ePKI!for!NAESB!WebRegistry!Order!Guide! · ePKI!for!NAESB!WebRegistry!GuideV1.2!! pg6!!...
Post on 25-Jun-2020
5 Views
Preview:
Transcript
ePKI for NAESB WebRegistry Guide V1.2 pg 1
ePKI for NAESB WebRegistry Order Guide
ePKI for NAESB WebRegistry Guide V1.2 pg 2
Overview: Enterprise PKI allows registered NERC participants to issue and manage North American Energy Standards Board (NAESB) WEQ-‐12 digital certificates (we call the certificates PersonalSign) that can be used for access to the OATI hosted webRegistery. The OATI webRegistry replaces the TSIN registry as the central repository for information required to support commercial, scheduling, and transmission management operations in North America.
GlobalSign’s ePKI PersonalSign solution is managed through a SaaS service accessed through a web based portal. With ePKI, organizations acquire complete control of Digital IDs issued to individuals. Set-‐up usually takes two or three days and provides zero installation or cost as ePKI is managed through a web portal. Another advantage of the web-‐portal is that all life functions are available to the ePKI administrator around the clock.
Managing your ePKI Account: Managing your ePKI account is easy with the GlobalSign Certificate Management Center (GCC). GCC is a secure web-‐based interface allowing you to access your Certificates anywhere with an internet connection. There is no need to download or purchase software, this easy web interface is easy to use and manage and best of all it is run by GlobalSign so you never have to worry about paying for updates or changes!
What is a Profile/ Profile Management Profile aka Certificate profile contains the organizations records that will be used for all NAESB WEQ-‐12 Digital Certificates issued and later used to access the webRegistry. Organization records include the Organization Legal Name, NERC Entity. If you are registered with NERC, but don’t know your NERC Entity code you can search the TSIN repository http://reg.tsin.com/query/default.asp. New entities should register directly with NERC using the TSIN registry http://reg.tsin.com/. Using the ePKI portal, administrators have the control of issuance, revocation, re issuance, and cancelation.
What is a License? GlobalSign ePKI digital certificates are sold in “packs”, although NERC Entities may purchase packs of “1” for single user organizations. All packs provide for an extra 10% of digital certificates. Certificates are issued with either (1) or (2) year validities and must be issued within (12) months of license ordering.
Step 1-‐Getting Started Your GlobalSign account representative will provide you with a User name and Password required to access the GlobalSign Certificate Center portal. Click the link below to get started.
https://system.globalsign.com/login/
1. Enter your logon credential and click “Login” to continue
ePKI for NAESB WebRegistry Guide V1.2 pg 3
2. Click on the “Enterprise PKI” tab:
Step 2-‐Order initial Profile and License 1. Click “Profile/License Order” to begin on left hand menu
ePKI for NAESB WebRegistry Guide V1.2 pg 4
2. Choose the license pack you intend to purchase and click next.
ePKI for NAESB WebRegistry Guide V1.2 pg 5
3. Choose your validity period (1 or 2 year certificate). Avoid renewals each year and purchase a 2-‐year certificate!
ePKI for NAESB WebRegistry Guide V1.2 pg 6
4. Enter your Profile details. Please note the details you enter will be vetted and included as the certificate identity within your issued certificate. Important-‐please enter your 4 digit NERC Entity code in the Organization Unit field.
5. Provide payment details. Payment is accepted via either credit card or purchase order. Purchase orders must be pre-‐arranged with your GlobalSign Account Representative and are accepted for orders over $500. If purchasing with a Purchase Order please select “Payment in arrears” and supply Purchase Order number. Otherwise, supply credit card details as prompted. Please note, you may not order certificates until confirmation of the PO has taken place.
Please enter your NERC Entity Code as your “Organizational Unit”
ePKI for NAESB WebRegistry Guide V1.2 pg 7
6. Review Order & Accept ePKI Service Agreement Review and confirm your order and then accept the ePKI Service Agreement that includes important NAESB WEQ-‐012 obligations. Note the ePKI Service Agreement binds you to Local Registration Authority and other obligations as outlined in the GlobalSign Certificate Policy and Certificate Practice Statements including Local Registration, end user, and relying party obligations as defined in the NAESB Public Key Infrastructure (PKI) Standards – WEQ-‐012.
