Access to RTE`s IT system with digital certificates under Microsoft
Contents
1. Ctrl S to save 11 2 3 Message encryption and signing To encrypt and sign a message with Outlook 2003 first create a new message by clicking on New or Ctrl N Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2l OEM ST 08 00066 Page 87 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual To sign and encrypt your message verify that the two icons above have been correctly checked To verify the security parameters right click on the Options button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Page 88 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Param tres S curit E t Importance 79 Modifier les param tres de s curit pour ce message E Crit re de diffusion Param tres de s curit Options de vote et de suivi VE Utiliser les boutons de vote C Demander un accus de r ception pour ce message Demander une confirmation de lecture pour ce2. Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 18 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 6 Installation and configuration of the workstation All operations in this chapter are to be performed just once by computer staff with Administrative privileges over your workstation when you receive your RTE applications access kit In addition note that only a few chapters of this manual concern you directly those being the chapters relating to the software that you use 6 1 Network configuration 6 1 1 Overall configuration Electronic messages emails passing between RIE and the user will be transported over the Internet SMTP protocol S MIME format Access with a web browser employs quite transparently to the user a digital certificate access authentication system for the RTE portal and encryption of data communicated over the Internet HTTPS protocol IMPORTANT NOTE The messaging and antivirus routers firewalls and content analysers must be configured to not alter or refuse encrypted and signed messages in S MIME format application x pkcs7 mime p7s p m nor to block HTTP data traffic port 443 The network administrator can be c
3. RESEAL DE TRANSPORT D ELECTRICITE CN Clent RTE TEST OU 50 6523 0000 0000 OU Soft ID O TEST C FR Modifier les prope t s Copierdansun fichier En savoir plus sur les 7 5 Use of your certificate 7 5 1 Authentication and encryption Steps to follow e Start Internet Explorer Moder les propri t s En sanior plus sur les deta s duc z G n ral D tais Chemin d acc s de certification Valeur LU T 9f03b2b43fF 49 da ice sha IRSA RTE Auboite de Certification mercredi 5 septembre 2007 15 vendredi 4 septembre 2003 15 LL Es 2 MET T AZA ina Rie E test be chent 1 G sernices rte fance com Copier dans un fichier ul e Enter the URL for the RTE application or for the RTE Customer Services Portal this URL starts with https e During authentication the browser will ask you to choose the certificate before attempting to authenticate you and then prompt for the certificate store security password e f several certificates are offered to you you should choose the one that was supplied to you for the application which you are currently attempting to access use the Display the certificate button to look at their contents e Now all the data that you send and receive will be encrypted Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is
4. ct Vos certificats Autres personnes Sites Web Vous poss dez des certificats de ces organisations qui vous identifient Mom du certificat P riph rique de s curit Sujets Num ro de s rie Expirele B RESEAU DE TRA Chent RTET S curit personnelle Click on Delete Suppression de certificats o CPE moa Voulez vous vraiment supprimer ces certificats 7 Client RTEL TEST Si vous supprimez un de vos certificats vous ne pourrez plus l utiliser pour vous identifier vous m me Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Click on the OK button The certificate is now deleted from the certificate list EF Gestionnaire de certificats oq s Ehl DO D Vous poss dez des certificats de ces organisations qui vous identifient Mom du certificat P riph rique de s curit Sujets Num ro de s rie Expirele R 8 6 Connection to the SSL VPN 8 6 1 8 6 2 Foreword Connection via SSL VPN is a service which offers the establishment of a secured communications channel to RTE FrontOffice through the Internet This channel is established after authentication of your ce
5. NT SI CN2l OEM ST 08 00066 Page 64 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Options ow B 9 Flux G n ral Onglets Contenu Vie priv e S curit Avance G n ral Mises jour Chiffrement Protocoles I Utiliser SSL 3 0 Utiliser TLS 1 0 Certificats Lorsqu un site Web n cessite un certificat A En s lectionner un automatiquement Me demander chaque fois Afficher les certificats Listes de r vocation V rification P riph riques de s curit Click on Display the certificates amp Gestionnaire de certificats ms Vos certificats Autres personnes Sites Web Vous poss dez des certificats de ces organisations qui vous identifient Mom du certificat P riph rique de s curit Sujets Num ro de s rie Expirele R Exporter Tout exporter Click on Import Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE _ NT SI CN2l OEM ST 08 00066 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Select the PKCS 12 file with a p12 or pfx extension amp Nom de fichier importer Q D Certificats Rechercher E Organiser se Affichages Ld Nouv
6. Click on the Modify button 7 DIE etes 3 I SPP CPP NUE RTE i pem Edition des param tres de confiance de l autorit de certification CA Le certificat RTE Autorite de Certification repr sente une autorit de certification Modifier les param tres de confiance Ce certificat peut identifier des sites Web Ce certificat peut identifier des utilisateurs de courrier lectronique Check the three boxes shown above then click on OK You have now declared your trust in the RTE root certificate as shown below Ves certificats Autres personnes Sites Web Autorit s Vous passedez des certiheats de ces organizations qui vous identihient Nom du certificat Periphenque des c Sujets RESEAU DE TRAN Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 104 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual D tails du certificat Jce3a7a f cacdd1856c466 482c 14e 7 A S65faG OBdD An1c Bibe i5 Wem G n ral D tails Ce certificat a t v rifi pour les utilisations suivantes Certicet client SSL Certificat de pg
7. RTE NT SI CN2l OEM ST 08 00066 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual To view this certificate later in Mozilla Firefox you must use the Tools gt Options menu and select the Advanced section and the Encryption tab Options emm w GO OW a 99 G n ral Onglets Contenu Flux Vie priv e S curit _ Avanc G n ral R seau Mises jour Chiffrement Protocoles v Utiliser SSL 3 0 v Utiliser TLS 1 0 Certificats Lorsqu un site Web n cessite un certificat 7 En s lechonner un automatiquement amp Me demander chaque fois Afficher les certificats Listes de r vocation V rification P riph riques de s curit Lame a Click on the Display the certificates button Vous poss dez des certificats enregistr s identifiant ces autorit s de certification Nom du certificat P riph rique de s curit el DE TRANSPORT D ELECTRICITE S RSA Data Security kic E Verisign RSA Secure Server CA Secure Server OCSP Responder In the Authorities tab you can verify that the RTE Autorite de Certification root certificate has indeed been registered on your PC hard drive Personal security and view it by selecting it and clicking on View Copyright RTE This document is the property of RTE All communicatio
8. The key pair that will be generated is by default ata medium security level which means that each later use of this key pair will cause the display of a simple acknowledgement message the user is thereby warned of this usage but no password is requested For protected use of your key pair which we recommend you should rather choose high security which will mean that a password that you will choose Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 32 128 NT SI CN2I OEM ST 08 00066 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual here will be asked of you for every later use of your key pair The screens below describe the procedure to set this security level in d une Cr ian d une nouvelle c d change RSA Creat nouvelle cl d change RSA Cr er un mot de passa pour prot ger cat dimai a Ha ee Demander mon adborisaton l aide d un mol de passe lorsque cel l ment dot re ues Mese j Cr er un nia nesau mot de pease pour cet alement jer mon aiaiai iormoue cet l ment dot UTD Mm lied n Mot de passe pow Cl criv s Crypin s Pe ee LL Conrmer erreser sedie Tum Gien Select the High option then click on
9. It is valid for 2 years from the download This tab allows you to verify your certificate date Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 34 128 NT SI CN2I OEM ST 08 00066 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Page The valid status of your certificate as well as the complete display of the certificate access path 2 levels shows that your certificate has been correctly installed along with the root certificate and therefore all the correct usage conditions for your certificate have been satisfied Certificat Certificat G n ral D tais Chemin d acc s de certification Afficher Tout Afficher lt Tout gt Chem Valeur Champ F Ver son V3 wersion Num ro de s rie 7f 9f 032 b4 3f 89 d2 17 Se Num ro de s rie Alganthme de signature sha IRSA L Algorithme de signature E Waide partir du mercred 5 septembre 2007 15 valide perti du EI Valide jusqu au vendredi 4 septembre 20059 15 vaide jusqu au Ca Objet best rte chent servies rte f E Pek ree dare io 25A 1524 Birel LESC blue CH RTE Autori e de Certification
10. Messages Outils Relever crire Adresses R pondre R p tous Transf rer tiquette Supprimer Ind sirable Imprimer Reculer Avancer Enim tic cada Tous les dossiers t O Sujet amp Exp diteur Date R Dossiers locaux s ERR 004 Signature invalide Invalid signature Test 9 secure email gateway services rte fran 01 06 2007 14 49 lt lt Courrier entrant 30 lt ERR 005 Signature invalide Invalid signature Test secure email gateway services rte fran 01 06 2007 14 50 Messages en attente Test MCO FO Test ok RTE Applil 01 06 2007 15 44 Envoy s Test MCO FO 2 4 1 RTE Applil 01 06 2007 15 46 f Corbeille Test MCO FO 2 4 1 9 RTE Applil 01 06 2007 15 52 Test MCO FO validation cryptol 9 RTE Applil 01 06 2007 16 11 Test MCO FO validation cryptol Test MCO FO 01 06 2007 16 13 Test MCO FO Validation crypto1 9 Test MCO FO 01 06 2007 16 13 Test MCO FO Validation Crypto1 9 Test MCO FO 01 06 2007 16 14 Test MCO FO validation cryptol 9 Test MCO FO 01 06 2007 16 23 3 Test MCO FO validation cryptol 9 Test MCO FO 01 06 2007 16 24 7 Test MCO FO validation crypto1 9 Test MCO FO 01 06 2007 16 25 E Sujet Test MCO FO Test ok De RTE Applil Date 01 06 20 applil services services rte france com POUL A Egg Ajouter l adresse au carnet d adresses Envoyer un courrier Copier l adresse Cr er un filtre V Nonlu
11. Activ 12 09 2007 Type Multifonction Intemet Expire 11 09 2009 Empreinte BDFC 013A C360 D68C A103 ECSB EUDA 17D4 l existe une cl priv e comespondant ce certificat Tout accepter Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 110 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Your certificate that you wish to import as well as the root certificate are shown in the list If you click on Advanced details the contents of the selected certificate your certificate in this example are displayed in the following window SENA en Orense ETE e E nk n Cra HET L 7 Ih La c3 in 74 Zum i rig r7 enr I E 1 p Details avances sur le certificat Ce certificat represente une personne ou un service j tonnaiions sur le certificat s lectionnez un attribut pour lequel vous souhaitez afficher des d tails ci dessous nid pape Hirt Een Attribut Valeur Delivre a EMAIL estate client eservices rtedrance com CN Chent RTET TEST OLIHIEZ D livr par CN RTE Autorite de Certification O RESEAU DE TRANSPORT D ELECTRI Empreinte MDS BOFC 013A C36D D68C A103 ECBB EDDA 1 D4 Empreinte SHA 3179 831B E3F1 1011 6BB3 BCOC BAAS 1
12. En sare plus sur les pergat 7 6 3 Deletion of your personal certificate With Internet Explorer deletion of a certificate with the private key Under Internet Explorer open up Tools Internet options and click on the Contents tab and then on the Certificates button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2l OEM ST 08 00066 Page 44 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Date dex Mom convivial mm erm nm Details de certificat HOOP SEPIUS FS I Date dex Nom convivial Detai s de cerbficat The certificate is deleted from the certificate list Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 7 7 Connection to the SSL VPN 7 7 1 7 7 2 7 7 3 Foreword Connection via SSL VPN is a service which offers the establishment of a secured communications channel to RTE FrontOffice through the Internet T
13. FB Identit des autres Type D livr 2 D livr par testate client 1 services rtedrance com RTE Autonte de Certification test te cient 1 amp services rtedrance com ATE Autonte de Certification Obtenir certificats Activit des autres E gs Donn es Notes Messagerie El ment s lectionn D livr test te client 1 services rtedrance com E mail test4te client services rtedre D livr par RTE Autorite de Certification E mail Activ 12 09 2007 Type Multifonction Intemet Expire 11 09 2009 Empreinte BOFC 013A C36D D68C A103 ECSB EODA 17D4 D tails avanc s Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 115 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 14 3 Reception of a signed and encrypted message The first time that you select a signed message that you have received a dialogue box similar to the one below will be displayed so that you can grant your confidence in the sender Certification crois e 1 1i xJ Cettficateur RTE test client 1 RTE test client Serveur Local D nomination sp cifique EMAIL diapasont amp services rtedrance com LN RTE Denominations
14. MD5 590 27 5A 2B A5e10 ABI2AS217209t EEb 5942125392672A0 2521 If it is not identical click on Close to return to the previous window where you should click on Cancel and contact our support services If it is identical continue the process to finish the import The Details tab Di teli du certe RTE amp abienbe de Cestibeatssn m G n ral Cain Heini cB d c eti ic ati ATE Xutenig de Carlificatizn Chasmigrs du caritat 2 ATE Asbenig d Cariificalien Cet Yemen E Murn ro de s rie Algnnithme de signgbire des certant uada Par ayant Pai apr s set Valeur du Change CN RIE Aurorite de Cerzifigsrinn D EEMESI DE TRANSPORT D ELECTRICITE Fermer D tails du uetifcan ATE Aorta de Certification eT md Cru Dli Bibra hee des certificata RTE Autore de Certes ti con Champ de rertifiras Cera Verso hha de senp Algcnthens de monture des cr es Emetteur Vabelte BE i Pa spree eee eho cl pushique du uy Valeur du champ CH RTE Autorite das Certification CG BESEAU DE TRAESPORI D ELECIEICITE immm Click on Close to return to the initial screen see above where you can click on OK the RTE CA root certificate is now installed in Mozilla Firefox Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE
15. Oo TEST C FR Vos certificats Autres personnes Sites Web Vous poss dez des certificats enregistr s identifiant ces autorit s de certification Nom du certificat P riph rique de s curit RESEAU DE TRANSPORT D ELECTRICITE E RSA Data Security Inc Verisign RSA Secure Server CA Builtin Object Token Secure Server OCSP Responder Builtin Object Token 77353 8 5 2 Deletion of your personal certificate With Mozilla Firefox deletion of a certificate with the private key In the Tools Options menu select the Advanced section and the Security tab v 1 5 and higher Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 68 128 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual un 56e amp G n ral Onglets Contenu Flux Vie priv e S curit G n ral R seau Mi Protocoles Utiliser SSL 3 0 Utiliser TLS 1 0 k Certificats Lorsqu un site Web n cessite un certificat 5 En s lectionner un automatiquement Me demander chaque fois Afficher les certificats Listes de r vocation P riph riques de s curit Click on Display the certificates amp Gestionnaire de certificat lt
16. PKI user manual Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 6 128 Access to the IT system with digital certificates M under Microsoft Windows Vista PKI user manual A FOREWORD Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 1 Introduction 1 1 Document subject This document is intended for the end user who wishes to access the RTE s IT system with digital certificates This document allows certificate holders to e understand the context and the principles of a secured environment as well as the general operation of a public key infrastructure PKI or IGC in French e know how to install and use their digital certificates in the following environments o Windows Vista o Browsers Mozilla Firefox and Internet Explorer 7 for secure access using the HTTPS protocol and through an SSL VPN o Email clients Mozilla Thunderbird 2 Outlook 2003 2007 Windows Mail Lotus Notes 7 at least 7 0 2 for secure commu
17. RTE NT SI CN2I OEM ST 08 00066 Page 62 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual amp Gestionnaire de certificats Vos certificats Autres personnes Sites Web Autorit s Vous poss dez des certificats de ces organisations qui vous identifient Mom du certificat P riph rique de s curit Sujets Num ro de s rie Expirele E2 zi RESEAU DE TRA I hent RTEL Securite personnelle IFSEO0SXBZBEH3E 11 Select your certificate and click on Export Choose a location and a name for the generated file in the PKCS 12 012 format amp Nom de fichier sauvegarder Le a bis BE Bureau Rechercher z Nom du fichier RTE_chentrte services rte france com pl Type Fichiers PKCS12 Parcourir les dossiers Click on the Save button If necessary this window will ask you for the password to the Mozilla Firefox certificate store Mot de passe requis Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 63 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Choix d un mot de passe de sauvegarde du certificat Le mot d
18. Valeur B BT EMAIL estate client 1 eservices rtedrance com C N Chent RTE1 TES TOUSA f D livr par CN RTE Autorite de Certification O RESEALI DE TRANSPORT D ELECTRI Empreinte MDS BOFE 0134 C36D0 D68C A103 ECSB EDDA 17D4 i Empreinte SHA 3179 831B E3F1 1D11 6BB3 BCOC BAAS 18D4 6FA amp 5553 bL Identificateur de cl SHAT 770E 4D 76 AEE3 DBO08 DCB3 AF7F 71CB 613D F775 E46E _ Num ro de s rie 7F9F 03B2 B43F 8902 1CSE 8427 098F DOD JEMAIL testste client 1 services rtedrance com CN Cient RTE1 TEST r3 IOU 150 6523 0000 0000 E L Annuler 14 2 Viewing the certificate To view your certificate you only need to select the certificate and click on Advanced details in the following window that as before can be opened through File Security User security TIE Certificats dans votre fichier ID sit x Les certificats toumissent une m thode s curis e didentification dans Notes et d autres programmes Votre ID Votre identit peut contenir des certificats destin s s curiser les communications Motes ainsi que des certificats destin s Intemet Vos noms Vos certificats Intemet Peut tre utilis pour changer des messages s curis s avec des utilisateurs Vos certificats ext rieurs Notes pour acc der des pages Web s curis es partir du i navigateur Notes ou pour s curiser les connexions aux services Intemet Votre carte puces l aide de SSL
19. e SMTP server address smtp services rte france com When your access to RTE FrontOffice is supplied to you you will receive your login identifier your password and your email address Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Page Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual NOTE Given that the messages are being forwarded through a secure channel the sending and receipt of emails does not require the use of a certificate for message encryption Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE 74 128 NT SI CN2I OEM ST 08 00066 Page 75 128 Access to the IT system with digital certificates M under Microsoft Windows Vista PKI user manual E EMAIL CLIENTS Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 76 128 R TE Version 2 Access to the IT system with digital certificates under Microso
