DOCUMENT NAME: Steps_Basic_Usage_EJBCA_Digital_Certificate_Email_Sign DATE: March 28, 2011

Kindly ensure that you have implemented the steps in Steps_Basic_Setup_EJBCA_using_JAVA_1_6_0__23_UPDATED_Ver_3__1.pdf

Kindly reference these while following the steps: Anything starting with an ENTER: is to be typed in. Anything starting with -> is a button or a link to be clicked. <YOUR VALUES> represents values that you selected to enter. Anything starting with a NOTE: is for information and not for execution. Anything starting with a SELECT: is to select on the screen/dialog as mentioned. Field {Sub-Field} represents the sub-field of a field (e.g. O, Organization {Required}).

STEP 1: NOTE: Substitute with <YOUR VALUES> as required A. In Command Prompt of JBOSS F:\jboss-4.2.2.GA\bin>run ... Started in... B. Browse to https://caserver.silentfront.local:8443/ejbca/adminweb for Admin Access page i. Dialog opens (you are about to view pages over a secure connection) ii. -> OK iii. Dialog opens (choose a digital certificate for identification) iv. SELECT: (having Name: SuperAdmin and Issuer: AdminCA1) v. -> OK STEP 2: NOTE: Substitute with <YOUR VALUES> as required A. On the Admin Access page, under CA Functions -> Edit Certificate Authorities i. Edit Certificate Authorities page opens ii. Under Add CA ENTER: CA_EMAIL iii. -> Create B. Create CA page opens with CA Name as CA_EMAIL i. Validity ENTER: 365d ii. Subject DN ENTER: CN=CA EMAIL,O=Silent Front,C=IN

iii. Under Default CRL Dist. Point (used as default value in certificate profiles using this CA) -> Generate NOTE: The other values are left as default iv. -> Create NOTE: Edit Certificate Authorities page opens with CA_EMAIL, (Active) listed under Current Certificate Authorities STEP 3: NOTE: Substitute with <YOUR VALUES> as required A. On the Admin Access page, under CA Functions -> Edit Certificate Profiles i. Edit Certificate Profiles page opens ii. Under Add Profile ENTER: EmailCertificateProfile iii. -> Add B. Under Current Certificate Profiles SELECT: EmailCertificateProfile -> Edit Certificate Profile C. Edit Certificate Profile page opens with Certificate Profile as EmailCertificateProfile i. Available bit lengths SELECT: 1024 bits ii. Validity ENTER: 365d iii. Key Usage SELECT: (1) Digital Signature (2) Key encipherment (Ctrl-click to select multiple) iv. Use Extended Key Usage SELECT: Check v. Extended Key Usage SELECT: Email Protection vi. Available CAs SELECT: CA_EMAIL vii. Publishers SELECT: External OCSP Publisher NOTE: The other values are left as default viii. -> Save STEP 4: NOTE: Substitute with <YOUR VALUES> as required A. On the Admin Access page, under RA Functions -> Edit End Entity Profiles i. Edit End Entity Profiles page opens ii. Under Add Profile ENTER: EmailEndEntityProfile iii. -> Add B. Under Current End Entity Profiles SELECT: EmailEndEntityProfile -> Edit End Entity Profile C. Edit End Entity Profile page opens with End Entity Profile as EmailEndEntityProfile i. Email Domain {Use} SELECT: Uncheck ii. Subject Alternative Name Fields SELECT: RFC 822 Name (e-mail address) -> Add iii. RFC 822 Name (e-mail address) {Use entity e-mail field} SELECT: Uncheck iv. RFC 822 Name (e-mail address) {Required} SELECT: Check v. RFC 822 Name (e-mail address) {Modifiable} SELECT: Check vi. Default Certificate Profile SELECT: EmailCertificateProfile vii. Available Certificate Profiles SELECT: EmailCertificateProfile

viii. Default CA ENTER: CA_EMAIL ix. Available CAs SELECT: CA_EMAIL x. Default Token SELECT: P12 file xi. Available Tokens SELECT: (1) P12 file (2) JKS file (3) PEM file NOTE: The other values are left as default xii. -> Save STEP 5: NOTE: Substitute with <YOUR VALUES> as required A. On the Admin Access page, under RA Functions -> Add End Entity i. Add End Entity Profile page opens ii. End Entity Profile SELECT: EmailEndEntityProfile iii. Username ENTER: x509cert@live.com iv. Password: <YOUR VALUES> v. CN, Common Name ENTER: x509cert@live.com vi. RFC 822 Name (e-mail address) ENTER: x509cert@live.com vii. Certificate Profile SELECT: EmailCertificateProfile viii. CA SELECT: CA_EMAIL ix. Token SELECT: P12 file NOTE: The other values are left as default x. -> Add NOTE: End Entity x509cert@live.com added successfully is displayed on top of the page STEP 6: NOTE: Substitute with <YOUR VALUES> as required A. On the Public Access page, under Enroll -> Create Keystore i. EJBCA Certificate Enrollment page opens ii. Username ENTER: As entered in STEP 5 iii. Password ENTER: As entered in STEP 5 iv. -> OK B. EJBCA Token Certificate Enrollment page opens i. Key Length SELECT: 1024 bits ii. Certificate Profile SELECT: EmailCertificateProfile iii. -> OK NOTE: A new certificate is generated and downloaded to the computer through the browser. NOTE: Save it to F:\ x509cert@live.com.p12 STEP 7: NOTE: Substitute with <YOUR VALUES> as required A. On the Public Access page, under Retrieve -> Fetch CA & OCSP Certificates

i. Fetch CA & OCSP Certificates page opens ii. Under CA: CA_EMAIL (Right-click) -> Download to Internet Explorer -> Save link as iii. Save As dialog opens iv. Folders SELECT: F: v. File name: ENTER: CA EMAIL.cer vi. Save as type: SELECT: Security Certificate vii. -> Save STEP 8: A. Open Windows Explorer to F:\ B. Double-click CA EMAIL.cer C. Certificate Import Wizard dialog opens i. -> Next ii. File name should be F:\CA EMAIL.cer iii. -> Next iv. Password ENTER: As entered in STEP 5 v. -> Next NOTE: Automatically select the certificate store based on the type of certificate is selected vi. -> Next vii. -> Finish D. Security Warning dialog -> Yes E. Message Box shows "The import was successful." - > OK NOTE: This certificate can be used to digitally sign emails like by using Microsoft Outlook software. Best Regards, Shakti Saran shakti.saran@silentfront.com www.personalfoldersoftware.com