TABLE OF CONTENTS 1 QUICK SET-UP VERIFICATION...3 2 INSTALLING CERTIFICATES...3 3 IF YOU USE MS INTERNET EXPLORER...3 3.1 INSTALLING THE CERTIFICATE...3 3.2 SSL3 ACTIVATION:...3 3.3 JAVASCRIPT ACTIVATION...3 3.4 SECURITY...3 3.5 PRIVACY...3 4 IF YOU USE THE WEB BROWSER FIREFOX...3 4.1 INSTALLING THE CERTIFICATE...3 4.2 SSL3 ACTIVATION:...3 4.3 JAVASCRIPT ACTIVATION...3 5 FREQUENT PROBLEMS AND COMMON ERRORES...3 5.1 PROBLEM: THE READER DOES NOT DETECT THE INSERTION/WITHDRAWAL OF THE ELECTRONIC ID CARD 3 5.2 PROBLEM: THE CERTIFICATE OF THE ELECTRONIC ID CARD IS NOT DETECTED AFTER AN UNSUCCESSFUL AUTHENTICATION...3
1 Quick set-up verification To subscribe to DEV (electronic mailbox for traffic issues) and to be able to read the notifications in that mailbox you must have a digital certificate admitted by Public Administrations or a electronic ID card. This digital certificate should be installed in your web browser or be available through a PKCS#11 module installed in the web browser (for the electronic ID card). Other technical requirements: Operating systems: o Windows (2000, XP, Vista, 7) Browser: Internet Explorer, 6.0, 7.0, 8.0 and 9.0 versions For 9.0 version, the 32 and 64 bit software are available Mozilla Firefox, 11.0 version or higher Google Chrome 10.X version and higher o Linux Browser: Mozilla Firefox, 11.0 version or higher Google Chrome 10.X version and higher o MAC OS X 10.7.4 Browser: Apple Safari 5.1.6 Mozilla Firefox, 11.0 version or higher Common requirements to all browsers: You need SSL 3.0 enabled Enable Javascript execution Java Runtime Environment version installed in your web browser depending on the version: o Internet Explorer 6.0, 7.0, 8.0 and 9.0 (32 bits) Java Runtime Environment 1.6 update 18 or higher Java Runtime Environment 1.7 update 4 or higher o Internet Explorer 9.0 (64 bits) Java Runtime Environment 1.7 update 4 or higher o Firefox Java Runtime Environment 1.6 update 18 or higher Java Runtime Environment 1.7 update 4 or higher o Google Chrome Java Runtime Environment 1.6 update 18 or higher Java Runtime Environment 1.7 update 4 or higher o Apple Safari 5.1.6
Java Runtime Environment 1.6 update 31 or higher o o You can download Java Runtime Environment from the following Java website: http://java.com/es/download/manual.jsp Further information on: http://administracionelectronica.gob.es/es/ctt/clienteafirma To carry out operations using an electronic signature - to subscribe and read the notifications - your computer must have the necessary permissions to install a digital signature component. Antivirus software may block the installation of digital signature software. Adobe Acrobat Reader software is required for reading the documents attached to the messages. 2 Installing certificates When you access for the first time to the website a security message indicating that the site cannot be trusted may appear although it is possible to access if you authorize the browser to do so. This is because the website uses the digital certificate issued by the Certifying Authority Royal Spanish Mint (FNMT-RCM). This authority has been developed recently and some browsers do not have the required root certificate installed. In order to install this certificate you must click on the link and follow the instructions given by the browser. The access link is: https://sede.dgt.gob.es 3 If you use MS Internet Explorer Information for users of WINDOWS Vista: The Explorer incorporated by WINDOWS Vista has added a new security feature controlling the access from external applets to the certificates installed in the web browser. To disable such feature, you must access the menu Tools / Internet Options and in the Security tab disable the box "Enable Protected Mode" as shown in the picture below.
