooting documentation located on our website: http://www.ros.gov.uk/artltroubleshooting/index.html There are three distinct sections to these instructions, it is strongly recommended that you close each Internet browsing session completely before starting a new section. Page 1 of 12 artl Information Leaflet 5 Section 1. Updating the artl user's details prior to installing new certificate This section details the changes you will need to make to the firm's PKI database prior to installing the artl user's new digital signing certificate. You will require your artl SmartCard reader, LRA artl SmartCard and PIN code in order to complete this section. You will also need two Certification Authority (CA) certificates installed on your PC in order to access the firm's PKI database via secure web pages. Your artl Account Manager will have installed these on the PC used to originally set up artl for your firm. Please see our website: http://www.ros.gov.uk/artltroubleshooting/card_issuing/4.doc for instructions to install the CA certificates. 1.1 Insert your LRA card into the card reader, chip side up. The green light on the reader should remain constant. Open your Internet browser and navigate to secure site: https://artlpki.ros.gov.uk/dbadmin 1.2 You will be prompted to select your LRA certificate, click on the entry to highlight it, select OK: Enter your LRA SmartCard PIN when prompted: Page 2 of 12 artl Information Leaflet 5 1.3 Select Manage Existing Users in order to view all users' PKI profiles: 1.4 Use either the Filter option or page navigation arrows to locate the user profile for the artl user: 1.5 You must first click the * (star) symbol next to the username in order to edit: Page 3 of 12 artl Information Leaflet 5 1.6 Delete all text from the Password field and replace with the word trustis. Delete all numbers that are displayed in the IssueCurrent field and replace with the number 0 as shown in the example below. Fields highlighted in blue should be left blank: Important: Ensure that the UserName field contains the user's eServices username; we strongly recommend that you use Password trustis. Both the username and password entered at this stage will be required again at Section 2: Download artl user's new digital signing certificate. Make a separate note of the username and password that you have entered now. Click OK to save amended user details to your firm's PKI database. You have now completed Section 1: Updating the artl user's details prior to installing new certificate. You may now remove your LRA artl SmartCard from the card reader. It is strongly recommended that you close your Internet browsing session before proceeding to the next section. Page 4 of 12 artl Information Leaflet 5 Section 2. Downloading the artl user's new digital signing certificate. This section details instructions to install the artl user's new digital certificate. You will require your artl SmartCard reader and a blank artl SmartCard in order to complete this section. 2.1 If you have not already done so remove your LRA artl SmartCard from the card reader. Insert the blank artl SmartCard into the reader chip side up, the green light on the reader should remain constant. 2.2 The blank card has been supplied with a preset default PIN which is ARTLpin1 - note, the PIN is case-sensitive. You will be prompted to choose a new PIN code for the blank card as soon as it has been placed in the reader. Type ARTLpin1 in the Old PIN field, choose a new PIN in accordance with criteria listed, Confirm New PIN and click Change PIN: The message below will display once the PIN has been successfully changed: Note: if you have already changed the PIN for the blank card steps 2.1 and 2.2 should be omitted, go directly to step 2.3. Page 5 of 12 artl Information Leaflet 5 The blank card has now been prepared to install the artl user's new digital signing certificate. The blank card should stay inserted in the card reader for the remainder of the recertification process. 2.3 Open your Internet browser, navigate to secure site: https://artlpki.ros.gov.uk/onestep 2.4 You will be prompted to enter your firm's Organisation Account ID, also known as the PKI number. You will find this number on the artl User Details form supplied by your Account Manager at the time your firm was signed up to use artl. This is a five digit number unique to your firm, you must enter leading zeros (where present). In the example below Registers of Scotland's PKI number has been entered: 2.5 Click Next to proceed. It is recommended that you select the Please Check My Browser link if this is the first time you have set up new digital signing certificates on your PC: Select Continue to proceed once you have successfully run the browser check. 2.6 Read the Subscriber Agreement, to accept the terms therein click button: I Accept This Agreement. Page 6 of 12 artl Information Leaflet 5 2.7 Enter the username and password that you noted at step 1.6, click Accept. Note: Click on Accept only once, the certificate may take a number of seconds to download. Note: Ignore the Install CA Certificates button, it is not used at this stage. 2.8 On clicking Accept you will be prompted to enter the PIN code for the new SmartCard, see step 2.2 for reference. 2.9 Once the new certificate has been installed on the new SmartCard the screen below will be displayed: Note: Do not select Test Your Certificate at this time. You have now completed Section 2: Downloading the artl user's new digital signing certificate. It is strongly recommended that you close your Internet browsing session before proceeding to the next section. Page 7 of 12 artl Information Leaflet 5 Section 3. Activating the artl user's new artl SmartCard The third and final section details the process of activating the artl user's new Smartcard against their user profile on eServices. You will require your artl SmartCard reader, the new artl SmartCard and your LRA username and password in order to complete this process. In order to activate the new SmartCard ensure the new card is still inserted into the card reader. Open your Internet browser and navigate to the eServices log-in screen: https://www.eservices.ros.gov.uk 3.1 Click the blue Login link at the top right of the screen: 3.2 Enter your LRA username and password when prompted, click Submit: Page 8 of 12 artl Information Leaflet 5 3.3 You are now logged onto eServices as the LRA. Select the Administration link on the left hand side of your screen followed by User Admin in order to view all users for your firm: 3.4 Scroll through the user list to locate the account for the user whose certificate is to be activated, click Modify: 3.5 The artl user's details are displayed on the first screen. You need make no amendments to this screen, click Next to proceed: Page 9 of 12 artl Information Leaflet 5 3.6 The artl user's roles are displayed on the second screen. You need make no amendments to this screen, click Next to proceed: 3.7 The artl user's PKI credentials are displayed on the final screen. The expired certificate serial number is displayed in full in the Serial Number field. Click Deactivate to remove the expired certificate from the artl user's profile: Page 10 of 12 artl Information Leaflet 5 3.8 The Deactivate button will change to Activate once the expired certificate has been removed, click this button next to the blank Serial Number field: 3.9 You will be prompted to apply the artl user's digital signature, verified by the PIN code for the new card, see step 2.2 for reference. Click into the signature field: Page 11 of 12 artl Information Leaflet 5 3.10 Ensure the artl user's name appears in the Digital ID field (note: this field may display Sign As rather than Digital ID depending on your version of Adobe Reader). Click Sign and enter the new SmartCard PIN code when prompted: 3.11 The digital signature will appear in the signature field, click Proceed to continue to the final stage: 3.12 Click update to complete the recertification process: You have now successfully renewed your artl user card. Page 12 of 12
© Copyright 2024