20. invalid or unknown signature used is incorrect The email sent by the customer could That certificate that you used to encrypt the not be decrypted by RTE email is invalid 007 The email sent by RTE did not reach This is an internal RTE problem the customer because of a security problem lt FR Description gt Description of the error in French lt EN Description gt Description of the error in English Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 16 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual lt Subject of the original The subject header of the original message that caused the message gt error in question 5 2 Support For any information or assistance the customer can contact the RTE Hotline at 00 800 80 50 50 50 universal green number Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 17 128 RTE Version 2 Access to the IT system with digital certificates M under Microsoft Windows Vista PKI user manual C WORKSTATION CONFIGURATION
21. Edition Vue Cr ation Actions Texte Cr er Fermer Enregistrer Enregistrer sous nouvelle version Sauvegarde automatique Propri t s du document Base de documents R plication Mobile Messagerie instantan e Rattacher Importer Exporter Mettre en page Apercu avant impression Imprimer Pr f rences S curit Outils Fermer tous les onglets Sauvegarder tat des fen tres Effacer tat des fen tres sauvegard es Quitter Notes l de fen tres ouvertes Ctrl F Ctrl E Ctrl P Options de la page d accueil w Contacts aaae Verrouiller affichage F5 Changer ID Zone de texte prot g e du masque Liste des t ches Astuce du jour 4 b Journal personnel Pour afficher la bo te de dialogue Ouverture d une base appuyez sur CTRL O Jl a oma The following screen is displayed authorisation from the Electricity Transport Network Operator RTE Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written NT SI CN2I OEM ST 08 00066 Page 107 128 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual e S curit g n rale Votre identit Votre identit Nom RTE test client RTE test client 1 Identit des autres Fichier ID C Program Files dJotus note
22. Explorer This is automatically the case if you have downloaded it in Internet Explorer but if you downloaded it with Mozilla Firefox you must export it from that browser and import it into Internet Explorer with the corresponding private key and the RTE CA root certificate Refer to the section at the end of this document Start Outlook 2007 and open the menu option Tools gt Confidentiality management centre Centre de gestion de la confidentialit m diteurs approuv s 5 2 pp Courrier lectronique chiffr Compl ments TEE Chiffrer le contenu des messages et des pieces jointes pour les messages sortants ci Options de confidentialit Ajouter une signature num rique au message sortant V Envoyer le message sign en texte clair lors de l envoi de messages sign s Demander un accus S MIME pour tous les messages S MIME sign s E c UC 1e55aqecrie erecto ue Gestion des pi ces jointes a 3 Param tre par d faut Parametres T l chargement automatique Identifications num riques Certificats S curit des macros X Les identifications num riques ou les certificats sont des documents qui vous permettent de Acces par programme justifier votre identit lors de transactions lectroniques Importer Exporter Obtenir une identification num rique Lire comme texte brut Lire tous les messages standard au format texte brut Lire tous les messages electroniques signes num
23. NT SI CN2I OEM ST 08 00066 Page 84 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Changer les param tres de s curit _ Pr f rences des param tres de s curit Nom des param tres de s curit Mes param tres S MIME test rte cdientigse Format de cryptographie Param tre de s curit par d faut pour ce format de message crypte Parametre de s curit par d faut pour tous les messages cryptes Certificats et algorithmes Certificat de signature Utilisateur TEST1 Algorithme de hachage SHA1 Certificat de cryptage Utilisateur TEST1 aime de cryptage Envoyer ces certificats avec les messages signes Click on the two Select buttons in order to select your certificate for signing and encryption from the list of selectable certificates that is presented to you you can also display any certificate in the list to view its contents and assure yourself that you have chosen the right one Finally verify that the data is the same as that above S MIME boxes checked certificates algorithms if the Name of the security parameters field is empty enter a name like RTE Certification At last click on OK The following window will then be displayed Courrier lectronique crypt 9 Crypter le contenu des messages et des pi ces jointes pour les messages sortants q Ajouter la signature num
24. Next Enter a password then click on the Finish button Click on OK Confirmation d acces au Web Confirmation d acces au Web Ce site Web ajoute un ou plusieurs certificats cet ordinateur Ce site Web est en train de demander pour vous un nouveau certificat Me permettez qu aux sites Web de confiance de demander un certificat peur vous Voulez vous demander un certificat maintenant Permettre un site Web non approuv de mettre vos certificats jour est un danger potentiel pour votre s curit Le site Web pourrait installer des certificats que vous n approuvez pas ce qui pourrait permettre des programmes non approuv s de s ex cuter sur cet ordinateur et acc der vos donn es Voulez vous que ce programme ajoute les certificats maintenant Cliquez sur Oui si vous faites confiance ce site Web Dans le cas contraire cliquez sur Non Click on the Yes button Click on the Yes button Installation of the certificate Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 33 128 RTE Version 2 7 4 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual ID Download Windows Internet Explorer Qu https rte soft id certplus com cgi bin
25. O RESEALI DE TRANSPORT D ELECTRICITE Unit d organisation OU Ne Fait pas partie du certificat gt Validit mis le 28 10 2005 Expire le 29 10 2007 Empreintes num riques Empreinte num rique SHA1 B2 98 A5 4B 24 50 CD D5 D1 68 5C 2F 3E E3 18 49 B7 07 9B FC Empreinte num rique MDS 49 2F C8 E1 2F 76 0C 67 19 D1 6D 86 CC 49 E5 1C Fermer A digital certificate in Mozilla Firefox 15 2 Documentation Reference documents Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 125 128 NT SI CN2I OEM ST 08 00066 Page 126 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual The RTE Certification Policy The subscription contract for the RTE s secured IT system Web sites http www legifrance gouv fr Legislation from March 13th 2000 bearing modifications on legal proofs of information technologies relative to electronic signatures http www assemblee nat fr Directive 1999 93 CE from December 13th 1999 concerning an EU community framework for electronic signatures http europa eu int The regulatory working group on electronic signatures http www internet gouv fr Keynectis http www keynectis com Copyright RTE This document is the property of RTE All commu
26. OEM ST 08 00066 Page 42 128 RTE Version 2 Access to the IT system with digital certificates M under Microsoft Windows Vista PKI user manual Ve Apini poisi de certificat Fin de l Assistant Importation de certificat Ce cerificat sera inport apr s QUE vous aurez cue sur Temm Ct Vous avez spec les parantes suivants ia fa pi TE D terrine autprrertqs Centeru pex arn du cheer C sert Food Lastly click on Finish Select the security level of the private key that you are importing with the certificate UTC TM CREME Te T E Importation d une nouvelle cl d change priv e ew iM Importation d une nouvelle cl d change priv e Une application cr e actuellement un d nen protege Chose un rives de s cunt appropria cet eren Haul Hm Demander mon auteraabon l aide d un mot de passe logue ce S men dod ere utes Moyen mim im Past n Click on the Define the security level Select the High option then click on the button Next button Crier un mot de passe pour prot ger cet l ment Une application cr e actuellement un l ment prot g Cater un nouvesu mot de pass pour cel emen Mot de pause pour Ce prise Cro dl Mot de passe BERESHESEH Canfimer per cmm Temmer j me E M M a HH Copyright RTE This document is the property of RTE All communication reproduction or public
27. de la zone Ajouter ce site Web la zone https rte client soft id certplus com Sites Web V Exiger un serveur s curis https pour tous les sites de cette zone Fermer In the field Add this web site to the zone enter the following URL https rte client soft id certplus com Click on the Add button The site will now appear in the Web Sites list as shown on the screen below Sites de confiance esl Vous pouvez ajouter ou supprimer des sites Web dans cette zone Tous les sites Web pr sents dans cette zone utiliseront les param tres de s curit de la zone Ajouter ce site Web la zone Sites Web https rte client soft id certplus com V Exiger un serveur s curis https pour tous les sites de cette zone Fermer Continue in the same fashion to add the following sites https portail iservices rte france com httos secure iservices rte france com The 4 sites should now appear in the Web Sites list Sites de confiance i Vous pouvez ajouter ou supprimer des sites Web dans cette zone Tous les sites Web pr sents dans cette zone utiliseront les param tres de s curit de la zone Ajouter ce site Web la zone Sites Web https portail iservices rte france com https rte client soft id certplus com https rte hard id certplus com https secure iservices rte france com V Exiger un serveur s curis https pour tous les si
28. even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 96 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual S lection d un certificat irl Certificat Detal du certrfhicst s lectionne Ems pour E test rte client Q seraces rte france com CN Chent RTET TEST QU TSO 6523 0000 0000 OU Soft ID O TESNC FR Numero de s ne 7FEA3 3 B2 BA 3E 89 D2 1 C 9E84 27 09 11 57 DB Valide de 24 04 2007 17 55 54 pour 23 04 2009 17 55 54 Sujets Signature Chiffrement Emes par CHERTE Autorite de Certificstian RESEALI DE TRANSPORT D ELECTRICHE Sbock dans S curit personnelle QE i Annuler All your emails destined for RTE applications sent from this account will now be encrypted and signed 13 2 Use of the certificate 13 2 1 When to use the certificate By using your certificate you can e authenticate yourself to RTE applications e sign and encrypt emails destined for RTE applications e decrypt electronic messages that have been sent to you by RTE applications The encryption and signature of a message are two distinct processes you sign a message with your own certificate whereas you encrypt it with the recipient s certificate The recipient s certificate can be obtained in several ways The RTE applications send you their certificates
29. haze ler oer baig dare ip chean d acces de o Feersad de fiches lt Pr c sent Susant sms Enter the name of the PKCS 12 file then Lastly click on the Finish button click on the Next button Exportation cl PETERE priv e Cl Ick on O K Une application demande l acc s un l ment prot g You have just exported a combination of your certificate its private key and the Cl priv e CryptoAP certificate of the CA root into a password protected PKCS 12 standard format file These elements have therefore been exported but are still present in the Internet Explorer store Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Page 40 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual IMPORTANT Once downloaded your certificate with its key pair and root certificate must be saved on a removable medium e g a diskette that you must store securely to prevent unauthorised access Refer to the certificate export procedure 7 6 1 7 6 2 Import of your personal certificate With Internet Explorer import of a password protected PKCS 12 file with the root certificate Under Internet Explorer open u
30. nen Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 61 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 8 5 Supplementary operations 8 5 1 Export of your personal certificate Under Mozilla Firefox export of a certificate with the private key and the root certificate Once finished generation of a file in the PKCS 12 p12 format protected with a password From the Tools gt Options menu version 1 5 and higher G n ral Onglets Contenu Flux Vie priv e S curit Avance G n ral R seau Mises jour Chiffrement 1 Protocoles v Utiliser SSL 3 0 V Utiliser TLS 1 0 r Certificats Lorsqu un site Web n cessite un certificat En s lectionner un automatiquement Me demander chaque fois Afficher les certificats Listes de r vocation V rification P riph riques de s curit Annuler Aide Select Advanced gt Encryption and click on Display the certificates Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE
31. plus facile d ulilizatusm Zone deste sensibles plus s amp cunz e J M aver lorsque d autres applicatioer essaient d envoyer des messages amp ectraniques de ma part J Ne pas actnnser leurre eu l eeseesbreement des pi ces pointes suzcepbble de contenir un vina T iacharger les images xw Bloquer des images et lez autres contenus externes dans les messages HTML Coume s curit Le ideritihcabsuri noenisiquies Laussi appels certificati cori de documents speeciaux permettant de voz identifier bors de tranizsctianz Becbraniques Pour signer nunm nguernment des merzager cu recevoir des messages chiffr s vous dever avoir un identiese rumenque jdent icsteurs num riques JI CFuffrer le contenu et lex pieces jouries de tours len Prik i aen n bertanti af ugis num riquement 16us l rege kotantt Avanci Select the Security tab check the two checkboxes labelled Encrypt the contents of messages and attached documents for outgoing messages and Digitally sign all outgoing messages and then click on the Advanced button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 80 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Param tre
32. rique au message sortant D Envoyer le message sign en texte dair lors de l envoi de messages sign s Demander un accus S MIME pour tous les messages S MIME sign s Param tres par d faut Mes param tres S MIME test te cienti se Zones de s curit E Les zones de s curit vous permettent de personnaliser l ex cution ou non des scripts ou du contenu actif dans des messages HTML Param tres de la zone T l chargement des images Modifier les param tres de t l chargement automatique Identifications num riques certificats Les identifications num riques ou les certificats sont des documents qui vous permettent de prouver votre identit dans les transactions lectroniques Importer Exporter Obtenir une identification num rique Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Check the Encrypt the contents of messages and attached documents for outgoing messages and Add the digital signature to outgoing messages boxes and click on OK All your e
33. sophialite exe f w ow I iD Download mv v mh v sb Page v Q Outils v Votre certificat num rique a t t l charg etinstall Informations sur votre Certificat num rique Country FR Organization RTE Organizational Unit Soft ID Organizational Unit ISO 6523 0000 0000 Common Name Client RTE1 TEST Email Address test rte clienti services rte france com Num ro de S rie 7f9f0302043f89d21c9e8427890fd3a3 Termin S Sites de confiance Mode prot g d sactiv 10090 Next the certificate is automatically downloaded and installed in the Internet Explorer certificate store The page opposite is displayed to indicate the end of this process IMPORTANT Once downloaded your certificate with its key pair and root certificate must be saved on a removable medium e g a diskette that you must store securely to prevent unauthorised access Refer to the certificate export procedure 7 6 1 Contents and verification of your digital certificate Regardless of the browser used the contents of the downloaded certificate will obviously be the same only the presentation of the information on the screen will vary For downloads with Internet Explorer open the certificate store with the following menu choices Tools Internet options Contents tab Certificates button Copyright RTE This document is the property of RTE All communication reproduction or publication even part
34. specifications they will serve to authenticate you with the RTE Hotline any time that you contact them On this form a dropdown list directly asks you to select the key size You absolutely must select a size of 1024 bits Lastly click on Submit to send your request for the digital certificate Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 56 128 RTE Version 2 8 3 1 8 3 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual A dialogue box will ask you to confirm your email address La page sur https rte soft id certplus com dit emi ma Y Confirmez votre adresse e mail p i test rte clientl services rte france com Si votre adresse e mail est correcte cliquez sur OK sinon sur CANCEL et corrigez l dans le formulaire 5I votre adresse e mail est incorrecte vous ne pourrez pas utiliser votre Identification num rique Annuler Click on OK Generation of the key pair Finally the RSA key pair is generated by Mozilla Firefox and the following message is displayed G n ration d une cl priv e G n ration de la cl en cours Cette op ration peut prendre plusieurs minutes Veuillez patientez Installation of the certificate You
35. sunm sur chec seulement Protection contre la copie distribution Prior ite de Normale V rification orthographique distribution Mepasm avertir en cas d absence du des destinataires Ne pas tendre les groupes personnels Signer Normale M Chiffrer Enregistrer ces options de s curit par d faut The rest of the message sending procedure is exactly the same as normal with Notes taking care of signing and encrypting the message transparently Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 120 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual F APPENDICES Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 121 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 15 PKI Secured environments This appendix describes the secured environment in which the PKI system is implemented It specifically addresses e the concepts of the secured environment and the correspon
36. 066 Page 29 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Certrhcsts ER EX Certificat D tails Chemin d acc s de certification Champ Valeur elcle publique RSA 1024 Bits Contraintes de base Type d objet Autorit de certi lg Utilisation de la cle Signature du certificat Signat l Netscape Cert Type Autorit de certification SSL A li Autre nom de l abjet Adresse d annuaire CN Priva Algorithme d empreinte num shal 1 E Empreinte num rique a2 Ja 4fal 77 142897 fa30 Le mide pr vu lt Tout gt Autres personnes Autorit s mterm cisres Autornt s prices de confance deeurs Curl d Tiiri par Dade dex Hom onmia cal NOLLAMILITY ACE NO Li ABILITY ALLEP ia 08 0 1 2004 WErISgn Time BL apt rb pe Le me P pres utori Fd tonte me in la CalSecure Server Certi Secure Server Certif 08 01 2010 Lal hante Premium Se Thawte Premium Serv li 2021 Pawie aa haate Server GA Thewie Server Ci DL 727071 Pawie cal Thawte Timestamp Thawte Tirestemgeng OLUNASI Thawte Timssta ca etagi Commerce VerignConmendals 3i 12 1955 Vets za emia Commedia Verion Commecs fs 8 01 20 VeriSign az Ya df al 7 14 2c 87 fa 30 2d b 8f 2c Oe 37 37 cY ae 37 En gaugir giu sur es certiticatr Modifier les propri t s Copier dans un fichier Click on the Display butto
37. 12 or pfx extension that contains the certificate to be imported as well as its private key and the RTE CA root key Gir sp cifiez le fichier contenant les certificats Internet n n lh Regarder dans d Certificats 7 3 E Er Nom Date de m Type Taille ss RTE client rteigservices rte france com Mom du fichier Types de fichiers Fichiers PKCS12 p 12 pfx Annuler Aide O EEE Click on Open and in the window below select the PKCS12 encoding Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 109 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Quel est le format de votre certificat dans le fichier C Codage binaire X 509 C Codage base 64 X 509 Codage PKCS 12 C Codage PKCS 7 Voulez vous accepter les certificats suivants dans votre ID Tous les certificats Intemet Type D livr s D livr par RTE Autarite de Certification RTE Autarite de Certification ET Le RES y pe rrnme4mnmrooe Wy E zu ILE Ir F Lil di El ment s lectionn D livr test rte client services rtedrance com E mail test te client 1 services rte D livr par RTE Autorite de Certification Email
