CSOS Certificate Support Guide

2y ago
62 Views
4 Downloads
2.78 MB
69 Pages
Last View : 21d ago
Last Download : 2m ago
Upload by : Bennett Almond
Transcription

CSOS Certificate Support GuideVersion:Published:Publisher:1.1October 1, 2006CSOS Certification Authority

CSOS Certificate Support GuideDocument Revision HistoryVersion #1.01.1Version llRetrievalSummary of ChangesVersion 1.0 publishedUpdated documentation to matchnew retrieval pages.iInitialsTOTO

CSOS Certificate Support GuideIntroductionThis Certificate Support Guide has been developed and is maintained by the DrugEnforcement Administration’s CSOS Certification Authority. This Guide is intended toassist organizations implementing electronic controlled substance ordering. Specifically,the procedures in this guide should be used by chain pharmacy and wholesaler customersupport when assisting CSOS Subscribers.Organizations are not required to use this document, however variance from thesedocumented procedures, especially those marked with an , may render certificatesinvalid and/or result in certificate revocation due to policy violations.This Guide was developed using Windows XP Professional SP2, Microsoft InternetExplorer version 6.0, Netscape Browser 7.2 and 8.1, and Mozilla Firefox versions 1.0and 1.5.Comments, suggestions, and corrections are welcome and should be sent to DEADiversion E-Commerce Support:E-mail: CSOSsupport@DEAecom.govPhone: 877-332-3266DEA Diversion E-Commerce Support is available to provide further explanation onissues discussed in this guide as well as any issues not covered.Updates to this guide: DEA’s CSOS Certification Authority will continue to update thisSupport Guide to ensure that the documentation provided is as thorough as possible.Feedback is welcome and appreciated. The most current version will be made availableat the address below. Please check for periodic updates or E-mailCSOSsupport@DEAecom.gov to be notified when a new version of this Guide isreleased: http://www.deaecom.gov/wholesaler support.htmlPolicy note: DEA’s support staff will revoke subscriber certificates due to policyviolations. Support representatives from wholesalers and chain pharmacies must becognizant of proper certificate/private key handling procedures and should pay closeattention to all notes in this document marked with theicon.Disclaimer: The procedures documented in this Certificate Support Guide are the DEACSOS CA’s recommendations for proper handling of CSOS Certificates. The policiesdiscussed in this document abide by, but are not a replacement for, the Code of FederalRegulations, which governs electronic ordering of controlled substances. Please refer toVersion 1.0ii

CSOS Certificate Support Guidewww.DEAecom.gov/policies.html or contact DEA Diversion E-Commerce Support forall policy related questions.Important Support GuidelinesFollowing the procedures of this Guide will help to ensure that customers are provided ahigh level of quality customer support. The following is a list of common policyviolations and misperceptions addressed by this Guide. Never retrieve a certificate without the owner present. Each certificate may only be retrieved one time. Many CSOS subscribers are issued multiple certificates. While CSOSAdministrative certificates are not used for ordering, they must be retrieved. The certificate’s security level must always be set to high when using InternetExplorer. The certificate’s password, entered during retrieval, is created by thecertificate owner only and not provided by DEA. Do not use any DEAprovided information, specifically the retrieval Access Code and Access CodePassword, for the certificate’s password. Only the owner of the certificate may set and have knowledge of thecertificate’s password. Neither DEA nor the certificate owner’s co-workers,company, or wholesaler, may have knowledge of the certificate’s password. CSOS Certificates are wholesaler independent, and therefore may be used toorder from multiple wholesalers. CSOS Certificates may be installed on multiple computers. CSOS Certificates may be backed up onto CD or floppy disk, as long as eachcertificate is protected by a backup password and the media is securely stored(i.e. in a safe). Certificates should not be deleted from the browser’s certificate store duringexport or after installation into the certificate store of the ordering software. Per Federal Regulations, please delete any unused PFX or P12 exportedcertificate files that have been installed into ordering software or a browser’scertificate store. When exporting, backing up, and/or transferring certificates where a namemust be given to the PFX or P12 certificate file, please use a meaningfulnaming convention as discussed in the Export and Backup sections of thisGuide. Please contact DEA E-Commerce Support when unsure of a procedure orwhen having difficulty with any CSOS Certificate.Version 1.0iii

