Registration and Renewal procedure for Belfius Certificate GTU Environment
Table of contents TABLE OF CONTENTS... 2 1. INTRODUCTION... 3 2. CONTACT... 3 3. REGISTRATION PROCEDURE... 4 3.1 PRE-REQUISITES... 4 3.2 IMPORT THE DEXIA GROUP ROOT GTU CA CERTIFICATE... 4 3.3 IMPORT THE DEXIA BANK BUSINESS CA CERTIFICATE... 9 3.4 GENERATE OF GTU CERTIFICATE... 12 3.5 IMPORT YOUR KEYS AND CERTIFICATE... 12 4 RENEWAL PROCEDURE... 14
1. Introduction This document describes the issuance or renewal procedure to issue your Belfius GTU certificate using Certificate Services website. A Belfius certificate is composed of two pieces of information (a private key and a public key). Public and private keys are like two halves of a single key (a public key is used to encrypt or "lock" a message, and only the complementary private key can "unlock" that message). The export must be achieved to make a backup of all keys or to use the keys on another machine. 2. Contact IS4F PKI Services info-pki@is4f.com
3. Registration Procedure Scenario : - You will connect to web applications using a SSL client certificate 3.1 Pre-requisites A request to IS4F Certificate Services Support info-pki@is4f.com The mail with the certificate attached The Password for the PFX file 3.2 Import the Dexia Group Root GTU CA certificate This operation should only be done 1 time. It is not needed in the future in case of certificate renewal on the same machine at your side Before trusting certificates issued by IS4F/Belfius, you need to trust the Certification Authorities ( CA ). Root Certification Authority of IS4F/Belfius is at the top of the certification path. This Root CA is the single point of trust. This certificate must be imported first. 1. Download it from http://pki.dexia.com/certificate/rootcagtu_2011.crt 2. This panel appears. Choose «Open».
3. Select «Install Certificate». 4. And «Next».
5. Select «Place all certificates in the following store» and click «Browse». 6. Select «Trusted Root Certification Authorities» and click OK
7. Select «Next». 8. And «Finish»..
9. The following message is displayed only for RootCA import. You have to check «Serial Number», «Thumbprint (sha1)» & «Thumprint (md5)». They must be exactly the same than reported below. Afterwards, select «Yes». 10. Click «OK» to finish the import.
3.3 Import the Dexia Bank Business CA certificate This Certification Authority has been renewed in 2011 This should be reinstalled 1 time The Dexia Business Certification Authority (Business CA) issue certificates for e-transfer on all business lines of Belfius. 1. Download certificate from http://pki.dexia.com/certificate/businesscagtu_2011.crt 2. Choose «Open» and click «OK». 3. Select «Install Certificate».
4. Choose «Next». 5. Choose «Next» again.
6. And «Finish».
3.4 Generate of GTU certificate 1. This process is performed by Certificate Services administrators 2. As soon as IS4F has verified all your information, you will receive an e-mail containing your personal certificate for GTU (protected by a password). 3. You will also receive the Password in another mail or by another means 3.5 Import your keys and certificate 4. Double-click on your certificate file and the Certificate Import Wizard starts. Click Next
5. Check the file location and click Next 6. Type in a password and click Next
7. Complete the Certificate Manager Import Wizard by clicking on Finish. 8. Click OK to finish the import. 4 Renewal Procedure Before the expiration of your certificate (60 days), you will receive an e-mail to invite you to renew your certificate. To achieve this procedure, please follow the steps described in the chapter 3 Registration procedure. Select the Content tab and click on Certificates