38. 6 Page 113 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual S curit utilisateur SLI Certificats dans votre fichier ID S curit generale Sia ET MEN i d Les certificats foumissent une m thode s curis e didentification dans Notes et d autres programmes Votre ID G Votre identit peut contenir des certificats destin s s curiser les communications Motes ainsi que des certificats destin s Intemet i Mot noe Vos certificats Intemet Peut tre utilis pour changer des messages s curis s avec des utilisateurs Vos certificats ext rieurs Notes pour acc der des pages Web s curis es partir du navigateur Mates ou pour s curiser les connexions aux services Intemet a Votre carte puces l aide de SSL FE x Identit des autres Fe EE ES Type D livr D livr par apse Obtenir certificats M a Activit des autres testste client amp services rtedrance com ATE Autonte de Certification E test te client 1 services rtedrance com ATE Autonte de Certification 4E Donn es Notes pem Messagerie Autres actions El ment s lectionne Delivre a test te client 1 services rtedrance com E mail test4te client amp services ter D livr par RTE Autonte de Certification E mail Active 12 09 2007 Type Multifonction Intemet Expire 11 09 2009 Empreinte B
39. 804 6FAS6 5B53 Identificateur de cl SHA 770E 4076 AEE3 0808 DCB3 AF7F 71CB 613D F775 E46E Numero de s rie FSF 03B2 B43F 8902 1CSE 8427 098F D020 T EMAlL test te client 1 amp services rtedrance com CN Client RTET TEST 3 OU 150 6523 O00 0000 4 k Click on Close to return to the preceding window EE xm bel pee 0 mo ade importe A EA E les ce certificats Internet Voulez vous accepter les certificals suivants dans votre ID Tous les certificats Intemet D livr par RTE Autorite de Certification ATE Autonte de Certification am a i a n aS TS H ment s lectionn D livr test te client services rte france com E mail testste client 1 amp services rte D livr par RTE Autorite de Certification E mail Activ 12 09 2007 Type Multifonction Intemet Expire 11 03 2003 Empreinte B FC 013A CD D68C A103 ECSB EODA 1 D4 Details avanc s l existe une cl priv e comespondant ce certificat Tout Annuler To see the contents of the root certificate you must first select it Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2l OEM ST 08 00066 Page 111 128 Version 2 Access to the IT system with digital certificates under Microso
40. CN21 OEM ST 08 00066 Access to the IT system with digital certificates T under Microsoft Windows Vista PKI user manual 15 1 3 4 Certificate examples General D tails Chemin d acc s de certification Informations sur le certificat Ce certificat est destin aarantik l identit d un ordinateur distant a eGarantit votre identit aupr s d un ordinateur distant Assure que le logiciel provenait d un diteur de logiciels Protege le logiciel contre toute modification apr s sa publication Frot ge le courrier lectronique Permet aux donn es d tre sign es avec l heure en cours eVous permet de signer num riquement une liste de certificats de D livr Evariste Akauegnon D livr par RTE Autorite de Certification Valide partir du 01 06 2002 jusqu au 02 08 2003 F Vous avez une cl priv e qui correspond ce certificat Declaration de l metteur D tails du certificat Client RTE 1 s RESEAU DE TRANSPORT D ELECTRICITE ID G n ral D tails Ce certificat a t v rifi pour les utilisations suivantes Certificat client SSL Certificat de signature de courrier Certificat de r ception de courrier mis pour Nom commun CN Client RTE 1 Organisation O TEST Unit d organisation OLI Soft ID Num ro de s rie 39 2D 6B 24 16 28 90 33 D3 DE B6 49 0B B0 CO 21 mis par Nom commun CN RTE Autorite de Certification Organisation
41. E Signets Web ital Windrush E Application Windrush Sessions des applications clientes f amp Windows Secure Application Manager D marrer 0 0 Finally the icon will appear in your task bar Click on the Disconnect button on the top right of the page to terminate the Session Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 72 128 RTE Version 2 Access to the IT system with digital certificates M under Microsoft Windows Vista PKI user manual RTE Bienvenue dans l espace s curis RTE Espace S curis RTE 8 6 4 Use of the SSL VPN 8 6 4 1 Establishing the connection otart your browser and enter the following URL https secure iservices rte france com This window will be displayed Requ te d identification d utilisa Ce site vous demande de vous identifier avec un certificat de s curit portail iservices rte france com Organisation RTE Emis sous VeriSign Inc Choisir un certificat pr senter comme identification GemSAFE le 801 b6ea4 f1f0 473d 9c40 285a842a7967 S le 801 b6ea4 f1f0 473d 9c40 285a842a7967 7F 9F 03 B2 B4 3F 89 D2 1 C 9E 84 27 AB 10 B2 47 i D tails du certificat s lectionn mis pour E test rte clientl servic
42. Explorer but if you downloaded it with Mozilla Firefox you must export it from that browser and import it into Internet Explorer with the corresponding private key and the RTE CA root certificate Refer to the section at the end of this document Start Outlook 2003 and open the menu option Tools Options Courrier lectronique crypt Ra Crypter le contenu des messages et des pi ces jointes pour les messages sortants Ajouter la signature num rique au message sortant Envoyer le message sign en texte dair lors de l envoi de messages sign s E Demander un accus S MIME pour tous les messages S MIME sign s Param tres par d faut Mes param tres S MIME test rte cientligse Zones de s curit Sd Les zones de s curit vous permettent de personnaliser l ex cution ou non des scripts ou du contenu actif dans des messages HTML Param tres de la zone T l chargement des images Modifier les param tres de t l chargement automatique Identifications num riques certificats E3 Les identifications num riques ou les certificats sont des documents qui vous permettent de prouver vote identit dans les transactions lectroniques Select the Security tab then click on the Parameters button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE
43. Firefox 49 8 1 Preliminary configuration 49 8 2 Installation of the RTE CA root certificate 49 8 2 1 Download and installation 49 8 2 2 Verification of the root certificate fingerprint 50 8 3 Retrieval of your personal certificate 54 8 3 1 Generation of the key pair 56 8 3 2 Installation of the certificate 56 8 89 8 X Viewing and verification of your digital certificate 57 8 4 Use of your certificate 59 8 4 1 Authentication and encryption 59 8 42 Example of accessing the RTE Customer Services Portal 59 8 5 Supplementary operations 61 8 5 1 Export of your personal certificate 61 8 5 2 Deletion of your personal certificate 67 8 6 Connection to the SSL VPN 69 8 6 1 Foreword 69 8 6 2 Prerequisites 69 8 6 8 First connection 69 8 6 4 Use ofthe SSL VPN 72 E Email clients 75 9 Use of email clients 76 9 1 Certificates and email software 76 Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 4 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 9 2 When to use the certificate 76 10 Windows Mail 78 10 1 Preliminary configuration 78 10 2 Use of the certificate 80 10 2 1 When to use the certificate 80 10 2 2 Application certificates 81 10 2 3 Message encryption and signi
44. Gestionnaire du R seau de Transport d Electricit Access to RTE s IT system with digital certificates under Microsoft Windows Vista PKI User Manual Version 2 4 11 2008 This document is the property of RTE All communication reproduction or publication even partial is prohibited without authorisation in writing from RTE NATIONAL CENTRE FOR INFORMATION ENGINEERING TOUR MARCHAND 41 RUE BERTHELOT 92411 COURBEVOIE CEDEX VERSION 200 TEL 01 78 66 50 00 FAX 01 78 66 50 64 wwvw rte france com 05 09 00 LONG RTE NT SI CN2I OEM ST 08 00066 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Page 2 128 CONTENTS A Foreword D 1 Introduction 1 1 Document subject 1 2 Context 1 3 A warning concerning security procedures 1 4 The stakeholders 1 4 1 The customer 1 4 42 The Registration Authority RA 1 43 The Certification Authority CA 1 5 The certificate management process 1 5 1 Issuance of a certificate 1 5 2 Renewal of a certificate 1 5 3 Revocation of a certificate The certificate management procedures Request for a digital certificate 2 1 Preliminary measures 2 2 Overall schematic Renewal of certificates Revocation of certificates 4 1 The revocation scenario 4 2 The revocation request Incident handling and support 5 1 Error codes returned by email 5 2 Support Workstation configuration Installation and configur
45. H Tbe ce El TETTE Algor thee de cigeahere des certificats Dan maari Fermer The 1 tab displays the message This certificate has been verified for the following uses The 2 tab displays the certification hierarchy with the RTE CA root certificate This ensures that all the certificates have been correctly installed and that all the correct usage conditions for your certificate have been satisfied 8 4 Use of your certificate 8 4 4 Authentication and encryption Steps to follow e Start Mozilla Firefox e Enter the URL for the RTE application or for the RTE Customer Services Portal this URL starts with https e During authentication the browser will ask you to choose the certificate before attempting to authenticate you and then prompt for the certificate store security password e f several certificates are offered to you you should choose the one that was supplied to you for the application which you are currently attempting to access the contents of the selected certificate from the dropdown list is displayed beneath the list e Now all the data that you send and receive will be encrypted 8 4 2 Example of accessing the RTE Customer Services Portal Whenever you access the welcome page with https as the prefix you will be requested to select your certificate Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited witho
46. ID 48 E Votre identit peut contenir des certificats destin s s curiser les communications Motes ainsi que des certificats destin s pa Intemet i Vos el I Vos certificats Intieme Peut tre utilis pour changer des messages s curis s avec des utilisateurs Vos certificats ext rieurs Notes pour acc der des pages Web s curis es partir du navigateur Notes ou pour s curiser les connexions aux services Intemet Votre carte puces l aide de SSL PR Identit des autres D livr par bel de UU 1 services fia franee noc FETE li e dii cabbie licen Importer fusionner certificats Notes Type D livr Obtenir certificats Y a H Activit des autres EEE E E Donn es Notes S Messagerie Demander nouveau certificat Notes non hi rarchique Importer certificats Internet dj Demander nouveau certificat Internet El ment s lectionn Importer certificat Internet partir d une carte puce D livr testte client services retrace Com Ema reserre crenr reeserviees D livr par RTE Autorite de Certification Email Activ 25 04 2007 Type Multifonction Intemet Expire 23 04 2009 Empreinte B507 1980 C390 6022 B9E 7 0313 02C0 74B7 D tails avanc s A search window will be displayed select the PKCS 12 file with either a p
47. KI user manual 15 1 3 The certificates 15 1 3 1 Objectives of the digital certificate Because the public keys are used to verify the electronic signatures and to encrypt messages it is critical for every certificate holder to be certain about the identity of the owner of a public key this is the role of the certificate 15 1 3 2 Properties of a certificate The certificate is an electronic proof of identity e which guarantees the identity of its holder e which contains data facilitating identification e which is resistant to counterfeits and is issued by a trusted third party the Certification Authority A Certification Authority is an entity which creates and manages certificates It defines the rules for registration in the PKI of the various certificate holders 15 1 3 3 Structure of a certificate A digital certificate contains e the public key of the owner e the name of the owner and other identification information the email address of the person if it is a certificate to be used to sign emails e the validity period of the certificate e the name of the certification authority which generated this certificate e aunique serial number e and the signature of the certification authority Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI
48. OFC 013A C36D D68C A103 ECBB EUDA 17D4 D tails avanc s mcm The certificate now visible in this case has indeed been imported Click on OK to finish this import NB If you have several certificates usable for signing your outbound messages you must select as a default the one which you will use for communications with RTE Before clicking on OK in the screen above select your certificate and click on the Advanced details button so that you can check the Use this certificate as the default signing certificate checkbox just as shown in the screen image below Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 114 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Vous pouvez indiquer une pr f rence d utilisation de ce certificat Les protocoles Intemet qui utilisent des certificats tiendront compte de vos preferences si possible La configuration de l utilisation de cl pour les certificats determine quelles pre M Utiliser ce certificat en tant que certificat signataire par d faut Informations sur le certificat s lectionnez un attribut pour lequel vous souhaitez afficher des d tails ci dessous 14 Mtribut
49. PKI user manual 12 128 2 Request for a digital certificate 2 1 Preliminary measures The following steps must have been completed in advance e The company representative has made an access request the company representative must have filled out and signed the RTE IT oystem and Applications Access Request Forms and must have sent them to the RTE customer relations officer e We have registered your request upon reception of those forms we will have created your application access account s 2 2 Overall schematic Once the certificate request has been registered and validated by our services within 5 working days a message will be sent to the company manager to acknowledge receipt of the forms and asking him to call us to fix a phone meeting with the certificate holder for the day of the certificate installation Then a message will be sent to the certificate holder after this call reminding him of the scheduled meeting and giving him the address of the download web site and the retrieval code which will allow him to download his certificate from his own workstation Representant RTE de la soci t Envoi de la demande de certificat l I _ l 5j ouvr s I Mail de confirmation de r ception l I l l l Appel pour fixer la date de rendez vous l 1j ouvr Mail de confirmation du rendez vous i Appel pour retrait du certificat I Porteur The certificate holder must then connect to the digital ce
50. Yes xi iS Acceptez vous le certificat du site Web secure iservices rte france com en vue d un change d informations crypt es Authenticit de l diteur v rifi e par VeriSign Inc A Le certificat de s curit a t mis par une soci t qui n est pas digne de confiance amp Le certificat de s curit n a pas expir et est encore valide Attention secure iservices rte france com atteste que ce contenu est s r Vous ne devriez accepter ce contenu que si vous estimez que secure iservices rte france com est digne de confiance Plus de d tails If your Internet access is protected by a proxy a window will appear asking you for your connection identification credentials Enter them and validate D 0 Finally the 4t icon will appear in your task bar Notes e he certificate is only used to establish the SSL VPN connection e To close the SSL VPN session click on the Disconnect button on the top right of the page 8 6 4 2 Using SSL VPN to access hosted email folders SSL VPN can be used to access email folders hosted in FrontOffice with the use of a standard email client Access to the hosted email folders requires that the SSL VPN connection has been established see S8 6 4 1 The configuration of the email account in your email client software is made in the normal fashion with the following parameters e Email server type POP server e POP server address pop services rte france com
51. aim to be e confidentiality prevents non recipients from reading the data e integrity ensures that the data have not been altered in transit e non repudiation makes it impossible for either party to deny that the information has been transmitted 15 1 1 3 The cryptographic solution Because of the inherent nature of the technology used i e public protocols architectures etc information circulating on the Internet is not Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual confidential Neither do the technologies currently employed respond to the other three security requirements mentioned above In order to maintain the confidentiality of communications made over the Internet the data must be rendered incomprehensible to anyone except the intended recipients Encryption is a solution that meets these demands The encryption of the data is naturally accompanied by the authentication of the system users In reality if certain data are confidential it is necessary that the senders and receivers of that data can authenticate each other in a certain and unambiguous manner in order to proceed with secured communications Auth
52. ant repr senter L importation s est termin e correctement RTE Autorite de Certification Windows ne peut pas valider que le certificat vient r ellernent de RTE Autorite de Certification Vous devriez confirmer son origine en contactant RTE Autorite de Certification Le num ro suivant va vous OK aider effectuer cette tache j Aper u shal AZ9AAFA1 77142087 FA302DBO 8F2C0237 37C7 AE37 Avertissement Click on OK Si vous Installez ce certificat racine Windows va automatiquement approuver tout certificat mis par cette autorit de certification L installation d un certificat avec un aper u non confirm est un risque de s curit Si vous cliquez sur Qui vous reconnaissez ce risque Voulez vous installer cette certification Click on Yes verification of the RTE CA certificate will be discussed in the next chapter 7 3 2 Contents of the RTE CA certificate The root certificate that you have just downloaded is stored in the certificate store appropriate to the browser used For example it can be viewed in Internet Explorer with The menu option Tools gt Internet options Contents tab Certificates button Trusted root authorities tab Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00
53. ates tab The certificate is a digital certificate once installed it will be described as Personal security You can view it by selecting it and clicking on View Dn du certi eas are Ta ED etal ES SCL Lie TES CES 2c 32be 603 x un a EE V a a om men ce e de 2 ee ee e ee ee mo era Dias Imprcdtle de v vifies ce certificat pour ure raison Wicosmis mis pour Hem comin YO Hi Chent FTE TEST Desanisatien 0 TEST rote d oraren EA tait Ki Ham ra de pie TFGFAXBZESGEERDOICSES ER Emin par Hem commun CHI ATE Autore de Certticsmon De ganiriatien Un RESEAU DE TEEHSEORT D ELECTEICTEE Unite d argannatizn COLS z Pim fart pas partie du cartfirat WValsdit Ema le DST Esim be Di 2o 2068 Emge eibes miea Empremimzum amp snqus E EDItCdI BESE CERES 1523 72 33581 a 84 E321 TE mprenie zum nque ADS FA DO Ix RTE Se AES FEM 2 COD F4 EIE Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 59 128 R TE Version 2 Access to the IT system with digital certificates M under Microsoft Windows Vista PKI user manual D s du ceeriFcat ete TES ce eres al Diisi Hisrarr his des rerh EC Partanes de L ernhicaion Chern ATEL TEST Champ du certificat Joss ic TES COTON Cle ee DB ODA c
54. ation even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 43 128 RTE T Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Enter a name for the key pair element to Click on the OK button protect and a password then click on the Finish button Assistant Importation de certihicat L importation s est termin e correctement Click on the OK button Your certificate your private key and the root certificate of the RTE CA have been imported into Internet Explorer 4 Cectfiratz fa nll a emo KM Certificat am Rie privat TD T G n ral D tails Chemn d acc s de certificabon Peso Autres personnes Auiorii sriermechenes Autorit s prinzpales de cacfinc uberi d CET dn Dait des h ncermevud B Informations sur le certificat Cal Chart ETEiTEST ATE Aube de CEDE 31 09 9 es eng Ce certificat est concu pour les r les suivants Toutes les strat gies d application aan D livr Chent XTEl1 TEST D tais de cer tAicat D livr par ATE Autorite de Certification En savoir plus sur bes chics j Z Valide partir du 12 05 2077 jusqu au 11 05 2005 h 7 Vous avez une d priv e qui correspond ce certificat The image on the right shows that the private ji are n es fete key is indeed present