CSOS Certificate Support Guide When contacting DEA E-Commerce Support, please be ready to provide thecustomer’s DEA Number(s), and if possible the customer’s name andcertificate serial number(s).Table of Contents1. Certification Authority (CA) Certificates . 6Introduction to the DEA E-Commerce Root CA Certificate . 6What is the Root CA certificate? . 6What is the Root CA used for? . 6How does the Root CA impact certificate support?. 6Introduction to the CSOS Sub CA Certificate . 6What is the CSOS Sub CA certificate? . 6What is the CSOS Sub CA certificate used for? . 6How does the CSOS Sub CA certificate impact certificate support? . 7CA Certificate Management . 7Internet Explorer . 7Root CA Certificate – Where is it published? . 7Root CA Certificate – Installation . 7Root CA Certificate – Install Verification . 10CSOS Sub CA Certificate – Where is it published? . 10CSOS Sub CA Certificate – Installation . 11CSOS Sub CA Certificate – Install Verification. 142. Subscriber Certificate Retrieval . 14What information is needed for certificate retrieval? . 15Access Codes (Via E-mail) . 15Access Code Passwords (Via Postal Mail) . 15System and Browser Requirements . 16Certificate Retrieval Instructions . 18Subscriber Certificate Retrieval – Internet Explorer . 18Where is the certificate installed? . 25Subscriber Certificate Retrieval – Firefox . 26Enter a File name and Password . 30Save the Certificate to a .P12 file. 31Where is the certificate downloaded? . 32Certificate Retrieval Error Codes . 32Error –1666 . 32Error 2278 . 33Error 2731 . 33Error 3274 . 34Error 3290 . 34Error 8010001D or 8010002E . 35Version 1.0iv

CSOS Certificate Support GuideNo key pair has been generated (no error number). 35No providers are listed in the CSP dropdown list . 353. Certificate Management . 37Where are certificates installed? . 37Locating certificates downloaded with Internet Explorer 11 . 37Locating certificates downloaded with FireFox . 37What to do if the certificate is not found. . 37Locating certificate files . 38Identifying CSOS Certificates . 38Identify certificates using the expiration date (easiest method) . 39Identify using the Certificate Serial Number (more accurate method). 40Identify certificates using valid ordering schedules (last resort method) . 42Certificate Export . 42Introduction on Certificate Export . 42Certificate Export - Internet Explorer . 43Certificate Import . 53Certificate Import – Internet Explorer . 53Certificate Transfer . 59Private Key Password Reset . 604. Terminology . 625. DEA Diversion E-Commerce Support . 66Version 1.0v

CSOS Certificate Support Guide1. Certification Authority (CA) CertificatesThe DEA E-Commerce Root CA and CSOS Sub CA certificates must be installed on anycomputer used for electronic ordering of controlled substances. These CA certificates are foundon the DEA E-Commerce Web site and may be installed at any time, on any computer system,by anyone.Introduction to the DEA E-Commerce Root CA CertificateWhat is the Root CA certificate?The DEA E-Commerce Root CA Certificate is a self-signed certificate, meaning it was createdby itself and must be explicitly trusted by each CSOS subscriber and relying party. Subscribersand relying parties must trust the Root CA in order to begin the trust relationship that isfundamental to the E-Commerce PKI system. To create the trust relationship, the Root CACertificate must be installed in order to give validity to the CSOS Sub CA and any CSOSsubscriber certificate(s).What is the Root CA used for? Signing the CSOS Sub CA certificate Signing the Authority Revocation List (i.e. where revoked sub-CA certificates wouldbe published)How does the Root CA impact certificate support?CSOS certificates will not be recognized as valid and trusted if the Root CA Certificate is notinstalled on the same system as the subscriber’s certificate. For relying parties, the digitalsignature on the Authority Revocation List (ARL) cannot be authenticated unless the Root CACertificate is installed on the same system where validation occurs.Introduction to the CSOS Sub CA CertificateWhat is the CSOS Sub CA certificate?The CSOS Sub CA certificate is the certificate representing DEA’s CSOS Subordinate CA thatissues CSOS subscriber certificates. The Sub CA is issued by DEA’s E-Commerce Root CAand inherits its trust from the Root CA. A Sub CA certificate is valid for six years, but is usedfor signing CSOS Subscriber certificates for a three (3) year period before a new Sub CA isissued by DEA.What is the CSOS Sub CA certificate used for? Signing all CSOS subscriber certificates Signing the Certificate Revocation List (i.e. where revoked subscriber certificates arepublished)Version 1.16

