GlobalSign Digital Signing Certificate - Windows Installation
Please review the following before installation:
- Electronic Signature Policy: https://your.yale.edu/policies-procedures/policies/1613-electronic-signatures-and-records
- List of all approved clients: http://ogc.yale.edu/ogc/st/signature-authority-tool-1
- Pickup links that are generated in tickets are only valid for 30 days
- Certificates Expire 1 year after they are issued and new certs must be installed
- Windows 7 / Windows 8 / Windows 10
- Microsoft Explorer V5.5 SP2 or higher
- Adobe Acrobat XI or Higher (Verify is Adobe DC is covered)
- Available USB Port for USB iKey token
- Minimum of 128 MB of RAM
- USB iKey Token
Install the SafeNet iKey token drivers found below: https://support.globalsign.com/customer/portal/articles/1698654-safenet-drivers (note Win 7 OS please use SAC 9.0 and for Win 10 that should be version 10.3)
Select the appropriate driver based on the operating system (32 or 64 bit operating system).
Note: Computer may ask to restart. Save any important documents before doing so.
Once the drivers are successfully installed proceed to token initialization.INITIALIZING SAFENET IKEY TOKEN
Note: This must be done on all iKey Tokens before GlobalSign Certificate installation.
- Insert SafeNet USB token into an available USB port.
- Go to Start > All Programs > SafeNet > Safenet Authentication Client Tools.
- Click the "Advance View" Gear icon.
4. Click on the token ribbon under the Tokens menu. This will not be labeled as “Your Token” it will be an alphanumeric serial numbers.
- Click on Initialize Token icon.
- Select “Preserve the token settings and policies” and click Next
- Enter a password. This password will be used every time a document is signed with the certificate. Password must be at least 8 characters and include upper & lowercase letters, numbers and special character.
- Confirm the password in the box below.
- Uncheck the box “Token password must be changed on first logon.” If the box remains checked, the password will have to be reset when claiming the certificate.
11.Click OK on the Warning popup stating that all token contents will be deleted.
12.Token Initialization will then begin, this process can take up several minutes depending on the machine.
13.Once finished a popup will indicate that the token was initialized successfully, click the “OK” button.INSTALLING YOUR GLOBALSIGN CERTIFICATE
If you are reissuing a certificate, or changing the clients name, follow these pre-steps to avoid having multiple certificates that look alike.
- Open Internet Explorer
- Click Internet Option-->Select the Content Tab-->Click Certificates-->highlight the old certificate (you can double click the certificate for details to ensure you are deleting the correct certificate.) then click Remove. This will also remove the certificate from Adobe Acrobat.
Note: Global Sign iKey Certificate must be downloaded with Internet Explorer V5.5 SP2 or Higher.
- Locate the certificate link in the GlobalSign issuance email. Make sure to open the link using Internet Explorer.
- Enter individual’s UPI code in the temporary pickup password field. UPI codes are found on the front of all Yale IDs, or on the Yale Directory and click next.
- New step! as of 8/8/2017 Choose e-token base cryptographic provider from the dropdown list
- Select “I will use Internet Explorer to create a private key and CSR on my USB token or smartcard” and click Next.
- Select I agree to the subscriber agreement and click Next.
- Click OK, allowing the website to perform a certificate operations.
- Check the box to agree to the subscriber agreement and click Next.
- Enter the token password set during initialization and click OK. If token password has not been set, see the section “Initializing SafeNet iKey Token.”
Note: The screen may appear to freeze for up to a few minutes. DO NOT press the browser’s back button. The USB token should be blinking meaning that it is working. The message “Wait for a while” should appear eventually.
- When prompted to, click the button to install the certificate.
- Click Yes to allow digital certificate operations.
- A popup window will indicate the certificate was successfully installed.
- Make sure to test sign a PDF to ensure the signature is working properly (see KB0020157 for how to digitally sign a document).
- Sign a document using the process laid out in KB0020157.
- Right click signature and select Show Signature Properties.
- Click Show Signer's Certificate.
- Select the Trust tab and select Add to Trusted Certificates.
- Click OK.
- Click OK to exit the Certificate Viewer window.
- Select Validate Signature on the Signature Properties window.
- Digital signature is now trusted and validated.