55. ation of the workstation 6 1 Network configuration 6 1 1 Overall configuration 6 1 2 Particularities of VPN access 6 2 Software configuration Web browsers Internet Explorer 7 1 Preliminary configuration 7 2 Adding trusted sites Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE dq OO WOON NN OO 11 12 12 12 13 14 14 14 15 15 16 17 18 18 18 18 19 20 21 21 23 NT SI CN2I OEM ST 08 00066 Page 3 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 7 3 Installation of the RTE CA root certificate 25 7 3 1 Download and installation 25 7 3 2 Contents of the RTE CA certificate 28 7 4 Retrieval of your personal certificate 29 7 4 1 Generation of the key pair 31 7 4 2 Contents and verification of your digital certificate 33 7 5 Use of your certificate 35 7 5 1 Authentication and encryption 35 7 5 2 Example of accessing the RTE Customer Services Portal 36 7 6 Supplementary operations 37 7 6 1 Export of your personal certificate 37 7 6 2 Import of your personal certificate 40 7 6 3 Deletion of your personal certificate 43 7 7 Connection to the SSL VPN 45 7 7 1 Foreword 45 7 7 2 Prerequisites 45 7 7 3 First connection 45 7 7 4 Use ofthe SSL VPN 47 8 Mozilla
56. by sending you a signed message this is the way that you obtain a copy of their certificates To do this when you receive a signed message use the Add the address to the address book function to save its certificate as you read it and you can then use it later to send the application encrypted messages The decryption of a message is done in an automatic manner when you already have the email sender s certificate and if you open that message with a message client that supports S MIME format secured messages which Mozilla Mail does IMPORTANT NOTE The encryption of a message is dependent on the possession of a valid certificate corresponding to the recipient s email address 13 2 2 Application certificates The installation of an application certificate is done automatically when the first email signed and encrypted sent by that application is read Nevertheless you Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 97 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual can add the application s email address to your address book by clicking on Add this address to the address book iS Courrier entrant Thunderbird Fichier dition Affichage Aller
57. can not be decrypted in a reasonable period of time by a person who does not have the private key The private key enables its owner to sign messages that he sends out and to decrypt messages that are sent to him 15 1 2 1 Encryption and decryption of a message Each message is encrypted with the public key of its recipient who will decrypt that message with his private key When RTE sends a message to its customer A 1 RTE knows the public key of customer A from his certificate Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 122 128 RTE NT SI CN2l OEM ST 08 00066 Page 123 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 2 RTE automatically encrypts the message using customer A s public key and sends it to him using RTE s electronic email services 3 Customer A receives the message and automatically decrypts it with his private key RTE RTE chiffre le message avec Le Client d chiffre le la cl publique du Client message avec sa cl priv e Client Courbes de aXNzZS5jb Courbes de Charge 20wgZ8wDQ Charge Donn es YJKoZIhvc Donn es 1 5 2 1 5 NAQEBBOAD 1 5 2 1 5 3 5 4 5 3 gYOAMIGJA 3 5 4 5 3 T Certificat du C
58. certificat SATE Autarde de Certification gun nl To make sure that you 0 0 have downloaded the G n sal D tails genuine RTE AC root Impossitile de verifier ce certificat pour ome raison inconnue ve Emi i certificate carefully check ATERA CHI ATE Autore de Certifscation Organisation 1 RESEAU DE TRANSPORT D ELEC TRICITE that the SHA1 Or M D5 ien forgeries teen ORT Me fint pas partie du ceri cat digital fingerprint Iunio die se 155 23 00 00 54 5 EC T4981 24 27 Cec C Z1 EB mis par displayed In the dialogue Mom cormmun CN RTE Acrpris de Certfscation Ceganission C RESEAU DE TRANSPORT D ELEC TRICITE box shown IS identical to Unit derginin CA x Me fast pas partie du ceria that shown opposite Value Emis le 2 05 2040 7 Expire le 05 232 Emgreint es nume riigeaes Emgreste num rique SHAI AS RAT TA RT FAO 2 CR BBF CUT 05 ABT Empreinte num rique MIDS 33 124 FEA ITAR 2 A1 AO EE 8B A Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 52 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual The root certificate digital fingerprints for RTE CA are listed here SHA1 A2 9A 4F A1 77 14 2C 87 FA 30 2D B0 8F 2C 02 37 37 Cy eAwR ee ol
59. compl mentaires Empreinte DECO 6E5D 950B 7E95 76C9 SC3D BBSD 7091 Date d expiration 23 02 2018 14 41 08 Annuler To do so you must click on the Reciprocal certification button Then while you are reading the signed message that you received you should select the Add sender to the address book function which will add your contact and his certificate into your address book Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 116 128 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Test MCO FO IBM Lotus Notes Fichier Edition Vue Cr ation Actions O ue C3 QB Ajouter destinataires gt HAE 10 v ao ORQ Archiver Ne Envoyer m mo au gestionnaire de la base Mettre niveau la conception de dossier A gr Synchroniser le carnet d adresses E pre Modifier R pondre 3 R pondre tous O M Faire suivre gt RE ww S ppr nes fel Suivi Ne pas tenir comp Dossier r Copier dans gt ol Discussion eu Afficher gt eg Outils gt Pr f rences Informations de distribution iw Ajouter exp diteur au carnet d adresses ie Bloquer le courrier de l exp diteur Cr er regle rapide Absence Cr er m mo
60. ction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 9 128 NT SI CN2I OEM ST 08 00066 Page 10 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 1 5 3 Revocation of a certificate For scenarios involving a change of the certificate holder loss or a compromised certificate the company manager directly contacts the RTE Hotline to request the revocation of that certificate The customer will be notified of the revocation of that certificate The revocation request may originate from RTE itself in the event of fraud Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 11 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual B THE CERTIFICATE MANAGEMENT PROCEDURES Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista
61. ctricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 78 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 10 Windows Mail 10 1 Preliminary configuration To associate your certificate with your email account under Windows Mail your certificate must be installed under Internet Explorer This is automatically the case if you have downloaded it in Internet Explorer but if you downloaded it with Mozilla Firefox you must export it from that browser and import it into Internet Explorer with the corresponding private key and the RTE CA root certificate Refer to the section at the end of this document Windows Mail automatically associates an account with the certificate carrying the same email address in order to sign messages To configure Windows Mail start the Tools gt Accounts menu option and select the Email tab Comptes Internet Configurer de nouveaux comptes de messagene cu abonnements des groupes de discussion en clequant sur Ajouter Pour effectuer des modifications exporter ou supprimer un compte ou un abonnement s lectionnez le d abord Courries JE popsenacesrte france cem par d faut News E Communaut s Microsoft par defaut Service d annusire Exporter Definer l ordre Ferrer Select your RTE communications account and click on Properties Copyright RTE This do
62. cument is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 79 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Propri t s de poprisracen rie Trance ccem G n ral Serveur Conneson outs Avance Certificat de signature S lectionnar le zertihcat de signature zi deisec Hart d termine identiicateur rsam rique s lore de la cignature des messages en utilzant ce compte Certificat Client ETE TEST L bectionner Pr f rences de chiflrement Sections be cerfican ek Fabseeit hr de chilTeement Hs cont infor dans vos messages sign s num ngquement de fa on ce que d autres personnes puissent vous eveye des courrier chiffres selon ces parsmetnes Certificat Client RTEL TEST Selectinnner Algonthme spes Then click on the Security tab and use the two Select buttons to select your certificate for signing and encryption Select the 3DES algorithm Then click on OK Still from within Windows Mail start the Tools gt Options menu j a I QN Hg ram w ha 4 Optom a Tu Basti Canramon fanc Protector antnerus S lecbeonnez ls zone de z amp cur amp Interret Explorer amp ublizer fone Internat mcer sicurm e mais
63. d apres un modele Regles de messagerie Sign par RTE DIAPASON diapason services rte france com le 25 02 2008 13 33 31 en fonction de RTE test client 1 RTE test client 4 The following window will then be displayed amp men Titre EAucun Pr nom Deuxi me MCO pr nom Nom Open the Advanced tab Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 RTE Version 2 if inclure les certificats X 509 rencontr s Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 3 d ur au carnet d adresses HE Ajouter exp dite P Mau uo n P Systeme de messagerie Adresse lectronique de routage diapason services te france com Page Just confirm that the Include X 509 certificates found checkbox is checked and click on OK From here on you can encrypt any message sent to this contact 14 4 Signature and encryption of messages sent When you compose a message you can sign and encrypt it if you have your own signature certificate refer to the Importing the certificate section above and that of your correspondent To do this whenever you create a new memo yo
64. d outils Options Internet Internet Mode prot g activ Options Internet Tax In the window that opens click on the E Confidentialit Contenu nexions Programmes Avanc s Security tab Se ect th e Cliquez sur une zone pour afficher ou modifier aram tres de s curit Trusted sites a S icon then click on the Sites button Internet Intranet local ETC 1 4 Sites sensibles Cette zone contient les sites Web auxquels vous faites confiance Niveau de s curit pour cette zone Niveaux autoris s pour cette zone Tous Moyenne Messages avant le t l chargement de contenu ventuellement non I s curis Les contr les ActiveX non sign s ne seront pas t l charg s Activer le mode prot g red marrage d Internet Explorer requis R tablir toutes les zones au niveau par d faut Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Page Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual The following window opens Sites de confiance Lx Vous pouvez ajouter ou supprimer des sites Web dans cette zone Tous les sites Web pr sents dans cette zone utiliseront les param tres de s curit
65. ding computing objects managed by the PKI e the role of the different entities taking part in the PKI operational processes 15 1 Concepts and objects generated by a PKI This appendix presents the principal concepts needed to understand the role of the objects generated by a PKI e apresentation of the structural principles of a secured process e the role of the key pair e and the certificates 15 1 1 What is a secured process 15 1 1 1 Definition of a PKI With a PKI Public Key Infrastructure or IGC in French for Infrastructure de Gestion de Cl s every certificate holder has a pair of keys a private key known only to its sole owner and a public key inter connected with a complex mathematical relationship which makes it almost impossible to determine the private key with only the public key This means that the probability of determining the private key based on the public key in a reasonable period of time is very low Data encrypted with one key typically the public key can only be decrypted using the other one typically the private key This is the basis which forms the core operation that ensures the confidentiality of the exchanged messages 15 1 1 2 The four pillars of information communication security This electronic identity card is designed to establish a trust environment based on the four following fundamental pillars e authentication confirms that the participant parties are indeed who they cl
66. e de navigation L iagmostiguer reg ETCOCIEMES ge co Blogueur de fen tres publicitaires intempestives d Filtre anti hameconnage G rer les modules compl mentaires v Travailler hors connemon Windows Update Plein cran Fil v Barre de menus Barres d outils L ptiens Internet Select the Advanced tab Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 21 128 NT SI CN2I OEM ST 08 00066 Page 22 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual E Filtre anti hameconnage 7 Activer la v rification automatique de sites Web D sactiver la v rification automatique de sites Web D sactiver le filtre anti hameconnage Ne pas enregistrer les pages chiffr es sur le disque M Signaler les incoh rences d adresses de certificats NW SSL 2 0 NW SSL 3 0 R TLS 1 0 V rifier la r vocation des certificats de l diteur verifier la r vocation du certificat de serveur V rifier les signatures des programmes t l charg s Vider le dossier Fichiers Internet temporaires lorsque le navigateur est ferr ER Ti Ne prend effet qu apr s le red marrage d Internet Explorer R tablir les param tres avanc s Supprime les fichiers temporaires d
67. e passe de sauvegarde du certificat que vous venez de d finir prot ge le fichier de sauvegarde que vous allez cr er Vous devez donner le mot de passe pour commencer cette sauvegarde Mot de passe de sauvegarde du certificat Mot de passe de sauvegarde du certificat encore meriiri Important si vous avez oubli votre mot de passe de s curit vous ne pourrez plus importer cette sauvegarde plus tard Veuillez le conserver en un lieu s r Mesure de la qualit du mot de passe Enter a password to restrict access to the PKCS 12 p12 file then click on OK Sauvegarde des certificats et cl s priv es r ussie Your certificate your private key and the CA root certificate are exported to the generated file with the p12 extension IMPORTANT Once downloaded your certificate with its key pair and root certificate must be saved on a removable medium e g a diskette that you must store securely to prevent unauthorised access Refer to the certificate export procedure Import of your personal certificate With Mozilla Firefox import of a complete PKCS 12 file with the root certificate In the Tools gt Options menu select the Advanced section and the Security tab v 1 5 and higher Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE
68. eau dossie Date de m Type Taille Iavoris Emplacements r ce Bureau rdinateur Documents Images Musique Modifi r cemment Recherches Public D F 3 i te Dossiers A Nom du fichier RTE client te sernices rtefrance com Fichiers PKCS12 Mot de passe requis Veuillez saisir le mot de passe principal de S curit personnelle inn Click on OK Fen tre d entr e du mot de passe Veuillez entrer le mot de passe portable de s curit prot geant ce certificat de s curit et la cl priv e Mot de passe bac Enter the password restricting access to the PKCS 12 file then click on OK Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 65 128 RTE NT SI CN2I OEM ST 08 00066 Version 2 Page 66 128 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Your certificate is now in the Mozilla Firefox certificate store Gestionnaire de certificats ee p Vos certificats Autres personnes Sites Web Vous poss dez des certificats de ces organisations qui vous identifient Mom du certificat P riph rique de s curit Sujets Num ro de s rie Expirele R E RESEAU DE TRA Los it RTET Check that it s the right one by clicki
69. entication relies on the possession of a certificate This certificate is delivered by a Certification Authority to which the participating parties of a transaction both assign confidence in our case the Certification Authority is the RTE In addition certificate holders can trust the information supplied to them and RTE knows that only the assigned certificate holders have access to the information NOTE Following an analogy in normal life it is necessary to supply an identity document provided by an approved authority in order to have access to certain privileges reserved for citizens of a country e g very expensive purchases exercising voting rights etc 15 1 2 The role of the key pair Each certificate holder has a public key as well as a corresponding private key e he private key is the key that the certificate holder must keep confidential He is the only person to have that key and be able to use it He may not necessarily know it himself for example it might be stored on a card with a computer chip from which it can be extracted but access to the card is protected with a PIN code known only by its owner e The public key as its name indicates is public and may be communicated to everyone The public keys of certificate holders are only used to encrypt messages intended for the certificate s holder If an encrypted message is intercepted there are no significant impacts to confidentiality because the message
70. entity of its owner in electronic transactions and contains all the information required to permit such identification surname first name possibly company address etc A digital certificate consists of a public key and personal information about the holder all signed by a Certification Authority Confidentiality A property of data or information which are neither actively nor passively available nor disclosed to unauthorised persons Cryptography The practice study and techniques of transforming data with the aim of hiding its semantic content establishing its authenticity preventing its unobserved modification warning of its repudiation and preventing its unauthorised use Private Key A secret digital value assigned to one person allowing that person to either successfully decipher messages encrypted with the corresponding public key or to affix an authenticating signature to the foot of messages sent Public key A digital value assigned to one person but distributed to others so that these others are able to either securely send the person encrypted data or to verify that person s signature Encryption Decryption The transformation of data through cryptographic techniques to make that data unintelligible in order to ensure its confidentiality The inverse transformation of encrypted data Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohib
71. er manual The retrieval code is the code supplied in the 2 email that you received from us which allows you to authenticate yourself To make things easier you can do simple copy paste commands to enter the data You must likewise enter your Authentifiant Utilisateur PKI PKI User Credentials just as they were supplied in the RTE IT system access technical specifications they will serve to authenticate you with the RTE Hotline any time that you contact them Lastly click on Submit to send your request for the digital certificate A dialogue box will ask you to confirm your email address Windows Internet Explorer Confirmez votre adresse e mail client rte 2 cervices rte Trance com 5i votre adresse e mail est correcte cliquez sur OK sinon sur CANCEL et comgez l dans le formulaire St votre adresse e mail est incorrecte vous ne pourrez pas utiliser votre Identification num rique me Click on the OK button or Cancel to return to the form data entry screen 7 4 1 Generation of the key pair The dialogue box shown below will then be displayed indicating that an RSA key pair has been created by Internet Explorer on your workstation Importation d une nouvelle cl d change priv e Une application cr e actuellement un l ment prot g Cl priv e Crypto AFI Niveau de s curit d fini Definir le niveau de s curit Moyen Click on the Define the security level button