CSOS Certificate Support GuideHow does the CSOS Sub CA certificate impact certificate support?CSOS certificates will not be recognized as valid and trusted if the CSOS Sub CA certificate isnot installed on the same system as the subscriber’s certificate. Supplier systems will not beable to verify the validity of the purchaser’s CSOS Certificate if the certificate’s issuing Sub CAcertificate is not installed on the validation system.CA Certificate ManagementInternet ExplorerThe following instructions are specific to Microsoft Internet Explorer version 6.0. Instructionsfor the Netscape Browser are available in the following section.Root CA Certificate – Where is it published?The Root CA certificate may be found on the DEA E-Commerce Web site in one of twolocations: In the Certificate Management section of thesite www.deaecom.gov/certmanage.html In the Certificate Retrieval section of the sitePrivate link provided to subscribersRoot CA Certificate – InstallationThe following steps are used to install the E-Commerce Root CA Certificate into the InternetExplorer Certificate Store.1. Access the Root CA Certificate link on the DEA E-Commerce Web site.2. Click the link to “Install the DEA E-Commerce Root CA Certificate”.3. At the prompt, click Open.4. At the Certificate screen, click Install Certificate.Version 1.17

CSOS Certificate Support Guide5. At the Certificate Import Wizard screen, click Next.6. Verify that “Automatically select the certificate store based on the type of certificate” isselected and click Next.Version 1.18

CSOS Certificate Support Guide7. At the Completing the Certificate Import Wizard screen, click Finish.8. At the The import was successful screen, click OK.9. The import wizard returns to the Certificate screen. The certificate has been installed, soclick OK to close the screen.Version 1.19

CSOS Certificate Support GuideRoot CA Certificate – Install VerificationAll certificates installed using Internet Explorer are accessible through the Internet Explorercertificate store. The following steps are used to locate the Root CA Certificate in the certificatestore. Once the Root CA Certificate is located, the installation of the Sub CA Certificate shouldbe verified using the steps provided in the following section “CSOS Sub CA Certificate – InstallVerification.”1. Open Internet Explorer.2. At the top of the screen, select the Tools menu and click Internet Options.3. In the Internet Options screen, switch to the Content tab.4. On the Content tab, click the Certificates button.5. The Root CA certificate is listed on the Trusted Root Certificate Authorities tab and isidentified as being issued to “E-Commerce Root CA” and issued by “E-Commerce RootCA.”CSOS Sub CA Certificate – Where is it published?The Sub CA certificate may be found on the DEA E-Commerce Web site in one of twolocations: In the Certificate Management section of thesite o www.deaecom.gov/certmanage.html In the Certificate Retrieval section of the site oPrivate link provided to subscribersVersion 1.110

CSOS Certificate Support GuideCSOS Sub CA Certificate – InstallationThe following steps are used to install the CSOS Sub CA Certificate into the Internet ExplorerCertificate Store.1. Access the Sub CA Certificate link on the DEA E-Commerce Web site.2. Click the link to “Install the CSOS Sub CA Certificate”.3. At the prompt, click Open.4. At the Certificate screen, click Install Certificate.5. At the Certificate Import Wizard screen, click Next.Version 1.111

CSOS Certificate Support Guide6. Verify that “Automatically select the certificate store based on the type of certificate” isselected and click Next.7. At the Completing the Certificate Import Wizard screen, click Finish.Version 1.112

CSOS Certificate Support Guide8. At the The import was successful screen, click OK.9. The import wizard returns to the Certificate screen. The certificate has been installed, soclick OK to close the screen.Version 1.113

