...
certificate of registration with private key.
Note |
---|
The key and the certificate of registration are not intended to provide security of the transmitted information. They will be added to the Certificates storage for the generation of the private and public key and creating of a request to issue a certificate for the Moscow Exchange. The key and the registration certificate are to be copied to the root folder on any external drive, such as a usb-stick. |
Certificate of registration are used for:
generation of user's private and public key;
creation of a request to issue a public key certificate.
Depending where the certificate is stored (external hard drive or a computer), the order they are added to the Certificates storage and making a request will differ.
Expand | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||
|
Expand | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||
|
Public and private key are created simultaneously with the request to the Certification Authority to issue a certificate. Keys cannot be used to protect information transmitted until they are certified by the Certification Authority (the Moscow Exchange). Therefore, a request is made for their confirmation, which contains information about the generated public key (Fig. 2) and information about the user, automatically added from the certificate of registration. The Moscow Exchange (CA) responds with an email containing certificate signed by the CA root certificate.
If the certificate of registration are stored on the computer, after step 7 in the table above, Certificates storage will automatically generate user's private and public keys and a request to issue a public key certificate (Fig. 2).
If the certificate of registration are stored on an external drive, to generate keys and make a request select the Справочник сертификатов (Certificates storage in the menu) (Fig. 1.1) → Сформировать запрос на получение сертификата (Generate certificate request) (Fig. 1.2), or click an icon on the toolbar.
Fig. 1 – generation of a request
In the Certificate request dialog box, click OK (Figure 2). This will open the Export files for the Registration Centers, where you should select a folder to which the request will be saved and click the Save button (Fig. 3).
Fig. 2 – request parameters Fig. 3 – export files
The resulting request (a *.pse file) needs to be compressed and sent to pki@moex.com, with a scanned and signed registration certificate (document) attached. The subject field should specify the name of the organization and the required scope of the certificate (for example, the Oblachnye Investitsii CJSC – exchange market EDI, stock market EDI). The Moscow Exchange will respond with a letter with an attached ZIP-file of the certificate. This certificate must be added to the Certificates storage.
Note |
---|
The resulting certificate is valid only for the generated public and private key that is stored on the user's computer. Therefore, a certificate from the Moscow Exchange must be added to the Certificates storage installed on the same computer, where the certificate issue request was generated! |
Anchor | ||||
---|---|---|---|---|
|
To add a certificate to the Certificates storage:
select Справочник сертификатов (Certificates storage)→Импортировать сертификат в локальный справочник (Import Certificate) to the local storage (see Figure 4). This will open a window to select the certificate file (Fig. 5);
This will open a window informing the certificate was successfully added to the Certificates storage, where you need to click OK (Fig. 7). Example of adding a certificate is presented in Fig. 8.
Fig. 7 – informative message Fig. 8 – example of adding a certificate
Then the certificate must be set as default. To do this, select the added certificate, right-click on the shortcut menu, and select Сделать сертификат рабочим (Make certificate workable) (Fig. 9).
Fig. 9 – selecting the working certificate
After adding a personal certificate to the Certificates storage, the personal storage is signed on the member’s personal certificate. The generation of a digital signature for sent messages is ensured by the private key.
Info |
---|
Settings will be automatically applied to 64-bit Certificates storage. |
Note |
---|
The information for further preparation of the computer and the configuration of the installed components is presented in the following articles: |