Click on OK, close the web browser and then open a new one. By doing so, the choice of certificate applet can access the web browser certificates. Otherwise, you can always choose the certificate if it can be exported as a file with.p12 or.pfx file extension. 3.1 Installing the certificate When the user opens the web browser, they have to click the Menu Tools / Internet Options and choose the "Content" tab, as shown in the picture below
When clicking the "Certificates" button, the certificate manager will appear and all the certificates installed on the web browser will be displayed, as shown in the picture below
Then, the user must follow the instructions given: 1. In the drop-down list 'Intended purpose' select 'All' as shown in the picture above 2. Select the 'Personal' tab 3. Click the 'Import' button Once you have completed the third step, the Certificate Import Wizard will display
The user must select the file containing the digital certificate by clicking the 'Browse' button and then click the 'Next' button.
A window requesting the password for the certificate will display; in this window you can also permit the export of the certificate and to be prompted every time this certificate is going to be used. Then you will be asked to indicate the location where the digital certificate will be stored, the location must be the 'Personal' store as shown in the picture below.
The next window is to confirm the import process
3.2 SSL3 Activation: In the Tools / Internet Options menu and in the Advanced tab, enable the selected options: 3.3 JavaScript Activation In the Tools / Internet Options menu, select the Security tab and then the Internet Zone / Custom level and in Settings highlight the Active Scripting option.
3.4 Security In order to set the security of your web browser, open the 'Tools / Internet Options' menu, in the 'Security' tab use the scroll bar to select 'Medium-High' as the Internet security level, as shown in the picture below.
3.5 Privacy In order to set the privacy in your web browser, open the 'Tools / Internet Options' menu, in the 'Privacy' tab use the scroll bar to select 'Medium' as the setting for the Internet zone, as shown in the picture below.
4 If you use Firefox web browser 4.1 Installing the certificate When the user opens the Firefox web browser, they have to click the Menu Tools / Internet Options and choose the "Advanced" option and the 'Encryption' tab, as shown in the picture below. The Use SSL 3.0 and Use TSL 1.0 options must always be enabled.
Click on the View certificates button to access the certificate manager To install the digital certificate in the web browser your have to click on the Your Certificates tab; in this tab you can see the list of the installed certificates, if any. Then click the
Import button, and a new window to locate the file containing the digital certificate to import will open. The user selects the file and clicks Open, then a new window requiring the password used to encrypt the certificate will open Then the certificate will be successfully imported and the list with all the certificates installed in the web browser displays.
4.2 SSL3 Activation: In your Firefox web browser, in the Tools / Options menu and in the Advanced option, select the Encryption tab, enable the selected option:
4.3 JavaScript Activation In your Firefox web browser, in the Tools / Options menu and in the Content option, choose Enable JavaScript:
5 Frequent Problems and Common Errors 5.1 Problem: The reader does not detect the insertion/withdrawal of the electronic ID card Description: the web browser does not detect the withdrawal or the insertion of the electronic ID card in the reader, so if you have not inserted the card before the web browser CrytoManager instantiates (caused by the signature client start-up), the certificate will not appear. Another problem which may raise is that once the client has been loaded, the card is withdrawn. When a signature operation is carried out, the web browser will show the certificate of the electronic ID card (although it is not longer present) and it fails when the user tries to use it. Causes: it is a problem caused by the web browser when managing the encryption devices (PKCS11 for Mozilla and CSP for IE) that does not allow the signature client to make a request to reload such devices.
Solutions: To insert the card prior to loading the signature client. 5.2 Problem: The certificate of the electronic ID card is not detected after an unsuccessful authentication Description: the web browser does not detect the certificate of the electronic ID card if a wrong PIN code is entered for the first time, even though the user does enter the PIN code correctly afterwards. Causes: the problem is caused by the CSP (Cryptographic Service Provider) of the electronic ID card. Solutions: reinsert the card in the reader and proceed to identify yourself again.