72. er saisir le mot de passe principal de S cunt personnelle Mot de passe rer um re Click on OK Note if this password already exists a field entry form will appear Your certificate is now in the Mozilla Thunderbird certificate store Ves certificats Autres personnes Vous poss dez des certificats de ces organisations qui vous identifient Nom du certificat P npherique de s curit Sujets Numero de s ne Expire le RESEAU DE TRAN neme Check that it s the right one by clicking on the View button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Oitas du certificat 3ce3aTaS BO cac a LEEA L427 4000 09 08dC 001c 83be 45 CE Lr certificat a t v rit peau e sauter uisa PA arificul da vigne du cover Leriiscat de ECS de cese rris pur Ham cpemurein C Hi Drganiesnioan 1 Unie d argaagatien CAL More de s rie Eris past Ham comin Chi Degarezstion D U reti d argan FCRI Lille Erres le Egit be Ckerz E E3 TT nts wA Kl FARE EL ERE LC ER TI DESRE DUOC NI FTE Egtorte de Ceci R SEAU DE TRANSPORT D ELECTRICITE che Fit pue partis de ceni
73. erator RTE RTE NT SI CN2l OEM ST 08 00066 Page 100 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Vous poss dez des certificats de ces organisations qui vous identifient Mom du certificat P nph rique de s cunt Sujets Num ro de s rie Expire le eC Exporter Zoutesponter importer Suppimer Click on the Import button Select the PKCS 12 file with a p12 or pfx extension Rechercher Date de m Type Taille Emplacements r ce 2 RTE_client rte senices te france com Bureau Ordinateur Documents Images Musique Modifi r cemment Recherches Public Dossiers P Nom du fichier ATE_cientte sevicesttefrance com Enter the protection password Enter the password restricting for the certificate store access to the PKCS 12 p12 file then click on OK Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 101 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Mot de passe requis Fen amp tre d entr e du mot de passe Veuillez entrer le mot de passe portable de s curit prot geant ce certificat de s curit et la cl priv e 2 Weil
74. ertificat Ce certficat ces importe sores QUE VOLE sure QUE aur Windows peut s lectionner automatiquement un magasin de certificats ou vous Terrier pouvez sp cifier l emplacement du certificat a um Veni A du le Ju rr ir ar Maga e ceri icabs sector Cl aulumalisu Placer tous les certificats dans le magasin suivant Conia Car tifa S lectionner automatiquement le magasin de certificats selon le type de certificat Magasin de certificats Autorit s de certification racines de confiance Parcourir En savoir plus sur les magasins de certificats Check the box labelled Put all the certificates Click on Finish and the following window in the following store and click on Browse then displays the contents of the root In the window which opens select Trusted certificate to be imported root certification authorities and click on OK Click on Next Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 28 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Avertissement de s curit x Assistant Importation de certificat Vous tes sur le point d installer un certificat partir d une autorit de A certification CA demand
75. ertificat de s curit portail iservices rte france com Organisation RTE Emis sous VeriSign Inc Choisir un certificat pr senter comme identification GemSAFE le 801 b6ea4 f1f0 473d 9c40 2853842a7967 S le 801b6ea4 f1f0 473d 9c40 285a842a7967 7F 9F 03 B2 B4 3F 89 D2 1 C 9E 84 27 AB D tails du certificat s lectionn mis pour E test rte clientl services rte france com CN Client RTEL TEST OUZ ISO 6523 0000 0000 OU Soft ID OZ RTE CZ FR Num ro de s rie 7F 9F 03 B2 B4 3F 89 D2 1 C 9E 84 27 AB 10 B2 47 Valide de 02 06 2008 16 37 48 pour 02 06 2010 16 37 48 Sujets Client Signature Chiffrement Emis par CN RTE Autorite de Certification OZ RESEAU DE TRANSPORT D ELECTRICITE Stock dans GemSAFE Select your certificate from the dropdown list labelled Choose a certificate to present as identification and click on OK If necessary this window will ask you for the password to the Mozilla Firefox certificate store Mot de passe requis Then the following page will be displayed Page d accueil D connexion Bienvenue dans l espace s curis RTE Acc s Messagerie Espace s curis RTE Windrush e Application Windrush Sessions des applications clientes i Windows Secure Application Manager Click on the Start button to commence the installation Copyright RTE This document is the property of RTE All communication reproduction or publication e
76. es Use SLL 3 0 and Use TLS 1 0 Options lim an LL Ss G n ral Onglets Contenu Flux Viepriv e S curit Avanc G n ral R seau Mises jour Chiffrement Protocoles v Utiliser SSL 3 0 E V Utiliser TLS 1 0 4 r Certificats Lorsqu un site Web n cessite un certificat En s lectionner un automatiquement Afficher les certificats 8 2 Installation of the RTE CA root certificate 8 2 1 Download and installation The RTE root certificate must now be installed in your browser so that RTE is known as the trusted Certification Authority To do this please navigate to the RTE customer site at the following address http rte certplus com default htm Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 R TE Version 2 Page 50 128 Access to the IT system with digital certificates under Microsoft Windows Vista le D buter avec Firefox GA le une PKI user manual Qu a lt dt uH hitp rte ceripluc com default ten detiene dio P ssau de Trainee d Fiastritini Certificats lo i iciels Retrait de certificat Retrait par CSR Test de certificat R vocation de certificat Recherche utorit de Certification Cartes et tokens USB Acquittement de su
77. es rte france com CN Client RTE1 TEST OUZ ISO 6523 0000 0000 OU Soft ID OZ RTE CZ FR Num ro de s rie 7F 9F 03 B2 B4 3F 89 D2 1 C 9E 84 27 4B 10 B2 47 Valide de 02 06 2008 16 37 48 pour 02 06 2010 16 37 48 Sujets Client Signature Chiffrement Emis par CN RTE Autorite de Certification O RESEAU DE TRANSPORT D ELECTRICITE Stock dans GemSAFE Select your certificate from the dropdown list labelled Choose a certificate to present as identification and click on OK If necessary this window will ask you for the password to the Mozilla Firefox certificate store Mot de passe requis x i 9 Veuillez saisir le mot de passe principal de S curit personnelle ET Then the following page will be displayed Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2l OEM ST 08 00066 Page 73 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual e E Page d accueil D connexion Bienvenue dans l espace s curis RTE Acces Messagerie Espace s curis RTE Signets Web Web tal Windrush B Application Windrush a Windows Secure Application Manager D marrer i Click on the Start button to start the WSAM application If this window below appears just click on
78. essage are two distinct processes you sign a message with your own certificate whereas you encrypt it with the recipient s certificate The recipient s certificate can be obtained in several ways The RTE applications send you their certificates by sending you a signed message this is the way that you obtain a copy of their certificates Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 77 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual To do this when you receive a signed message use the Add to contacts function to save its certificate as you read it and you can then use it later to send the application encrypted messages The decryption of a message is done in an automatic manner when you already have the email sender s certificate and if you open that message with a message client that supports S MIME format secured messages which Outlook 2000 does Important note The encryption of a message is dependent on the possession of a valid certificate corresponding to the recipient s email address Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Ele
79. etwork Operator RTE RTE NT SI CN2I OEM ST 08 00066 Page 37 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual FT Portad Serco Clients de ATE Winchowi fere Explorer LAN e poilianten ne francs eue partallFo CNE ECC Fichier dition AMichage Favors Oubls Ur d 9 Portal Services Clienti de RTE ee El di Page oat RTE Portail Services Clients de RTE D Salinin metur Termin B 4 neme Mode prot g actre 100 7 6 Supplementary operations 7 6 1 Export of your personal certificate Under Internet Explorer export of a certificate with the private key and the root certificate Once finished generation of a file in the PKCS 12 pfx format protected with a password Under Internet Explorer open up Tools gt Internet options and click on the Contents tab then on the Certificates button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual geil eee ee M 9 R le pr vu Personnel Autorit s interm diaires Autorit s principales de confiance D livr D livr par Date d expiration Mom convivial zglC
80. everal ways The RTE applications send you their certificates by sending you a signed message this is the way that you obtain a copy of their certificates To do this when you receive a signed message use the Add to the address book function to save its certificate as you read it and you can then use it later to send the application encrypted messages The decryption of a message is done in an automatic manner when you already have the email sender s certificate and if you open that message with a message client that supports S MIME format secured messages which Windows Mail does Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 81 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual IMPORTANT NOTE The encryption of a message is dependent on the possession of a valid certificate corresponding to the recipient s email address 10 2 2 Application certificates Upon receiving the first signed and encrypted message from an application you should install the sending application s certificate To do so you must add the application s email address to your address book by clicking on Add to the address book with the right mouse button when positioned over the sender s
81. ficst L ETAT IL 00 2908 Emgreiie numi SHAl 3i1T80di giFlidDIDISEEXEC OCBA E13 45 F 35 5B51 Ergiesil suem nque MES BIEFC LAS CREATOR EC ETRDIA TT DI RATE Autarite de Certification Clrri RTE TEST Champs du certificat Statler Vernon Himm de pirig Agente de poruriune Ses certa ats imetieur a Yakit Pos saart Par apris x n a ch publique du wat Valeur du chip E pest rpr amp e elienrilseryisesg rt amp fransce ce CH Cliesgr ETES TEST OU 180 533 0000 OO Soft Ib TEST e FR The RTE CA certificate is also in Copyright RTE This document is the property of RTE All communication the Mozilla Thunderbird store reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 102 128 RTE NT SI CN2I OEM ST 08 00066 Page 103 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Vos certificats Autres personnes Sites Web Autorit s Vous poss dez des certificats enregistr s identifiant ces autorit s de certification Nom du certificat P riph rique de s curit RESEAU DE TRANSPORT D ELECTRICITE E RSA Data Security Inc Verisign RSA Secure Server CA Builtin Object Token Secure Server OCSP Responder Builtin Object Token Voir Modifier Importer
82. ft Windows Vista PKI user manual 9 Use of email clients 9 1 Certificates and email software Depending on the email client that you use we suggest that you refer to the appropriate one of the following sections Steps to follow e install the RTE Autorit de Certification root certificate so that the email software trusts your certificates and the applications certificates refer to the installation of the RTE root certificate in the associated web browser e configure your email account assigned for communications with RTE so that the email software always encrypts and signs your messages being sent from the RTE IT system e install the application certificate s so that messages that you send to those applications are encrypted Here are the associated web browsers that you should configure if they have not already been done in order that your email client is correctly configured and operational Email client Associated web browser Windows Mail Internet Explorer Outlook 2003 Internet Explorer Outlook 2007 Internet Explorer Mozilla Thunderbird special configuration Lotus Notes configuration is specific to Lotus Notes 9 2 When to use the certificate By using your certificate you can e authenticate yourself to RTE applications e sign and encrypt emails destined for RTE applications e decrypt electronic messages that have been sent to you by RIE applications The encryption and signature of a m
83. ft Windows Vista PKI user manual met TT Uy E LS RUN SUR A T re RS rea LOT crista e gi a a T T corre e same SUM Hi ae S MET CEE ZrFETIE Tt If are Voulez vous accepter les certificats suivants dans votre ID Tous les certificats Intemet na eon oy Type D livr gt D livr par tonte de Certiticatic H ite de Certification test te client services rtedrance com RTE Autorite de Certification G ment sdlectionn De livr RTE Autonte de Certification E mail D livr par RTE Autorite de Certification Email Activ 29 05 2002 Type Organisme de certification Intemet 29 05 2012 Empreinte 5342 amp A2E A510 AB2A 2108 EE88 1367 AD31 en Een rc ee T reper eli d ML i z Tw MT E SEE eT i sr CIE 18 CERITICAT F T LJ a gu i REN r E p H m T I g f iT Tain Iz ETT zlii T L I h tr F2 a i i j i mi a CN RTE Autorite de Certification O RESEAU DE TRANSPORT D ELECTRI Empreinte MDS 5342 GAZE A510 AB2A 2109 EE88 1367 AD31 Empreinte SH T A29A 4FA1 7714 2087 FASO 2DBU 8F2C 0237 3 C7 AES Identificateur de cl SHAT 61FC 6FD9 4029 2062 05B3 6575 BC 7D CAAA A144 SF5B Num ro de s rie 7 223 0902 MAE C743 8184 2 03 aC CC 21EB CN RTE Autorite de Certification O RESEAU DE TRANSPORT D ELECTRICITE Pau Click on Close to return to the original screen Copyright RTE This document is the property of RTE All communication reproduction or publicatio
84. g Client RTE 1 Param tres des comptes Param tres serveur Copies et dossiers Pour envoyer et recevoir des messages sign s ou chiffres il est necessaire de sp cifver la fois un certificat R daction et adressage de signature num rique et un certificat de chiffrement Espace disque Signature Parametres paur les indesara z Certificat personnel pour signer num riquement les messages envoy Accus s de r ception sell pour sg 3 emer El Dossiers locaux ee Espace disque D Signer les messages num riquement Param tres pour les ind sira Serveur sortant SMTP Chiffrement Certificat personnel pour chuffrer et d chiffrer les messages envoy s i Jce3a as8DcacSdlB5b6c4o6TABa cle 40965125 D8 dO 40 S lectionner un certificat Effacer Utiliser le chiffrement pour l envoi des messages Jamais amp Toujours chiffrer les messages Certificats Afficher les certificats P riph riques de s curit Ajouter un compte ar rj amp tgil I L5 Supprimer le compte Click on Select a certificate to select see above your certificate for signing and encryption NOTE Regarding the phrase for encryption the text indicates that your certificate will be used for encrypting and decrypting messages sent even though in reality it will only be used to decrypt messages received Copyright RTE This document is the property of RTE All communication reproduction or publication
85. he IT system with digital certificates under Microsoft Windows Vista PKI user manual 10 2 3 Message encryption and signing Page 82 128 To encrypt and sign a message with Windows Mail first create a new message by clicking on Create a message or Ctrl N Nouveau message 0 Fictwer Edon Affichage insertion Format Message f rthagraphe ma Demander ume condumastion de ertur Vieeifier les norma estan et devine anes Contacts Windemws E t Calendner Windows V Chiffrer Signer num rniquement Demander un recu de s cunt Content de commendes ubles lors de lotdisetion des couren et des news Verify that the two boxes Encrypt and Sign digitally have been checked Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE E Cirl K Cine Majs c Cire Maja L CRC ON DECO m En NT SI CN2I OEM ST 08 00066 Page 83 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 11 Outlook 2003 11 1 Preliminary configuration To be able to associate your certificate with your email account under Outlook 2003 your certificate must be installed under Internet Explorer This is automatically the case if you have downloaded it in Internet
86. he IT system with digital certificates under Microsoft Windows Vista PKI user manual Click on the View the certificates button c tonti de cert ia cog Vos certificats Vous poss dez des certificats de ces organisations qui vous identifient Mom du certificat P nph rique de s amp c Sujets i RESEAU DE TRAN a ie oo Select the certificate to be deleted and click on Delete Suppression de certificats See qe c c Voulez vous vraiment supprimer ces certificats Client RTEL TEST Si vous supprimez un de vos certificats vous ne pourrez plus l utiliser pour vous identifier vous m me CE Cm Vous poss dez des certificats de ces organisations qui vous identiftent Nom du certificat P riph rique de s c Sujets Supprime r l The certificate is deleted from the certificate list Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista 14 Lotus Notes 14 1 Importing the certificate PKI user manual Page 106 128 Start Lotus Notes R7 and use the File gt Security gt User security menu option Bienvenue IBM Lotus Notes Fichier
87. hier d exportation Les certificats peuvent tre export s sous plusieurs formats de fichier biH cs pase Poor raser la Sur vous dees priate la de eee en utieeant un mel de cmm S lectionnez le format utiliser E buradcorirear ia ct ca param X 509 codage binaire DER cer Mesi pen arse 509 codage base 64 cer EM tandar ntaxe de message de chiffrement Certificats PKCS 7 p7b Liner pui rore dp muc 3e pagus jee Indure tous les certificats dans le chemin d acc s de certification si possible in dcn ich ach change d informations personnelles PKCS 12 pfx V Indure tous les certificats dans le chemin d acc s de certification si possible Supprimer la d priv e si l exportation s effectue correctement Exporter toutes les propri t s tendues Informations plus sur les formats de fichiers de certificats Select the checkbox Include all certificates in Enter a password to restrict access to the the certification access path where possible PKCS 12 file then click on Next then click on the Next button k Assistant Exportation de certicat beton Assistant Exportation de certificat Fiiss iupiri Sp cifier le nom du cr er exporter Fin de l Assistant Exportation de Mes anm termes parena Tasted Experiasan dis cet BTE chent riz services rte Irance com ph Pano oun anc E abet liri jui acd Erin aro ari ll Exeter ies ches Incure
88. his channel is established after authentication of your certificate with a dedicated site The use of SSL VPN requires the installation of a special tool which is installed during your first connection to the site This application is called Windows Secure Application Manager WSAM The SSL VPN makes it possible to access email folders hosted in RTE FrontOffice Prerequisites The site secure iservices rte france com must be declared as a trusted site see section 7 2 IMPORTANT Before making your first connection you absolutely must verify that your workstation can resolve the address secure iservices rte france com see section 6 1 2 First connection This paragraph only concerns your first connection to the SSL VPN with Internet Explorer IMPORTANT The first connection must be made by IT staff with Administrative privileges on your workstation so that the WSAM application installation can be made Start your browser and enter the following URL https secure iservices rte france com Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 45 128 RTE NT SI CN2I OEM ST 08 00066 Version 2 Page 46 128 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual This window will be displayed C
89. hoisir un certificat num ri ue Identification Lesite Web que vous voulez visiter requiert une ih identification Choisissez un certificat metteur Client RTE1 TEST RTE Autorite de Certification informations Afficher le certificat a Cm Select your certificate then click on the OK button Then the WSAM application installation will start T l chargement de l application Patientez T l chargement de 360448 sur 792001 BBABARATERE Annuler Please be patient through the entire installation procedure If your Internet access requires authentication with a proxy a window will appear asking you for your connection identification credentials Enter them and validate Once the installation has completed the following page will be displayed A E Bienvenue dans l espace s curis RTE Acces Messagerie Espace s curis RTE Signets Web v Windrush o Application Windrush Sessions des applications clientes Windows Secure Application Manager 0 0 Finally the icon will appear in your task bar Click on the Disconnect button on the top right of the page to terminate the Session Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Page 47 128 Access to the IT system wi
