Automated Court Reporter Application Digital Signatures · Automated Court Reporter Application...

Automated Court Reporter Application

Digital Signatures

Doc Version 1.5

December 1, 2010

Administrative Office of the U.S. Courts

Digital Signatures Version 1.5 (As Of 12/01/2010)

of 42

Revision History

Date Version Description of Revision 2/10/2009 1.0 Initial draft for Review 2/17/2009 1.1 Updates after initial review – minor updates, no

major content changes 4/2/2009 1.2 Insert Section 3 – Adobe updates and a required

step, moving current Sections 3 and 4 to 4 and 5 respectively

7/31/2009 1.3 General updates to improve instructions and add additional Adobe option update

12/01/2009 1.4 Updates for release of Version 2: 1. General updates for clarity 2. Includes relevant Adobe 9.0 screen prints

10/01/2010 1.5 General updates to improve instructions and Adobe versions


of 42

TABLE OF CONTENTS

Revision History ............................................................................................................................. 2 Digital Certificates .......................................................................................................................... 4 1 Create Digital Certificate ......................................................................................................... 5

Process for Downloading Digital Certificates ............................................................................. 5 2 Install Certificate Trust Authority ......................................................................................... 11

Installing the Certificate: ........................................................................................................... 11 3 Update Adobe Settings .......................................................................................................... 17

Updating Adobe Settings ........................................................................................................... 17 4 Export a Certificate ................................................................................................................ 23

Exporting a Certificate............................................................................................................... 23 5 Import a Certificate ................................................................................................................ 33

Importing a Certificate............................................................................................................... 33


of 42

Digital Certificates The Automated Court Reporter Application (ACRA) uses digital certificates for Court Reporters and Court Officials to digitally sign their AO40A and AO40B forms for submittal. The digital signature MUST reside on the computer that will be used to sign AO40As and AO40Bs. The creation is a three-step (3) process for use. First, the digital certificate is created: second the certificate is installed on the computer that will be used to sign forms which designates the certificate as “trusted”; and third, two (2) Adobe settings are verified and/or updated. If more than one computer might be used to create and submit forms, then the digital signature must reside on each computer to be used. Only one certificate is needed, and once created, it may be exported/imported to the additional computer(s). The Adobe settings MUST be set on each workstation to be used. Each computer used to access ACRA must be connected to the Courts DCN (Data Center Network). At this time, the certificate is requested from the AO Courts, OIT-CTO group. The AO Courts JENIE name and password are used to create the certificate, with both values being case-sensitive. Once the JENIE name is created, a signer will use the following instructional sections. To create a digital signature and only use it on one computer, execute the following sections:

Section 1 – Create Digital Certificate Section 2 – Install Certificate Trust Authority Section 3 – Update Adobe Settings

NOTE: all signers MUST complete Sections 1, 2 and 3. Sections 2 and 3 steps may be repeated. To create a digital signature and use it on more than one computer, execute the following sections:

Section 1 – Create Digital Certificate Section 2 – Install Certificate Trust Authority Section 3 – Update Adobe Settings Section 4 – Export a Certificate Section 5 – Import a Certificate

NOTE: Section 4 and Section 5 may be completed as many times as necessary. Sections 2 and 3 may be completed more than once but are usually required to be completed only once. When exporting a digital signature, it may be exported from the source computer to a flash drive, CD or other external media to be used as input to the destination computer.


of 42

1 Create Digital Certificate In order to affix a digital signature to a form, a “Digital Certificate” is required. A Digital Certificate is a small encrypted file that is used to identify the signatory of the document. The Digital Certificate MUST reside on the computer that is being used to display the form to be signed. Only one certificate per name may reside on the computer. (Multiple certificates may reside on one computer.) The certificate is stored in the browser. If a different (new or additional) computer is to be used, then the certificate should be exported and imported to the new/additional computer.

Process for Downloading Digital Certificates 1. Connect to the AO’s PKI systems (Public Key Infrastructure)

Using a browser (samples are from IE 7.0), connect to: http://pki1ex.cto.ao.dcn:8080/ejbca . Returned is the Welcome page: (NOTE: that it is “pki1ex” – “one” not lower-case “L”)

2. Select Create Browser Certificate from the Enroll options


of 42

The EJBCA Certificate Enrollment Page is returned:

3. Enter the Username and Password (JENIE account)

NOTE: Case matters with both the Username and the password. 4. Select the ‘OK’ button Returned page is EJBCA Token Certificate Enrollment:

5. Enter Options:

Key length: Select 2048 bits Certificate profile: Keep ENDUSER OpenVPN installer: Leave blank Select OK button


of 42

File Download popup will appear:

6. Select Open button 7. Execute steps of Certificate Import Wizard:

Select Next > button


of 42

Wizard Step 1 – the File to Import window:

Select Next > button NOTE: Accept default File Name, do NOT change it. Wizard Step 2 – Password:

Enter the JENIE Password as used for the login to the EJBCA Certificate Enrollment

Select Enabled strong private key protection … Select Mark this key as exportable. … Select Next > button


of 42

Wizard Step 3 – Certificate Store:

Defaults “Automatically select the certificate store…” as selected - KEEP Select Next > button

Wizard Step 4 – Completing the Certificate Import Wizard:

Select Finish button Ends Certificate Import Wizard


of 42

Returns the Importing a new private exchange key function:

8. Select OK button (or Proceed) Certificate was imported:

9. Select OK button If the returned popup is an “Error” message instead of the “successful” message above:

Select the Yes button The above “successful” popup should appear This still indicates that an error may have been encountered.


of 42

2 Install Certificate Trust Authority Once the certificate is successfully created, it must be installed into the internet browser to be available to sign AO04A and AO40B forms. Installing the certificate indicates that the certificates are from “trusted” sources.

Installing the Certificate: 1. Connect to the AO’s PKI systems (Public Key Infrastructure).

Using a browser (samples are from IE 7.0), connect to: http://pki1ex.cto.ao.dcn:8080/ejbca . Returned is the greeting page: (NOTE: that it is “pki1ex” – “one” not lower-case “L”)

2. Select Fetch CA & OCSP Certificates from the Retrieve options


of 42

Fetch CA & OCSP Certificates:

To be installed is CA:AOuscourtCAx1 3. Select link Download to Internet Explorer (or Firefox) Returned is a request to standard File Download function:

4. Select Open button


of 42

Returned is Certificate function to Install Certificate:

5. Select Install Certificate button Initiates Certificate Import Wizard:



of 42


Defaults to “Automatically select the certificate store….” – Keep selected Select Next > button

Wizard Step 2 – Completing the Certificate Import Wizard:

Select Finish button


of 42

Wizard Completion:

Select OK button Returns to Certificate Information:

6. Select OK button


of 42

Returned to Fetch CA & OCSP Certificates function:

The Digital Signature is now fully “trusted”:

Certificate is trusted but ACRA is not yet ready. Follow instructions in Section 3 to Update Adobe for use.


of 42

3 Update Adobe Settings Adobe, both Reader and Acrobat, must have certain options set for the certificate to display properly on the signed AO40A or AO40B form. The settings need to be verified or set, depending upon the individual workstation. Adobe versions 8.0 and 9.0 are both valid for ACRA with the minimum acceptable release of 8.1.7 or 9.3 for either Reader or Acrobat. If more than one computer is to be used, the settings on each computer must be set as follows.

Updating Adobe Settings 1. ACRA must be closed 2. On the desktop, double-click the Adobe icon (Reader or Acrobat)

The Adobe primary menu will appear:


of 42

3. Select the Edit / Preferences option:

Preferences with Category options available are displayed:


of 42

4. Select Internet Category:

Verify that Web Browser Options “Display PDF in browser” is checked, if it isn’t, check it. (NOTE: if the OK button is selected now, the Edit/Preferences step will need to be repeated before continuing).


of 42

5. Highlight Security from Categories (near the bottom) and single click it. Security options displayed: Adobe 8.0

Adobe 9.0:

6. Select the Advanced Preferences button in the middle (8.0) or upper right (9.0) of

the window.


of 42

The Digital Signatures Advanced Preferences function is displayed:

7. Select the Windows Integration tab Windows Integration tab options:

8. Verify that both the Enable searching the Windows Certificate Store for

certificates other than yours and the Validating Signatures checkboxes are checked (first 2 checkboxes)


of 42

9. If not checked, CHECK both 10. Select the OK button on this page and the page that follows to return to the primary

menu of Adobe Reader or Adobe Acrobat (saves both option updates) 11. Then select File and Exit to close the Adobe product For Adobe version 8.0, this will be represented on the signed AO40A or AO40B form with a green checkmark over a blue pencil over the certificate name.

For Adobe version 9.0, this will be represented on the signed AO40A or AO40B form with a green checkmark in a banner across the top of the form.

NOTE: If this certificate will only be used on this computer, then certificate setup is complete. However, if the goal is to have the certificate on more than one computer (e.g. office and home), then continue with the steps in Section 4 – Export a Certificate and Section 5 – Import a Certificate to add the certificate to the second (or additional) computer.


of 42

4 Export a Certificate Since the certificate MUST reside in the browser of the computer that is used to digitally sign a form, there is a possibility that a Court Reporter/Court Official might wish to have their certificate on more than one computer (e.g. office and home). That is possible by exporting the certificate from the source computer and importing it to the second computer. The certificate may be exported to a flash drive, CD, etc. as the intermediate destination to export/import to the second PC. NOTE: The destination PC (home or office) must be connected to the DCN.

