The ParsSign Root CA self-signed certificate contains the ParsSign Root CA public key. This is the final trust point (also known as trust anchor) within the ParsSign PKI; all certificates paths end with this Root certificate. By downloading and installing this certificate you will therefore be able to verify the trustworthiness of other certificates issued within the ParsSign PKI. It will be install only ONCE.

 Follow steps below to install root CA certificate:

To make transactions secure by PKI, each person must install others certificate and owns a private key. We remind you that a certificate is a public document but only the owner of certificate can access the private key. In this section we will explain how to install certificates and private keys.

The Certificate Authority will send the certificate to your email address you entered in the enrollment form. To have more information about "issuing digital certificates and …", see "ParsSign Certificate Authority Services User’s Guide".

 Installing the private key will be carried out only ONCE and you can use it until it has not been removed from your system. If your private key is still in your Inbox, follow steps below to save it in a file:

1. Start Outlook Express then login.
2. Open message which has been sent from ParsSign CA. double click on attachment icon.(figure 5)

   

   Figure 5

3. On the next window, double click on the private key icon in the attach box. (figure 6)

   

   Figure 6

4. Choose "Save it to disk" and click "OK".(figure 7)

   

   Figure 7

5. Specify a directory or storage device to store the certificate then click "Save". Remember that files extension must be .p12 (figure 8) otherwise the Operating System will not recognize file's format (a certificate containing private key) and will show an icon different from figure 9.

Figure 8

Figure 9 shows a file containing a private key. The certificate corresponding to this private key will be also in the file.

Figure 9

To install the key follow steps below:

1. Double click on the file containing private key. Click "Next" to continue. (figure 10)

   

   Figure 10

2. Click "Next" to continue. (figure 11)

   

   Figure 11

3. You are required to enter the password used to get the certificate. Click "Next" to continue. We recommend you not to select "Make the private key …"check box (figure 12), otherwise if another person use your computer he or she can get your private key.

   

   Figure 12

4. In order to select "Mark the private key as exportable" check box, a strong mechanism will be enabled to protect your private key. In this case anytime a program wants to access the private key, there will appear a dialog box (figure 13). You can allow a program to use your key by clicking "OK" button. Clicking "cancel" button means that the program will be prevented from accessing the key because of being suspicious.

   

   Figure 13

5. You may select "Automatically select the certificate store based on the type of Certificate". Click "Next" to continue.(figure 14)

   

   Figure 14

6. The Completing screen will pop up and you can click "Finish".(figure 15)

   

   Figure 15

7. A dialog box like figure 16 indicates that the installation was done successfully. If you had selected "Mark the private …" check box in figure 12, a dialog box will pop up first, click "OK".

Figure 16

Figure 17

Your private key is now installed and you can use it for signing your messages.

Note1: Do not install your private key on a computer that others use it too. If you have to do it, remove the installed private key before leaving the computer (Please refer to " ").

Note2: the CA sends your private key to your email address. Remove the file after you installed private key.

Note3: We recommend you to configure these settings, before you start working "Outlook Express":

Start "Outlook Express". On the "Tools" menu, click "Options".

Click the "Advanced…" button on the "Security" tab of the "Options" dialog box.

Select check boxes highlighted.(figure 18)

Figure 18

Here is the reason of selecting each one:

1. "Always encrypt to …" option allows you to see a message which is encrypted by recipient's public key, in unencrypted format. In other words, if this choice be unchecked the messages that you have sent to others will be stored on your system (in sent Items) in encrypted format and you can not see its content.
2. If you select "Include my digital ID …" check box, the certificate (public key) will be also sent by digitally signed message. To learn more, please refer to section 4-2.
3. By selecting the "Add senders' certificate …" check box, if you receive a signed message, Outlook will automatically add senders' name and certificate in the Contact List.
4. If you select "Only when online" Outlook will automatically load latest published CRL issued by CA, on your computer. If a certificate were in the list, Outlook would not allow using it.

When you receive an encrypted message, you can save the digital certificate of that person in your Contacts List.

1. Open the signed message. If you see a message like figure 19 click "continue".

   

   Figure 19

2. Select "Properties" on the "File" menu. (figure 20)

   

   Figure 20

3. Click the "view certificate" button on the "security" tab. (figure 21)

   

   Figure 21

4. Click the "add to Address Book" button.

   

   Figure 22

5. A message such figure 23 indicating sender's certificate imported, will appear. Press "Ok".

Figure 23

The import completed successfully and a red ribbon appear on his card, in the contact list ( see the difference between habibi and edraki in the contact list in figure 19 ).

 Figure 24 shows an icon including a certificate. Note that the file's suffix must be .cer. This suffix is for files which contain a certificate in Windows. You can obtain this file from its owner or search for it in an online database and download it.

Figure 24

To import a downloaded digital certificate in your Contacts List follow steps bellow:

1. Start Outlook Express then login. If your login failed, you can do next steps without receiving any error by Outlook. Create in Outlook Express a new address or open an existing one in your address book (on "Tools" menu, select "Address Book", Right click on the person's name then click "Properties").

   

   Figure 25

2. In the Internet Options window, select "digital ID's" tab and click the "Import" button. (figure 26)

   

   Figure 26

3. Select downloaded file contains the digital certificate and choose "open".

   

   Figure 27

4. By adding a record to Digital Ids list, the persons e-mail address will join (connect) the corresponding certificate. Click "OK" to close window.(figure 28)

   

   Figure 28

5. Importing the downloaded digital certificate in your Contacts List finished. Open the address book. As you see a red ribbon added to the person's card.(figure 29)

Figure 29

The first step to secure your e-mail messages is to sign them using your private key. Your digital signature enables the recipient of your message to verify that you actually sent the message and that it was not altered along the message route. The second step to secure your e-mail messages is to encrypt them. E-mail messages are relatively easy for other people to intercept or read. You can avoid this by encrypting your messages so that only the recipient of the message can read it.

Q1. Where can I see installed certificates in Outlook Express?

How do I know if a digital certificate is on my machine?

1. On "Tools" menu, select "Options".

   

   Figure 34

2. Click "Digital Ids…" button on the "Security" tab.(figure 34)

There are 4 tabs in window which you see in figure 35, each tab lists a group of installed certificates:

Figure 35

1. Personal tab includes installed private keys and associating certificates.
2. Other People includes list of persons for whom you send encrypted message.
3. The other tow tabs include list of CA certificates. For example you can see ParsSign CA in the list after you installed its certificate from site.

Q2. How can I remove my private key on a computer?

Do as described in previous question. On "Personal" tab, select certificate then click "Remove" button. Click "Yes" button on the next dialog box to remove the certificate. (Figure 36)

Figure 36

Q3. How do I check the expiration date of my Digital Certificate?

Each certificate contains some detailed information such as name of its owner, name of issued CA, the date in which it was issued and its expiration date. To see its detail do as described in firs question, Double click on the certificate to see its details.

Figure 37 shows sample certificate information. As you see, information is in tree

General tab includes name of its owner, name of issued CA, date it was issued and its expiration date and

Details tab includes serial numbers and used algorithms.

Certification Path tab includes list of CA certificates which this certificates validity depends on their validity.

Figure 37