90. ial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Version 2 RTE Certificats R le pr vu Personnel D livr glClient RTE1 TEST LS S n ne nn m RE mm Autres personnes Autorites intermediaires Exerc d Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Autorit s principales de confiance A ral Date d expiration Nom convivial 04 08 2009 3Jce3a a380cac9 D livr par RTE Autorite de Certif Supprimer D tails de certificat Affichage En savoir plus sur les certificats Select your certificate then click on Display se G n ral D tais Chemin d acc s de certification F Informations sur le certificat Ce certificat est con u pour les roles suivants Toutes les strategies d application Delwre a Chent RTE1 TEST D livr par RTE Autorite de Certification Valide partir du 05 09 2007 jusqu au 04 00 2009 Vous avez une c onv e gui correspond ce certificat A Gere al Dimis Chemin d acc s de certification Chemin d acces de certification al ATE dutorite de Certificaton RESEAL DE TRANSPORT D ELEC TR Etat du certificat i certificat est valide En saver plus sur les chemins d acc s des cer tifizals
91. iciels Cartes et tokens USB Retrait de certificat Acquittement de support Retrait par CSR Test de certificat Test de support Revocation de certificat Revocation de support Recherche Recherche Autorite de Certification Installer le certificat racine de RTE Termin wa GP Internet Mode prot g active Ritts Click on the Retrait de certificat Retrieve the certificate button Fill out the following form p Ennegisiprenanit ulilisadrur Acre Wikre niere Explorer eS Fichier dition AMichage Favons Outils uw dE ll Eevegittrement utilisateur Microsoft El mo Page 23 Ouk M Rermplkser Tous Ies champs Mublises que lsiphabel luin sans caraderes accentues Les wvleermatione des cnamps precedes dun sont incluses dans vore cent ab seront aces cae bus Termine o y Sites de confiance Mode prot g d sactie 1DM The fields marked with an asterisk must be completed without diacritic marks i e accents cedillas or punctuation marks as they would also appear in the certificate that will be generated Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 31 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI us
92. ificate in the list to view its contents and assure yourself that you have chosen the right one Finally verify that the data is the same as that above S MIME boxes checked certificates algorithms if the Name of the security parameters field is empty enter a name like RTE Certification At last click on OK The following window will then be displayed Preferences Messagerie Format du courrier Orthographe S cunt Autre Courner electronique crypte a V Crypter le contenu des messages et des pieces jointes pour les messages sortants 4 M Ajouter la signature num rique su message sortant e Envoyer ie message sgn en texte clar bors de l ervoi de messages sign s Demander un accus S MIME pour tous les messages S MIME sign s Parametres par defaut Mes param tres S MIME test rte dientigse Zones de secunte Les zones de securite vous permettent de personnalser execution ou non des scripts ou du contenu actif dans des messages HTML Zone utes sensible Param tres de la zane Telechargement des mages Modifier les parametres de t l chargement automatique Identrficabons num riques certificats z Les identihcations numeriques ou les certificats sont des documents qui vous permettent de prouver votre kentte dans les transactions lectroniques Lame ais Copyright RTE This document is the property of RTE All communication reproduction or publication even partia
93. ion 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 4 Revocation of certificates 4 1 The revocation scenario The company manager must issue a revocation request whenever one of the following circumstances arises e change of the certificate holder e loss theft compromise or suspicion of possible probable or certain compromise of the private key associated with the holder s certificate e death or discontinuation of employment of the certificate holder e loss of the activation data or defective or lost removable media 4 2 The revocation request To revoke a certificate the company manager should call the RTE Hotline and supply the PKI User Credentials such as were provided in the forms for requesting access to the RTE IT systems Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 15 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 5 Incident handling and support In the event of a problem the company manager will contact the RTE Hotline see S5 2 who will diagnose the problem and forward it to the corresponding technical expert concerned The Hotline will later forward the solution to the co
94. ir private key e the disclosure of their private key e the modification of their certificate e and any abusive use of their certificate Every certificate holder has and recognises having complete responsibility for the protection of their private key s The private keys and their associated certificates are stored on the hard disk hence their being known as digital certificates these private digital keys can be protected by a password only known by the certificate holder The Certification Authority CA of RTE France declines all responsibility relating to litigation arising or associated with inappropriate use of these private keys Please refer to e chapter 2 of the Certification Policy of the RTE France CA which is found in the package that has been supplied to the company manager lt PACKAGES gt RTE InstallationMr Politique de Certification RTE pdf e the IT System access regulations PACKAGE S curit Charte d utilisation des certificats logiciels pdf 1 4 The stakeholders Certificate lifecycle management revolves around three entities e the customer i e your company e the Registration Authority RA e the Certification Authority CA NOTE To make things easier to understand an analogy can be made with the allocation of official identity documents a citizen requesting an identity document corresponds to the customer entity the municipality acts as the registration authority and the central I
95. ited without written authorisation from the Electricity Transport Network Operator RTE Page 127 128 RTE NT SI CN2I OEM ST 08 00066 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Integrity The assurance that the data or information have not been modified or altered in an unauthorised manner Non repudiation A property obtained with cryptographic methods to prevent a person from denying having performed a particular action on the data for example source non repudiation attestation of obligations intentions or commitments establishment of ownership Revocation Revocation is the procedure which leads to the deletion of the guarantee provided by the Certification Authority for a given certificate made upon the request of the subscriber or any other suitably authorised person The request may be the consequence of various types of events such as the compromise or destruction of the private key the modification of information contained in the certificate or non respect of the certificate s usage rules Electronic signature The electronic signature of a document consists of signing a digital summary of that document with one s private key which can then not be modified without such modification being visible As with a handwritten signature it commits the signatory to certain responsibilities Virtual private network VPN A Virtual Private Net
96. l is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Check the Encrypt the contents of messages and attached documents for outgoing messages and Add a digital signature to outgoing messages boxes and click on OK All your emails destined for RTE applications sent from the default account will now be encrypted and signed 12 2 Use of the certificate 12 2 1 12 2 2 When to use the certificate By using your certificate you can e authenticate yourself to RTE applications e sign and encrypt emails destined for RTE applications e decrypt electronic messages that have been sent to you by RTE applications The encryption and signature of a message are two distinct processes you sign a message with your own certificate whereas you encrypt it with the recipient s certificate The recipient s certificate can be obtained in several ways The RTE applications send you their certificates by sending you a signed message this is the way that you obtain a copy of their certificates To do this when you receive a signed message use the Add to contacts function to save its certificate as you read it and you can then use it later to send the application encrypted messages The decryption of a message is done in an automatic manner when you al
97. lient RTE1 TEST RTE Autorite de Certif 04 09 2009 3ce 3a 7a980cac3 Exporter Supprimer D tails de certificat En savoir plus sur les certificats amp Aspra Exportation de certificat Bi E nperisticon fa da ci pairs e Aep pos eoe chose Teuparier ct prae a le oe ia Tai Berber ous che a cop he can EFicartr dar brina i Secu a cee de r ce warm eo Tepa dur jn cernat desc cor ote Acipnbi de griko est une Made np ch en uter Lg cht tale beet ie cerca ven 2e os Eai ai coniarni car r crabcre Ging ior i Jisas prr aert ger vos donn es ou Punter des cipi Ru cnt cnrracdorm nBRERC cure Us epee c carb raiz A ree en ee cer La ce ness ETS epee ee qx a He ee ee 2i Les cei prices pont pronos per esor de pisse Four pouvoir exporner Ls re sese ares lic on Ec eau doms ember ace met de eee decns urs sez cages eerie Click on the Next button Select Yes export the private key then click on the Next button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 38 128 NT SI CN2I OEM ST 08 00066 Page 39 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Assistant Exportation de certificat disent Eqpeetation de certificat Format de fic
98. lient contenant sa cl publique Encryption and decryption with a key pair 15 1 2 2 Use of the keys for signing messages Each message is signed with the private key of the sender The source i e the signature of a message can be checked thanks to the sender s public key being openly available through his certificate To prove to customer A that the message he has received actually does come from RTE RTE automatically signs its messages with its own private key before sending them to customer A RTE RTE signe le message Le Client v rifie la signature avec sa cl priv e avec la cl publique de RTE Client Courbes de Courbes de Courbes de Charge Charge Charge Donn es Donn es Donn es ay 1 5 2 1 5 1 5 2 1 5 1 5 2 1 5 3 5 4 5 3 SktwSkI 2 3 5 4 5 3 4 Certificat de RTE contenant sa cl publique Signing and signature verification with a key pair When customer A receives the message from RTE he automatically verifies the signature on the received message with RTE s public key Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 124 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista P
99. mails destined for RTE applications sent from the default account will now be encrypted and signed 11 2 Use of the certificate 11 2 1 11 2 2 When to use the certificate By using your certificate you can authenticate yourself to RTE applications sign and encrypt emails destined for RTE applications decrypt electronic messages that have been sent to you by RTE applications The encryption and signature of a message are two distinct processes you sign a message with your own certificate whereas you encrypt it with the recipient s certificate The recipient s certificate can be obtained in several ways The RTE applications send you their certificates by sending you a signed message this is the way that you obtain a copy of their certificates To do this when you receive a signed message use the Add to contacts function to save its certificate as you read it and you can then use it later to send the application encrypted messages The decryption of a message is done in an automatic manner when you already have the email sender s certificate and if you open that message with a message client that supports S MIME format secured messages which Outlook 2003 does IMPORTANT NOTE The encryption of a message is dependent on the possession of a valid certificate corresponding to the recipient s email address Application certificates Upon receiving the first signed and encrypted message from an application you should ins
100. message Options de remise Envoyer les r ponses S lectionner des noms Enregistrer le message envoy dans l ments envoy s El Me pas envoyer avant N ant 00 00 Expire apr s N ant 00 00 Format des pi ces jointes Coone Click on the Security parameters button Propri t s de s curit Ajouter une signature num rique au message lt a Envoyer le message en dair sign Demander un accus S MIME pour ce message Parametres de s curit Param tre 3 imf E Automatique gt Modifier les param tres tiquette de s curit reci figure strat gie lt Aucun gt Configurer Liassinicacion Tarn p a rn E Marge ge Con identialite Verify that the boxes labelled Encrypt the message content and attached documents and Add a digital signature to the message have been checked by default Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 12 Outlook 2007 12 1 Preliminary configuration To be able to associate your certificate with your email account under Outlook 2007 your certificate must be installed under Internet
101. mpany manager and assist him where necessary to apply the procedures indicated to regain access to the RTE IT systems 5 1 Error codes returned by email During an exchange of electronic messages between the user and an application even if the certificate was generated and installed according to the procedures described in the rest of this document it is possible that a functionality error may occur In such events the component e g a server a router in question returns an error code by email The subjects of the error messages returned by the cryptographic router are of the form ERR nnn FR Description gt lt EN Description Subject of the original message nnn Description Possible cause The email sent by the customer has You have not checked the signing and neither been signed nor encrypted encrypting boxes in your email software when you sent the email The email sent by the customer has You did not check the signing box in your only been encrypted email software The email sent by the customer has You did not check the encrypting box in your only been signed email software The email sent by the customer has You did not check the encrypting box in your only been signed and the signature email software and the certificate that you used is incorrect used to sign the message is invalid or unknown The email sent by the customer has The signature certificate that you used is been signed and encrypted but the
102. n and then on the De i Ww En savoir plus sur les d tails du certificat Details button To make sure that you have downloaded the genuine RTE AC root certificate carefully check that the SHA1 or MD5 digital fingerprint displayed in the window shown is identical to that shown here below The root certificate digital fingerprints for RTE CA are listed here SHA1 22 9A 4F A1 77 14 2C 87 FA 30 2D B0 8F 2C 02 37 37 C7 AE 37 MD5 59 1472 5A 2BeAs1DSAD DTIAZATZITO0STEDRTDBOTISSOISAO0SSI If the hash fingerprint is not identical delete the certificate and contact our support services 7 4 Retrieval of your personal certificate The request for the digital certificate must have been completed as per the procedure laid out in chapter 2 To create your key pair and your certificate you must then connect on the RTE meeting day specified to the web site http rte certplus com default htm Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2l OEM ST 08 00066 Page 30 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual F gt Perim dex gewheurs ATE Winds ninmi Exphisers de om E Perna des porteurs RTE Spe El bow Pag Gp Outi maire s ki de Tuner d Fieenririn Certificats log
103. n even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE _ NT SI CN2I OEM ST 08 00066 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Voulez vous accepter les certificats suivants dans votre ID Tous les certificats Intemet Type D livr 57 D livr par lt RTE Autorite de Certification RTE Autonte de Certification E test te client amp services rtedrance com RTE Autorite de Certification El ment s lectionn Dalivr RTE Autonte de Certification E mail D livr par RTE Autorite de Certification E mail Activ 29 05 2002 Type Organisme de certification Intemet Expire 29 05 2012 Empreinte 5342 5A2E A510 AB2A 2109 EE88 1367 AD31 D tails avanc s Click on Accept all IBM Lotus Notes De nouveaux certificats ont t accept s dans votre ID Si vous avez install des copies de votre ID sur plusieurs machines mettez jour chacune d elle avec une nauvelle copie de votre ID Click on OK and the following window is displayed Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Tout accepter Annuler nd ta uler Page 112 128 val NT SI CN2I OEM ST 08 0006
104. n reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 54 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 8 3 Retrieval of your personal certificate The request for the digital certificate must have been completed as per the procedure laid out in chapter 2 To create your key pair and certificate you must connect to the following site http rte certplus com default htm dez port E B az Fire ox Fichwer Edition Affichege Metomque Marque pages Owik 7 qu m hiipi rte ergs com default him Certificats logiciels Cartes et tokens USB Retrait de certificat Acquittement de support Retrait par CSR Test de certificat R vocation de certificat Revocation de support Recherche Recherche utorit de Certification Installer le certificat racine de RTE Click on the Retrait de certificat Retrieve the certificate button to install your digital certificate Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 55 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI u
105. name of the message received IL Tes Mco ro E i LZ HN ee Fichier Edition Affichage Outils Message M R condre d F pencdre 3 tous W Trancf re l CE A Date lundil8 f vrier 2 sux Corte 5 FOI h m i Test RTE MCO F sessi Objet Test MCO FO Ajouter l exp diteur la liste des exp diteurs bloqu s S curit Sign num rique Ajouter l exp diteur la liste des exp diteurs approuv s Copier Ne pas tem compte UTOR ue Propri t s aj a The Summary tab The Identifiers tab Tet MCC FO 5 d pu k gt E 3 a R sum Homer dresse de messagers Donscie Travail Fame rages leraficatiss R sun Hare et adresse de messsgens oreak Trasa Fame Geremeuss Lernas Firm Tai i cr EL Mieclianmez une Adres ne de messagerie i Nassau hapasenctesibveneces tec francs com z TE ienficabeuis run ees acier l adresse de mesiagriie Sebi e Secrde A RTE DEAPASOM TEST Pretend Prgpesitin Foection Suppuame Tikechone Pr f r Se Web Tilechrane qi l itephare celular reconnu Exporter She Web Click on the OK button to validate Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE _ NT SI CN2l OEM ST 08 00066 Version 2 Access to t
106. nature de courner Certificat de r ception de courrier mis pour Hom cormemun CN Ckert ETEL TEST Organisation 0 TEST Unit d orgenisatron DU Soft ID Numero de s rie 7F3FO3 B2 EA 3F 86 2 1 C 9E B4 27 09 8 FD X mis par Nom cormemun Ch RTE Autorite de Certification Organisatian 0 RESEAU DE TRANSPORT D ELECTRICITE Unit d organisation OU x Ne fait pas partie du certificat Validete mis le 12 03 2007 Expire le 118 2008 Empreintes num riques Empeeinte nurning SHAD 31 759 033 B ES FT 1D 311 568 83 BC DC BA A518 DA FE 6 58 53 Empreinte nurn rsque MOS BCFCIDT SA C SDD6 8 C AD 3 EC SB EOHDACL 7 D4 i 13 4 Deletion of the certificate With Mozilla Thunderbird v 1 5 deletion of a certificate with the private key Open the Tools Options menu the Confidentiality section and then the Advanced tab v 1 5 and higher gt Mi m age kKedachon Afich G rer les certificats les listes de r vocation la v rification des certificats et les p riph riques de s curit Voir les certificats Listes de r vocation V rification P riph riques de s curit Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Version 2 Page 105 128 Access to t