Certificate Practice Statements can be found at http://www.globalsign.com/repository/index.htm
Step 3-‐Vetting Once you have placed your order all of your information will be sent to GlobalSign’s vetting department. The organization details and NERC Entity Code you provided for your profile will be vetted by GlobalSign using third party checks. This on average takes 3-‐5 days; you will be notified via email or phone when your company has been verified.
Once the vetting process is completed you may login to the GlobalSign Certificate Center and begin issuing Digital Certificates.
ePKI for NAESB WebRegistry Guide V1.2 pg 8
Step 4-‐Registering for your ePKI Administrator certificate Once your ePKI Profile has been approved, you will need to register for what is known as an “ePKI Administrator Certificate.” An ePKI Administrator Certificate is required to authenticate to secure areas of the ePKI service to register and manage end user certificates. NOTE: your ePKI Administrator certificate can NOT be used to access the webRegistry.
1. Login into GCC 2. Select “Get Admin Certificate” in the left hand menu to start the enrollment process 3. Choose a certificate password-‐ it is very important to remember this password. 4. Next, download your ePKI administrative ceritifcate and follow the on screen prompts to install your certificate.
Please follow the guide http://www.globalsign.com/support/ordering-‐guides/epki-‐authentication-‐user-‐guide.pdf for step by step instructions on how to order, install, and use your ePKI Administrative Certificate.
CAUTION: make a back-‐up of you ePKI Administrator certificate if you wish to use ePKI on multiple systems. Instructions can be found http://www.globalsign.com/support/faq/misc/16.php.
Step 5-‐ Register and Issue Certificates
To register a certificate for an individual please follow the following steps. For individual registrations, click “New Certificate” and then select your pre-‐approved NERC Entity Certificate Profile and License you wish to apply the certificate request to.
Click “Next” and complete the certificate identity details for the end user of the Certificate including the common name and the email addresses, the organization name, and other fields will be pre-‐populated from the profile you selected.
You will also need to choose a “pick up password”. The pick up password is a unique password that you will give to the end user of the certificate. The end user will then receive an email invitation to pick up their certificate and at that time they will be prompted for the pick up password (you gave them) along with details of how to install their new certificate.
ePKI for NAESB WebRegistry Guide V1.2 pg 9
For further information on the features available in your GlobalSign Certificate Center please visit: http://www.globalsign.com/support/ordering-‐guides/globalsign-‐epki-‐admin-‐guide.pdf
Why Choose GlobalSign’s PKI services? • GlobalSign is one of a selected Certificate Authorities authorized to issue NAESB compliant WEQ-‐012 digital
certificates • Some of the biggest global brands and many Governments have already chosen GlobalSign • We’re easy to do business with. We have dedicated representatives ready to listen to you and support your needs. • We operate multilingual Technical Support offices around the world • We offer optional 24/7/365 premier support levels • We have been WebTrust for Certification Authorize compliance since 2002 and operating a trusted PKI network
since 1996
About GlobalSign Established in 1996, GlobalSign has been securing identities, websites, and transactions as a worldwide digital certificate provider for over 10 years. Now part of the GMO Internet Inc. group (listed on the Tokyo Stock Exchange TSE: 9449), GlobalSign comprises of considerable expertise and know-‐how in the online security industry. As a WebTrust accredited Certificate Authority, GlobalSign offers publicly trusted SSL Certificates, Code Signing Certificates, and Digital IDs, issuing over 1.4 million digital Certificates to individuals, websites and machines. GlobalSign is also a member of the CA/B forum and Anti-‐Phishing Working Group-‐ a show of its dedication to improving the security for both consumers and businesses. GlobalSign prides itself on high level customer service, localized sales and technical sales expertise available through the US, Europe (UK & Belgium) and Asia (Japan & China), available in a number of languages via phone, email, and online.
GETTING HELP GlobalSign provides technical support through our Client Service departments around the world. www.globalsign.com/support
GlobalSign US & Canada Tel: 1-‐877-‐775-‐4562 www.globalsign.com sales-‐us@globalsign.com
GlobalSign EU Tel: +32 16 891900 www.globalsign.eu sales@globalsign.com
GlobalSign UK Tel: +44 1622 766766 www.globalsign.co.uk sales@globalsign.com
GlobalSign FR Tel: +33 1 82 88 01 24 www.globalsign.fr ventes@globalsign.com
GlobalSign DE Tel: +49 30 8878 9310 www.globalsign.de verkauf@globalsign.com
GlobalSign NL Tel: +31 20 8908021 www.globalsign.nl verkoop@globalsign.com
top related