Exporting a Certificate The certificate is stored in the browser (examples use IE 7.0). 1. Open a browser

2. Select Tools/Internet Options


of 42

Internet Options Dialog box is displayed:

3. Select Content tab


of 42

Content tab options displayed:

4. Select Certificates button under Certificates section.


of 42

Certificates option tabs display:

On the Personal tab (first tab), certificates are listed alphabetically; most user certificates will be at the bottom of the list 5. Scroll to the bottom of the list, if required

6. Highlight the certificate to be exported 7. Select Export button


of 42

Starts Certificate Export Wizard:

Click Next > button Wizard Step 1 – Export Private Key:

Select Yes, export the private key (No is default) Select Next > button


of 42

Wizard Step 2 – Export File Format:

Select “Include all certificates in the certification path ….” Default selection for “Enable strong protection…..”, leave selected Select Next > button

NOTE: only select the “Delete the private key...” if the intent is to remove the digital certificate from the current computer while exporting/moving it to another computer. Wizard Step 3 – Password for Export:

Enter Password and Confirm Password (original JENIE password used to request certificate – case sensitive)



of 42

Wizard Step 4 – File to Export:

No file name is provided, Browse to find where you want to store the certificate

Browse for existing folder OR create a new folder:

Standard Save As function. Browse to locate existing folder OR create a new folder as the destination for the certificate file

Enter File name value, e.g. User Name Cert (Wanda CourtReporter Cert) (it will be saved with a file type of “.pfx”)

Leave Save as type as Personal Information Exchange (*.pfx) Select Save button to create a new file

NOTE: File name field is initially blank so file must be named here.


of 42

Wizard Step 5 – File to Export:

Select Next > button Wizard Step 6 – Completing the Certificate Export Wizard:



of 42

Displays Exporting Private Exchange Key function:

8. Select OK button End Export Wizard:

9. Select OK button Completes and returns to Certificates option:

10. Select Close button


of 42

Returned to Internet Options dialog:

11. Select OK button to close Internet Options dialog box and to be returned to original

web page. NOTE: Certificate can be found in Windows Explorer folder designated in Wizard Step 4:


of 42

5 Import a Certificate Since the certificate MUST reside in the browser of the computer that is used to digitally sign a form, there is a possibility that a Court Reporter/Court Official might wish to have their certificate on more than one computer (e.g. office and home). This is possible by accessing the certificate from a saved, exported file and importing it to the second computer. (NOTE: the file must first be created using the Export Wizard (see Section 4) before being imported to the second computer.) The certificate file may be exported to a flash drive, CD, etc. as the intermediate destination. NOTE: The destination PC (home or office) must be connected to the DCN.

Importing a Certificate The certificate is stored in the browser (examples use IE 7.0). 1. Open a browser

2. Select Tools/Internet Options


of 42

Internet Options dialog box is displayed:

3. Click on Content tab


of 42

Content tab options are displayed:

4. Select Certificates button under Certificates section.


of 42

Certificates option tabs display:

5. Select Import button


of 42

Displays Certificate Import Wizard

Select Next > button Wizard Step 1 – File to Import:

Use the Browse button to find the file to import (from flash drive, CD, etc.)


of 42

Standard File Open dialog box:

The folder is either displayed or using the standard File Open process find the folder from which to select the file to be imported.

Select Files of type: o Default is “X.509 Certificate (*.cer:*.crt)” – which is NOT the file type that is

needed. o Click on the dropdown arrow and select the “Personal

Information Exchange (*.pfx;*.p12)” File Type – this lists the correct file(s) available to export.

Highlight the file to export to populate the File name

Select Open button


of 42

Wizard Step 2 – File to Import:

Selected file is listed – Do NOT change Select Next > button

Wizard Step 3 – Password:

Enter Password (original JENIE password used to request certificate – case sensitive)

Select “Enable strong private protection…..” option Select “Mark this key as exportable.…..” option Select Next > button


of 42


Select “Automatically select the certificate store…..” even though the “Place all certificates in the following store” option is default and “Personal” is in Certificate store box.

Select Next > button Wizard Step 5 – Completing Certificate Import Wizard:



of 42

Displays Importing a new private exchange key function:

6. Select OK button Displays Completion message:

7. Select OK button Returned to original Certificates option


of 42

8. Select Close button Returned to Internet Options dialog:

12. Select OK button to close Internet Options dialog box and to be returned to original

web page. Certificate is now available for use on a different computer.

Automated Court Reporter Application Digital Signatures · Automated Court Reporter Application...

Documents

Transcript of Automated Court Reporter Application Digital Signatures · Automated Court Reporter Application...