Enrollment with Internet Explorer

Prerequisites

This user guide starts when the PKI certificate request has been approved and the end user (OpenPEPPOL Member) has received the enrollment email (mail with subject 'Enroll for your (xyz OpenPEPPOL) certificate') and the SMS containing the enrollment code.

In order to complete the enrollment process a compatible Operating system and Web browser is needed. For a complete list of supported combinations, please refer to the Requirements-section.

If your browser is unsupported you will see the following information if you try to start the enrollment process.

Issuing process

1. Navigate your web browser to the link in your enrollment mail. You should be greeted with a page asking you to enter the 'Service Provider ID'.
   

   Your assigned 'Service Provider ID' can be found in the enrollment mail.  Please be aware of that if you are applying for multiple certificates then the same Service Provider ID will be reused for all your certificates.
   
   Fill in your Service Provider ID and click continue.

2. In the next step, refer to your received SMS that contains the enrollment code. If you have applied for multiple types of certificates, make sure you use the expected code for the current type of certificate you are enrolling for.

   
   Enter the enrollment code and click continue.

3. Next step will confirm whether you entered the expected details correctly.

   

   Verify that the displayed information is correct and click continue.

   
   

4. You will now be informed about the certificate generation process.

   

   Read through the information and click 'Install certificate'

   
   

5. The certificate will now be generated and installed in your web browsers keystore. During the process you will need to acknowledge two alerts.

   

   Click 'Yes' to confirm and close the first alert.

   

   Click 'Yes' to confirm and close the second alert.

   

   Your certificate has now been installed in the web browsers key store.

   It is now safe to close the web browser tab you used for the certificate generation process

   
   

Export the certificate

In order to use your certificate in your implementation you must export the certificate key-pair.

1. In your web browser (that you used during the enrollment), navigate to the menu.

   

   Click 'Internet Options'

   
   

2. An option pane will open.

   

   Click the 'Content' tab, and then click 'Certificates'.

   
   

3. The next pane will list all installed certificates.

   

   Choose the certificate you wish to export and click export.

   
   

4. Click next.

   

   
   

5. Confirm that you wish to export your private certificate

   

   Click next.

   
   

6. Choose the export options in the next pane.

   

   The recommended format is PKCS 12 and to include the complete certificate chain if available. It is also recommended to delete the certificate from the web browser keystore once it has been successfully exported. Click next once the selections have been made.

   
   

7. Choose password protection and pick a password

   

   Click next.

   
   

8. Pick a location to save your PKCS12-file

   

   Click Save.

   
   

9. Verify all made settings

   

   Click Finish.

   
   

10. You have exported your certificate and it is ready to be used in your implementation. Make sure to verify that the certificate has been deleted from the web browser keystore to minimize risk of compromising the certificate.