107. ng 82 11 Outlook 2003 83 11 1 Preliminary configuration 83 11 2 Use of the certificate 85 11 2 1 When to use the certificate 85 11 2 2 Application certificates 85 11 2 8 Message encryption and signing 86 12 Outlook 2007 89 12 1 Preliminary configuration 89 12 2 Use of the certificate 91 12 2 1 When to use the certificate 91 12 2 2 Application certificates 91 12 2 3 Message encryption and signing 93 13 Mozilla Thunderbird 95 13 1 Preliminary configuration 95 13 2 Use of the certificate 96 13 2 1 When to use the certificate 96 13 2 2 Application certificates 96 13 2 8 Message encryption and signing 98 13 3 Importing the certificate 99 13 4 Deletion of the certificate 104 14 Lotus Notes 106 14 1 Importing the certificate 106 14 2 Viewing the certificate 114 14 3 Reception of a signed and encrypted message 115 14 4 Signature and encryption of messages sent 117 F Appendices 120 15 PKI Secured environments 121 15 1 Concepts and objects generated by a PKI 121 15 1 1 What is a secured process 121 15 1 2 The role of the key pair 122 15 1 3 The certificates 124 15 2 Documentation 125 16 Glossary 127 Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 5 128 Access to the IT system with digital certificates under Microsoft Windows Vista
108. ng on the View button ed a ee ADSL DE ir dene Detain Lr crerlifiral a the will fie pour li sation wivanics Curhhicak chere SEL Cartdest da agah de couma Certificat du recspisce za courrier ima pear Hom carmin m MI Guanio Ci irae ongari estie COUP Mendip de sie Erin pai Hem carmmun OOM Deginani Cri Linde d organiser COL Yalar Engir ie L mgr rires num riques merar rey menus A Emprante rire BIDS Chert ARTEN TERI TEST tut p TREDEXHETGSGEREST TCHEBE ZT EEEF X1 RTE calorie de Ceinia FESEAU DE TRAHSPDRT D ELECTRICIT Meta par carte du ceri Ficals LOT LL OS Te dee CC a CA EE d Se une Ce D EE COCA PD Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 67 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Datst du cerificat 7 3e3a7g5encac AE eT A A A gbee badai DAs Neer he Eearrriliratu SATE neme de Celia Chest ETEL TEST hamas de certificat Ziehe Wren Micro da nira Algorithme de ugrabure deu caricate mahau v Wade fan avri Fan EE Ente ck publique ch quel Valeur du champ E tugmrt rg rclimncl marvicmsz rzcza Fracca ccmm CH Climnt HIEl1 TEST CJ TS amp 523 0000 0000 Qu Esfr ID
109. nication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 16 Glossary When certificate holders approach their new secure environment they will be confronted with specific terminology the terms of which are explained in this section Authentication Verification of the validity of identity as declared by a user by a device or by another entity in an information or communications system Certification Authority A Certification Authority CA is an entity which issues digital certificates for use by other parties as electronic equivalents of identity documents In distributing digital certificates the Certification Authority or Trust Authority serves as an ethical guarantor by asserting a person s identity through the certificate provided to that person According to the scope accorded to the Certification Authority this certificate will have a field of application of varying range limited to internal communications in a company like a company security badge or for use in communications with other organisations and administrative bodies like a national identity card or passport Certificate A digital certificate plays the role of an electronic ID card electronic passport It guarantees the id
110. nications in the S MIME format NOTE Throughout this document the pronoun you is used to reference the certificate holder References to he him his himself are for brevity and are also implied to refer to she her hers herself wherever they occur 1 2 Context In the context of the February 10th 2000 legislation 2000 108 and the implementing decree 2001 630 of July 16th 2001 the administrator of a public transport network has an obligation to protect the confidentiality of all information of economic commercial industrial financial or technical natures whose communication might adversely impact the rules of free and fair competition and non discrimination as defined by the law Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 7 128 NT SI CN2I OEM ST 08 00066 Page 8 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 1 8 Awarning concerning security procedures Each holder of a digital certificate uses a cryptographic module of their web browser to maintain their own securely generated private key on the hard drive of their workstation Therefore every digital certificate holder must take the necessary precautions to prevent e the breach of their private key e the loss of the
111. nternal Affairs department as the certification authority 1 4 1 The customer The customer makes certificate requests on behalf of its certificate holders The customer can similarly issue requests for revocation of those certificates Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 R TE Version 2 1 4 2 1 4 3 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual The Registration Authority RA The Registration Authority the RTE customer relations officer for the Operator s team receives a certificate request and verifies the identity of the certificate holders who will be using the certificates The Certification Authority CA The RTE Certification Authority is responsible for and vouches for the certificates signed in its name and for the smooth operation of the PKI It defines its own policies for the administration and usage of its certificates The RTE certification authority is defined as CN RTE Autorit de Certification O RESEAU DE TRANSPORT D ELECTRICITE 1 5 The certificate management process The principle processes implemented to manage the combined collection of digital certificates delivered to certificate holders are as follows e the issuance of a certificate is
112. on on the top right of the page 7 7 4 2 Using SSL VPN to access hosted email folders SSL VPN can be used to access email folders hosted in FrontOffice with the use of a standard email client Access to the hosted email folders requires that the SSL VPN connection has been established see 7 7 4 1 The configuration of the email account in your email client software is made in the normal fashion with the following parameters e Email server type POP server e POP server address pop services rte france com e SMTP server address smtp services rte france com When your access to RTE FrontOffice is supplied to you you will receive your login identifier your password and your email address NOTE Given that the messages are being forwarded through a secure channel the sending and receipt of emails does not require the use of a certificate for message encryption Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 49 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 8 Mozilla Firefox 8 1 Preliminary configuration From the Tools gt Options menu select the Advanced section and then the Encryption tab In this window select the 2 checkbox
113. ons aux services Intemet Votre carte puces l aide de SSL ER E Identit des autres Type D livr C D livi par 2 a ore er Obtenir certificats 9e Activit des autres test te client services rtedrance com RTE Autorite de Certification FF Messagerie Autres actions r El ment s lectionn De livre a testte client services rtedrance com E mail test4te client 1 services rte4re D livr par RTE Autorite de Certification Email Activ 24 04 2007 Type Multifanction Intemet Expire 23 04 2009 Empreinte B507 1980 C390 6022 B967 09313 0200 74B7 D tails avanc s Ok Feme Now select Your Internet certificates from the dropdown list so that any Internet certificates already imported are displayed Generally speaking the list will be empty Click on the Obtain certificates button and select Import Internet certificates Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2I OEM ST 08 00066 Page 108 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Certificats dans votre fichier ID Ge EGE S Les certificats toumissent une m thode s curis e d identification dans Notes et d autres programmes Votre
114. onsulted to perform these operations 6 1 2 Particularities of VPN access Access to the SSL VPN requires that your workstation is able to resolve and access the address secure iservices rte france com To verify if this is the case open your Start menu and click on Run In the window that appears enter this command cmd k ping secure iservices rte france com Entrez le nom d un programme dossier document ou d une ressource Internet ek Windows l auvrira pour vous Ouvrir cmd Jk ping secure iservices rte france coml w Annuler Parcourir Click on the OK button A window will appear containing some information e f the first line starts with Sending a ping request to secure iservices rte france com then the address Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual secure iservices rte france com has been resolved Your workstation is correctly configured If the first line starts with The ping request could not locate the server secure iservices rte france com then the address secure iservices rte france com has not been resolved Please contact your IT support desk so that they can make the nece
115. p Tools Internet options and click on the Contents tab and then on the Certificates button m Certificats Role pr vu Personnel Autres personnes Autorit s interm diaires Autorit s principales de confiance b D livr D livr par Date d ex Nom convivial aupprimer rT D tails de certificat En savoir plus sur les certificats Click on the Import button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 R TE Version 2 Page 41 128 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Anistant Importation de certificat 000000 Cet Assistant vous aide copier des cerdficats des iste ee eiis deus votre disque vers ur megasm de Un certicet mis per une Autorit de certficstion est LA magam certficabs est La zone sysh me o les certificats sont bantaren Chguez mar Suivant pour contrer Click on the Next button e Apatan Importation de certificat Aoi die pur Pour menjene ia secure la che prive a ele probes avec un mot ce passe Geared e mote passe de le ce priv e Mot de nasse gt J Ae bs protechon renforc e de des mems La d pmte vous sers deranne e Pau fms uelle est ubere par unc appicason di
116. pport Test de support R vocation de su Recherche Installer le certificat racine de RTE lt q Click on the link Installer certificate le certificat racine de RTE Install the RTE root A dialogue box will be displayed in which you must select the 3 checkboxes Confirm this CA for identification to confirm confidence in the RTE CA T l chargement du certificat On vous a demand de confirmer une nouvelle autorit de certification AC Voulez vous faire confiance Confirmer cette AC pour id Confirmer cette AC pour id RTE Autorite de Certification pour les actions survantes entifier des sites Web entifier les utilisateurs de courrier Avant de confirmer cette AC pour quelque raison que ce soit vous devriez l examiner elle ses m thodes et ses proc dures si possible Examiner le certificat d AC Annuler 8 2 2 Verification of the root certificate fingerprint Click on View to verify that the certificate to which you are about to grant trusted status is indeed the RTE root certificate Copyright RTE This document is the property of RTE All commu nication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 51 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Dimi du
117. prohibited without written authorisation from the Electricity Transport Network Operator RTE 35 128 NT SI CN2I OEM ST 08 00066 Page 36 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 7 5 2 Example of accessing the RTE Customer Services Portal Whenever you access the welcome page with https as the prefix you will have to select your certificate Chaisir un certificat num ric Accorder ou refuser cette application l autorisation d utiliser Identification cette cl Le site Web que vous voulez visiter requiert une jim XM a see SS ie E Nom dela cl Nom fourni par l application pour la cl identification Chosissez un certificat Ami me Accorder une autorisation Refuser une autorisation Mot de passe de protection de RTE Autorite de Certification la cl v Afficher les d tails de la cl Informations Afficher le certificat ok Lm The Display the certificate button allows you to If necessary this window will ask you for look at the contents of the selected certificate then the store password for your certificate click on OK The welcome page will then be displayed in a secure setting Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport N
118. r certificate is finally downloaded and installed in the Mozilla Firefox certificate store The following page will then be displayed to indicate the end of the process rhgital ID Installation and Registration Page Mozilla Firefox lal xj Eker Edtion Affkhage Aler Marque pages Cutis 1 a 02 BB CN Ep B Hrest certoluscomicasntsorhate exe F licitations Votre certificat num rique a t t l charg et imstall Informations sur votre certificat num rique Country FR Organization TEST Organizational Unit Sof ID Organizational Unis 160 6523 0000 DODO Common Mame Client RTE 1 Email Address cliant tadsericeas re france com Num ro da S rie 392d6b2a16298033d3deb649DbbD0cO 21 Termin rte soft id cartplus com 5 Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 57 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual IMPORTANT Once downloaded your certificate with its keys and root certificate must be saved on a removable medium e g a diskette that you must store securely to prevent unauthorised access Refer to section 8 5 1 for the certificate export procedure 8 3 3 Viewing and verification of your digital certifica
119. ready have the email sender s certificate and if you open that message with a message client that supports S MIME format secured messages which Outlook 2007 does IMPORTANT NOTE The encryption of a message is dependent on the possession of a valid certificate corresponding to the recipient s email address Application certificates Upon receiving the first signed and encrypted message from an application you should install the sending application s certificate To do so you must add the application s email address to your address book by clicking on Add to contacts with the right mouse button when positioned over the sender s name of the message received Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 91 128 NT SI CN2I OEM ST 08 00066 Page 92 128 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual _ Planifier une r union Obtention de l adresse du bureau Envoyer un message Actions IN The General tab The Certificates tab D 7 i peas aire GT P PN t C du ata A abate na a pce Demum er m prre Ctrl S to save Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without wri
120. riquement au format texte brut Script dans les dossiers Autoriser les scripts dans les dossiers partag s v Autoriser les scripts dans les dossiers publics In the right hand column click on Email security and then click on the Parameters button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE 89 128 RTE _ NT SI CN2l OEM ST 08 00066 Page 90 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Pr f rences des param tres de s curit Mom des param tres de s curit Certification RTE Format de chiffrement S MIME Parametre de s curit par d faut pour ce format de message chiffre Parametre de s curit par d faut pour tous les messages chiffres tiquettes de s curit Mot de passe Certificats et algorithmes 3 Certificat de signature Client RTE 1 TEST Algorithme de hachage 5HA1 Certificat de chiffrement Client RTE1 TEST Envoyer ces certificats avec les messages sign s Click on the two Select buttons in order to select your certificate for signing and encryption from the list of selectable certificates that is presented to you you can also display any cert
121. root certificate will then be installed in the Windows certificate store as per the process described below Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 26 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Voulez vous ouvrir ou enregistrer ce fichier Mom getcertif p7b Type Certificats PKCS 7 694 octets Ce rte certplus com Lo Emma ir Toujours demander avant d ouvrir ce type de fichier 5i les fichiers t l charg s depuis Intemet sont utiles certains fichiers peuvent pr senter des risques pour votre ordinateur N ouvrez pas ou n enregistrez pas ce fichier si vous n tes pas s r de son origine Quels sont les risques Click on the Open button a certmgr Certificats Utilisateur actuel AUSERSYFOUTILISATEURVAPPDATAM OCADWMICROS C5 El es Histo je a 6 318 m Sal Certificats Utilisateur actuel D livr D livr par 4 C AUSERS FOUTILISATEUR AL GI ar RTE Autorite de Certification RTE Autonte de Certification C Certificats Pi TI k 4 it Le magasin C USERS FOUTILISATEUR APPDATA LOCAL MICROSOFT WIN Double click on RTE Autorite de Cer
122. rtificate administration web site from his workstation to fill out and validate the registration form online At that moment a key pair will be generated on his workstation and his certificate will be downloaded Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 13 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 3 Renewal of certificates Certificates have a validity of two years so that a high level of security can be delivered with them Forty days before the expiry of a certificate an electronic message is sent to the certificate holder to inform him of the renewal of his digital certificate If modifications need to be made relating to the certificate holder s details then the company s representative contacts the RTE customer relations officer to tell him what those changes are Otherwise an email is sent to the certificate holder with the information necessary for the retrieval of his new certificate Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 14 128 R TE Vers
123. rtificate with a dedicated site The use of SSL VPN requires the installation of a special tool which is installed during your first connection to the site This application is called Windows Secure Application Manager WSAM The SSL VPN makes it possible to access email folders hosted in RTE FrontOffice Prerequisites First verify that your version of Mozilla Firefox permits access to the RTE s SSL VPN see S6 2 IMPORTANT Before making your first connection you absolutely must verify that your workstation can resolve the address secure iservices rte france com see section S6 1 2 8 6 3 First connection This paragraph only concerns your first connection to the SSL VPN with Mozilla Firefox Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 69 128 NT SI CN2I OEM ST 08 00066 Page 70 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual IMPORTANT The first connection must be made by IT staff with Administrative privileges on your workstation so that the WSAM application installation can be made Start your browser and enter the following URL https secure iservices rte france com This window will be displayed Ce site vous demande de vous identifier avec un c
124. s 30 Total 34 um wv RE RE Li W xr pau udi Ride E screen manquants amp Courrier entrant T FR o amp HL CA x 10 30 Whenever you see the window New file for RTE DIAPASON appearing just click on OK To verify that the application certificate e g RTE DIAPASON is correctly installed open the Tools gt Options menu select the Confidentiality section and the Security tab then click on View the certificates and finally click on the Other people tab Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 98 128 RTE _ Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Gestionnaire de certificats E Vos certificats Autres personnes Sites Web Autorit s Vous poss dez des certificats enregistr s identifiant ces personnes Nom du certificat Sugets Adresse lectronique 13 2 3 Message encryption and signing To encrypt and sign a message with Mozilla Thunderbird first create a new message by clicking on Write or Ctrl M Click on the Security button to make sure the two options Encrypt this message and Digitally sign this message have been selected these options ought to be
