Working With Certificate Authorities (CAs)

Enrolling Into A Corporate PKI

If your company licenses iSafeguard™ Enterprise and your administrator has setup Microsoft Active Directory and Microsoft Certificate Service you can enroll into your company's PKI and renew your certificate using the iSafeguard™ Certificate Manager.

Obtaining Certificates From Public CAs

You can request an X.509 certificate from a public CA and use it in iSafeguard™.

Since the process of obtaining a certificate from different CA is different we are not going to describe in details how to get one. The following is a partial list of available CAs that issue certificates to individuals and corporations.

• VeriSign
• GlobalSign
• British Telecommunications

There are other public CAs available as well. Once you have completed the whole process your certificate and key pair will have been installed on your computer. Once you get your certificate on your computer you have two options to make it available to sign and encrypt data.

1. Turn on option Allow using certificates on my computer. Once turned on the certificate will be available for use to sign and encrypt data. Click here to learn more.
2. Import the certificate and key pair to your profile by using the certificate import wizard. See section Importing Certificates From Your Computer that follows for more information.

Importing Certificates From Your Computer

Note: Make sure you make the key pair exportable so that iSafeguard™ can import it from your computer to your profile.

To import certificates from your local computer to your iSafeguard™ profile, follow the steps below:

1. Start Certificate Manager
2. Click the Import... button to start the Certificate/Key Import Wizard
3. Click the Next button to move to the next page
4. Select Import certificate/key from the computer option
5. Click the Next button and a list of available certificates are shown
6. Select a certificate from the list
7. Click the Next button to import the selected certificate
8. You may be asked to set trust for the root CA certificate if the issuing root CA certificate is not in your profile and is available on your computer

Once the certificates are imported successfully to your profile you can use them to sign and encrypt your data.

Note: When importing a certificate from your computer to your profile the whole certificate chain is imported as well if available.

Finding People From Directory Services

Using iSafeguard™ you can search other people's certificates from known public Internet Directory Services. Currently iSafeguard™ supports searching the following directory servers:

1. VeriSign Internet Directory Service
2. GlobalSign Internet Directory Service

To find certificates from these directory services, follow the steps below:

1. Login if you are not currently logged in;
2. Locate the golden lock icon on the taskbar;
3. Right click your mouse button on the lock;
4. Select Find People from the popup menu.

The iSafeguard - Find People shows. A screen shot is shown below.

5. Select a directory service from the Look In field
6. Enter your search criteria in the Name and/or Email field(s)
7. Click the Find Now button to start searching.

Once you find the certificates you are looking for you can import the certificate to your profile to make them available in iSafeguard™.

Tip: Your search criteria can include wildcard (*). For example you may use "smith*" in the Name field to search for people whose names started with "smith". Or you may use "*.gov" in the Email field to search for poeple whose emails ended with ".gov".

Note: Searching people from directory services is not supported on Windows 98/ME. On Windows NT 4.0 you will need to install Active Directory Client Extension to use this feature. Visit http://www.microsoft.com to learn more about Active Directory Client Extension .