CSOS Certificate Support GuideCSOS Sub CA Certificate – Install VerificationAll certificates installed using Internet Explorer are accessible through the Internet Explorercertificate store. The following steps are used to locate the Sub CA certificate in the certificatestore.1. Open Internet Explorer.2. At the top of the screen, select the Tools menu and click Internet Options.3. In the Internet Options screen, switch to the Content tab.4. On the Content tab, click the Certificates button.5. The CSOS Sub CA certificate is listed on the Intermediate Certificate Authorities taband is identified as being issued to “CSOS CA” and issued by “E-Commerce Root CA.”2. Subscriber Certificate RetrievalEach CSOS certificate issued by DEA must be retrieved via the DEA E-Commerce Web site.Retrieval, which is synonymous with “activation” and “downloading”, is the process thatcreates the certificate and corresponding private key, and installs it in the Web browser’scertificate store.Each certificate may be retrieved only once and should be retrieved on the computer thatthe subscriber plans on using for placing controlled substance orders.Each CSOS certificate is issued to one individual subscriber. This subscriber is thecertificate “owner” and is the only person authorized to retrieve and use his/hercertificate. Assistance with retrieval is allowed as long as the certificate owner is theonly person who knows the certificate’s password. The certificate’s password is createdduring retrieval and is not known or provided by DEA.Certificates must never be retrieved without the certificate owner being present.Version 1.114

CSOS Certificate Support GuideWhat information is needed for certificate retrieval?Each certificate has a unique Access Code and Access Code Password pair that is required forretrieval. The Access Code is issued to the subscriber via E-mail. For security reasons, theAccess Code Password is sent via U.S. Postal Mail to the subscriber’s CSOS Coordinator forcertificate’s associated DEA Registration number and is then forwarded to the subscriber.Access Codes (Via E-mail)When a subscriber enrolls in the CSOS program, he/she is required to provide an E-mailaddress.This E-mail address is used by DEA to send each certificate’s Access Code to the subscriber.Multiple E-mails/Access Codes will be issued for subscribers with more than one certificate.Each E-mail indicates: That the certificate is a CSOS Signing certificate. The E-mail will identify the DEARegi

Oct 01, 2006 · Only the owner of the certificate may set and have knowledge of the certificate’s password. Neither DEA nor the certificate owner’s co-workers, company, or wholesaler, may have knowledge of the certificate’s password. CSOS Certificates are wholesaler independent, and therefor

Related Documents:

Certificate Course Smart Phone Repairing 10th Pass / Fail Certificate Course in Mobile Repairing 10th Pass / Fail 6 Months Certificate Name of The Courses Required Qualification Certificate Course in Electronics 10th Pass / Fail Certificate Course in Black & White TV Servicing 10th Pass / Fail Certificate Course in Black &With Color TV & DVD 10th Pass / Fail Certificate Course in Color TV .

provides the identity certificate and the CA certificate to be installed on the ASA. 4. SSL Certificate Generation on the CA The next step is to get the CSR signed from the CA. The CA provides either a newly generated PEM encoded Identity Certificate or with a PKCS12 certificate along with the CA certificate bundle.

Web Services Description Language (WSDL) X.509 XML XML namespace XML schema (XSD) The following terms are specific to this document: certificate enrollment: See certificate and enrollment. certificate enrollment policy: The collection of certificate templates and certificate issuers available to the requestor for X.509 certificate enrollment.

Second meeting of the IGWG at the Human Rights Council, October 24-28, 2016 . (CSOs), including in-person consultations with our members and partners in Asia-Pacific, Africa and Latin America, and online consultations with civil society organizations (CSOs) from all . the environment, or promote equitable development, through the favoring of

yesterday’s sales funnel, bogged down by poor quality leads, marketing and sales friction, low conversion, and inconsistent data. 95% CSOs reporting higher revenue goals4 85% CSOs who don’t think they will reach those targets5 Customers are doing their homework online before they even speak to a sales rep. As a result, a lot of their decision-

Planning and Managing Leadership Transitions among CSOs in West Africa 3 ABOUT THE AUTHORS Katherine Adarkwa is the head of Administration at WACSI. She joined WACSI in July 2006. She has several years of experience in Administration and Human Resources. Prior to her appointment to WA

IRI Anti-Corruption Toolkit for Civic Activists 2 level of preparedness to counter grand corruption and kleptocratic networks. IRI interviewed representatives from 14 CSOs in the Maldives and 10 CSOs in Iraq. Furthermore, IRI conducted desk research on anti-corruption issues in both countries, as well as ways in which civil society responded

the standard represented by the Associated Board of the Royal Schools of Music (ABRSM) Grade 5 Theory examination. The module will introduce you to time-based and pitch-based notation, basic principles of writing melody, harmony and counterpoint, varieties of rhythmic notation, simple phrasing, and descriptive terms in various languages.