125. s data user id iE E Activit des autres Niveau de chiffrement du fichier ID 64 bits ID restauration messagerie T Donn es Notes Date d expiration du fichier ID 05 09 2009 Renouveler 5 Messagerie Parametres de connexion et de mot de passe Pour modifier votre mot de passe cliquez ici Changer de mot de passe 3 iom que quelqu un connait votre mot de passe Notes Vague Ne pas laisser admin d finir mot de passe Web intemet Domino pour qu il corresponde au m de p Notes Utiliser le m me mot de passe pour tous les programmes bas s sur Notes s cu r duite Se connecter Notes l aide des informations d ouverture de session du systeme d exploitation Se d connecter et verouiller affichage Notes si vous n avez pas utilis Notes pendant 15 min Tl Cox re Click on Your identity and then on Your certificates ibd ERE Certificats dans votre fichier ID e ie Les certificats foumissent une m thode s curis e d identification dans Notes et d autres programmes Votre ID EM C Votre identit peut contenir des certificats destin s s curiser les communications Notes ainsi que des certificats destin s Intemet uo Vos certificats Intemet fe ouilise pour changer des messages s curis s avec des utilisateurs Vos certificats ext rieurs Notes pour acc der des pages Web s curis es partir du navigateur Notes ou pour s curiser les connexi
126. s de s curit avanc s uet ne Messages chiffres D Avertir lors du chiffrement de messages un niveau inf rieur 128 bits 4 Toujours chiffrer ma copie bors de l envei de courrier chiffr Flessages signes nume riquernvent A Inclure l ID num rique lors de l envoi de messages sign s Coder le Message avant de le sig ner signature opaque 4 Apouter be certificat des expedriteurs mes Contacts Windows Venfication de r vocation le V rifier les identificateurs num riques revoques Uniquement en hgne jamais Verify that the configuration is identical to that above please specifically check the two boxes labelled Include the digital identification when sending messages and Add the certificate of senders to the address book have been checked then click on OK All your emails destined for RTE applications sent from this account will now be encrypted and signed 10 2 Use of the certificate 10 2 1 When to use the certificate By using your certificate you can e authenticate yourself to RTE applications e sign and encrypt emails destined for RTE applications e decrypt electronic messages that have been sent to you by RIE applications The encryption and signature of a message are two distinct processes you sign a message with your own certificate whereas you encrypt it with the recipient s certificate The recipient s certificate can be obtained in s
127. sactive les programmes compl mentaires du navigateur et r initialise les param tres R initialiser les param tres d Internet Explorer Reinitialiser N utilisez cette option que si votre navigateur est inutilisable In the section labelled Security makes sure that checkboxes for SSL 2 0 SSL 3 0 and TLS 1 0 have been checked as shown above Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 23 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 7 2 Adding trusted sites In order to be able to authenticate yourself to Internet sites with your digital certificate it is absolutely necessary to add these sites to the list of trusted sites To do so open Internet Explorer and click on the Tools Internet options menu option Page vierge Windows Internet Explorer OQ E about blank 4 x Fichier Edition Affichage Favoris Outils w Page vierge Supprimer l historique de navigation Diagnostiquer les probl mes de connexion Bloqueur de fen tres publicitaires intempestives Filtre anti hame onnage G rer les modules compl mentaires Travailler hors connexion Windows Update Plein cran Barre de menus Barres
128. selected by default R daction pas de sujet Fichier Edition Affichage Ins rer Format Option Outils Aide Ly LJ uH cu Envoyer Contacts Orthographe Joindre S curit Enregistrer Exp diteur rtetest chentl test rte clientl s Me pas chiffrer ce message A Pour Chiffrer ce message v Signer num riquement ce message Voir les informations de s curit Sujet Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 99 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 13 3 Importing the certificate With Mozilla Thunderbird v 1 5 import of a complete PKCS 12 file with the root certificate Open the Tools gt Options menu the Confidentiality section and then the Security tab v 1 5 and higher Voir les certificats Listes de r vocation V rification P riph riques de s curit SENSE RER CENT EE PP NL LE A A RAP AE Wee Re EUR RE Click on the View the certificates button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Op
129. ser manual cateur Netscape Mozilla Firefox f Fichuer Edibon Affichege Hetomque Merque pages Qutik 7 pj 2 Dibuli ace Firslen E l uns n Gy Portail des porteurs RTE Bl Enregistrement utisateur Netsca Li Remplissez tous les champs N uslisez que Falphatet lalin sans carseleres accentu s Les informmabona des champs precedes dun aen insduses dare valre esrsfical et Sern accesibles l us Norm shat obbgaloirs nape ir aaia ClentRTE TEST Ee jean dupont jsocate com j Itestrta clientl ig services re france Authentifiant PEHI bI Code de retrait sbligaicws Obligatoire Choisissez le niveau de chiffrement 1024 Le niveau de erypiage indiqu G dessous esl be mairmum permis por voire navigsseur Neus aus rcommandens de chemin 1024 Niveau de cryptage 1024 Grade mayer Tarrnind rte scht id certpluxeom i The fields marked with an asterisk must be completed without diacritic marks I e accents cedillas or punctuation marks as they would also appear in the certificate that will be generated The retrieval code is the code supplied in the 2 email that you received from us which allows you to authenticate yourself To make things easier you can do simple copy paste commands to enter the data You must likewise enter your Authentifiant Utilisateur PKI PKI User Credentials just as they were supplied in the RTE IT system access technical
130. ssary changes to enable the ping address resolution 6 2 Software configuration The software configuration required for your workstation is as follows Operating systems Windows Vista all versions Web Browsers either of Internet Explorer 7 Mozilla Firefox 2 x For accessing the SSL VPN the maximum version is 2 0 0 14 Email clients any one of Windows Mail Outlook 2003 and 2007 Mozilla Thunderbird 2 x Lotus Notes 7 starting from version 7 0 2 Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE 19 128 NT SI CN2I OEM ST 08 00066 Page 20 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual D WEB BROWSERS Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 7 Internet Explorer 7 1 Preliminary configuration In the browser select the Tools gt Internet options menu options zal Bis en v geh Page Outils Supprimer l histonqu
131. suance of one or more certificates e the renewal of a certificate replacing someone s certificate with a new one for a new validity period and for a new key pair e the revocation of a certificate The RTE s certification policy is available on the RTE corporate internet site 1 5 1 1 5 2 Issuance of a certificate Certificates are issued in compliance with the RTE Certification Policies upon the initiative of the company representative for contractual relationships with RTE The requests are issued by the customer through its RTE customer relations officer who forwards them to the appropriate groups to register the certificate holder Then the certificate holder himself registers on the site assigned for digital certificates After that the browser generates a key pair on the certificate holder s workstation and downloads the associated certificate Renewal of a certificate Forty days before the expiry of a certificate an electronic message is sent to the certificate holder to inform him of the renewal of his digital certificate If modifications need to be made relating to the certificate holder s details then the company s representative contacts the RTE customer relations officer to tell him what those changes are Otherwise an email is sent to the certificate holder with the information necessary for the retrieval of his new certificate Copyright RTE This document is the property of RTE All communication reprodu
132. t W Chiffrer le contenu et les pi ces jointes du message em Ajouter une signature num rique au message Envoyer le message en dair sign Demander un accus S MIME pour ce message Param tres de s curit Param tre de s curit Automatique gt Etiquette de s curit Module de strat gie Verify that the boxes labelled Encrypt the message content and attached documents and Add a digital signature to the message have been checked by default Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 95 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 13 Mozilla Thunderbird 13 1 Preliminary configuration To be able to associate your certificate with your email account under Mozilla Thunderbird your certificate must be installed under Mozilla Thunderbird To do this you must export it from the browser that you installed it into and import it into Mozilla Thunderbird with the corresponding private key and the RTE CA root certificate Refer to the section at the end of this document Start Mozilla Thunderbird and open the Tools gt Account parameters menu then select the Security item of the RTE communications accounts e
133. tall the sending application s certificate To do so you must add the application s email address to your address book by clicking on Add to contacts with the right mouse button when positioned over the sender s name of the message received Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE Page 85 128 NT SI CN2I OEM ST 08 00066 Page 86 128 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual li1 services services r RTE Applil applil sernvices services rte france com Planifier une r union Objet TestMCO FO Sign par applii services gservices rte fra Obtention de l adresse du bureau Ajouter ou modifier des num ros de telephone Ne pas tenir compte EX Envoyer un message applil services services rte france com Actions suppl mentaires Rechercher le contact Outlook Propri t s Outlook The General tab The Certificates tab T 3 dd amit services a Vous pour obtener un certificat en recevant de ce contact du courner 5qn ATE Agel Pare queen ou ieri impor lant urs cheer de cerlihcals de ce contact Scie le L L Gerlihcale dentist arriet Classer seus Wee APPL inar elut Es memes r Teitcopse furem v T amp phone mobie
134. te Regardless of the browser used the contents of the downloaded certificate will obviously be the same only the presentation of the information on the screen will vary For Mozilla Firefox you must click on the Advanced section and then on the Encryption tab Options rome k XC A Fi a af M General Onglets Contenu Flux Vie priv e Securit Avance G n ral R seau Mises jour Chiffrement Protocoles Utiliser SSL 3 0 Utiliser TLS 1 0 Certificats Lorsqu un site Web n cessite un certificat En s lectionner un automatiquement Me demander chaque fois Afficher les certificate Listes de r vocation V rnficabon P nph nques de s curit OK Annuler Ads Click on the Display the certificates button Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2l OEM ST 08 00066 Page 58 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual amp Gestionnaire de certificats Vos certificats Autres personnes Sites Web Autorit s Vous poss dez des certificats de ces organisations qui vous identifient Nom du certificat P riph rique de s curit Sujets Numero de s rie Expirele EZ F RESEAU DE TRAN 4 09 2000 The Your certific
135. tes de cette zone Fermer Click on Close and then on OK Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE 24 128 NT SI CN2I OEM ST 08 00066 Page 25 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual T 3 Installation of the RTE CA root certificate 7 3 1 Download and installation The RTE root certificate must now be installed in your browser so that RTE is known as the trusted Certification Authority To do this please navigate to the RTE customer site at the following address http rte certplus com default htm The following page will be displayed Ft Pytel des portera EIL Mince Lr erret pte fichier Edition Aktaj weons Cath de BD pena des porteur ET s 7 om rPags J Dutis LC LITE T ID A du Maine de Damit d mci lCertificats logiciels Cartes et tokens USB Retrait de certificat Acquittement de support Retrait par CSR Test de certificat Test de support Revocation de certificat Revocation de support Recherche Recherche ite de Certification Installer le certificat racine de RTE Sa Termie hg GP Intemer Made prot g active Sion Click on the link Installer le certificat racine de RTE Install the RTE root certificate The RTE CA
136. th digital certificates under Microsoft Windows Vista PKI user manual Bienvenue dans l espace s curis RTE Espace S curis RTE 7 7 4 Use of the SSL VPN 7 7 4 1 Establishing the connection otart your browser and enter the following URL https secure iservices rte france com This window will be displayed Identification Le site Web que vous voulez visiter requiert une identification Choisissez un certificat Emetteur Client RTE1 TEST RTE Autorite de Certification Select your certificate then click on the OK button The WSAM application automatically starts and the following page is displayed e E Page d accueil D connexion Bienvenue dans l espace s curis RTE Acc s Messagerie Espace s curis RTE Windrush a Application Windrush Sessions des applications clientes Windows Secure Application Manager 2 0 In addition the icon will appear in your task bar Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 48 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Notes e The certificate is only used to establish the SSL VPN connection e To close the SSL VPN session click on the Disconnect butt
137. tification RTE Certification Authority Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 27 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Assistant Importation de certificat i im mal Bienvenue Ced dessert vous ade copser des certificats des ites de certificats de confiance et des kebes de r vocation de certificatz depuis votre disque vers un megan de certificats Lin certficet emis par une Autorit de cerbficabon est une confirmalion de votre denti at content des informations utis es pour prot ger vos donn es ou dish des cmenons r seau secures Le msgaem de certificate est la zone syst me o les cer ticat sont A Informations sur le certificat Ce certificat est con u pour les roles survants s Toutes les sh stages d mesons Toutes les strategies d applicaton Chquer sur Suvant pour conSnuer Delivre 4 ATE Auturite de Cerb caton D btur par RATE Autorite de Ce bicar Valide partir du 25 05 2002 prsqu au 23 05 2012 Click on Next F fabien Importalson de caries Re ee m mme a Enri Fin de l Assistant Importation de Les magasins de certificats sont des zones syst me o les certificats X sont stock s c
138. tten authorisation from the Electricity Transport Network Operator RTE RTE NT SI CN2l OEM ST 08 00066 Page 93 128 Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual 12 2 3 Message encryption and signing To encrypt and sign a message with Outlook 2007 first create a new message by clicking on New or Ctrl N To sign and encrypt your message verify that the two icons above have been correctly checked Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 94 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual S cunte Importance Normale 7 Modifier les parametres de s curit pour oe message Crit re de diffusion Normal 7 Parametres de s curit Options de vote et de suivi VE Utilser les boutons de vote Demander un accus de r ception pour ce message Demander une confirmation de lecture pour ce message Ophons de remise Envoyer les r ponses Ne pas envoyer avant Expire apr s Format des p ces jointes Click on the Security parameters button Propri t s de s curi
139. u should check the Sign and Encrypt boxes as illustrated below Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE 117 128 NT SI CN2I OEM ST 08 00066 Page 118 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Nouveau m mo IBM Lotus Notes Fichier Edition Vue Cr ation Actions Texte FA RTE test client 1 Courier en X gt Test MCO FO X 11 Camet d adresses de Client 1 X K gt Nouveau m mo X A Envoyer Envoyer et classer Enregistrer brouillon Options de distribution Suivi Afficher RTE test client1 RTE test centi 26 02 2008 14 42 vaag ecce You may alternatively click on the Distribution options button and check the Sign and Encrypt boxes as shown below Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 119 128 R TE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Sta ndard Avanc es RRERRRERERERSRERERERERERRRERR Cal Normale Accus de r ception
140. ut written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 60 128 RTE Version 2 Access to the IT system with digital certificates under Microsoft Windows Vista PKI user manual Requ te d identification d utilisateur seni m Ce site vous demande de vous identifier avec un certificat de s curit portail iservices rte france com Organisation RTE mis sous VeriSign Inc Choisir un certificat pr senter comme identification cela eisai dE der daaa a Apem el TOR EL EA SPEED 27 1 CAES D tails du certificat s lectionn Emis pour Eztest rte client Gservices rte france com N Client RTEL TEST OUZ ISO 6523 0000 0000 QUE Soft ID Oz TEST CZ FR Num ro de s rie 7F 9F 03 B2 B4 3F 89 D2 1 C 9E B4 27 09 BF 00 47 Valide de 05 09 2007 16 17 31 pour 04 09 2009 16 17 31 Emis par CN RTE Autonte de Certification OS RESEAU DE TRANSPORT D ELECTRICITE Stock dans S curit personnelle ok Annuler oelect your certificate from the dropdown list labelled Choose a certificate to present as identification and click on OK If necessary this window will ask you for the password to the Mozilla Firefox certificate store Mot de passe requis xm Exon Akh Proge epee o Quid gG 2 HRS LL Peppers mri eos comport m Kar lb D bats boit Fun 2 Ru ces os Clients de RTI horas priri npani
141. ven partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I OEM ST 08 00066 Page 71 128 R TE Version 2 Access to the IT system with digital certificates M under Microsoft Windows Vista PKI user manual If this window below appears just click on Yes x 3 Acceptez vous le certificat du site Web Secure iservices rte france com en vue d un Ad 2 i change d informations crypt es Authenticit de l diteur v rifi e par VeriSign Inc A Le certificat de s curit a t mis par une soci t qui n est pas digne de confiance fy Le certificat de s curit n a pas expir et est encore valide Attention secure iservices rte france com atteste que ce contenu est s r Vous ne devriez accepter ce contenu que si vous estimez que secure iservices rte france com est digne de confiance Plus de d tails o Non Toujours Please be patient through the entire installation procedure 3 Windows Secure Application Manager Installation des ould ie e m If your Internet access requires authentication with a proxy a window will appear asking you for your connection identification credentials Enter them and validate Once the installation has finished the welcome page will be shown again et E Page d accueil D connexion Bienvenue dans l espace s curis RTE Acc s Messagerie Espace s curis RT
142. vous eiar cette on gt V Manguer cette ch comme exportable Cela ous permietka de pvwgarder et de transporter wie cles utberieonement F incure toutes les proprie tes tendues En saver plos sur la grabacion des chis ero a me Enter the PKCS 12 file password check the 3 boxes then click on Next Assistant Importation de certificat Fuchmer b bi pari G n Somcfer Le Rehar emporter Nom du fichier netat ATE ent rte generte france cm Rens chere certficatz peurent tre sige cere un seul craser six Forrest Suns i change informations personnelles PKCS 12 PEX PL Standard de snime de message de chiffrement Cert cate PECS 27 F7 Hagai de ceti cats s rabs s Mr poat 55T Click on the Browse button to locate the PKCS 12 file ext p12 or p x then click on Next Mel eames de cert fats Les mopa de o e cont des 20nez zezbisme au les certificats Winddwe pind adiectione duriora boim unc mage de cim Acai ini vi parer specter lemplscement du certifext gt a S lecbonner Guinan la nagien de der isa bon le Type de cerbfical Pater Lens bii cer Dict carm ie rrr mtv Select the first box then click on Next Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE NT SI CN2I
143. work makes it possible to make connections between disparate local networks using a tunnelling technique The tunnel is a secured Internet communications channel through which data is transmitted with embedded encryption Page END OF DOCUMENT Copyright RTE This document is the property of RTE All communication reproduction or publication even partial is prohibited without written authorisation from the Electricity Transport Network Operator RTE 128 128
Download Pdf Manuals
Related Search