Use your digital signature in Mozilla Firefox in Linux: Разлика между версии

От Infonotary
Направо към навигацията Направо към търсенето
Редакция без резюме
 
(Не са показани 7 междинни версии от 2 потребители)
Ред 1: Ред 1:
== Before proceeding you must do ==
== Before proceeding you must do ==
If you own a smart card reader InfoNotary but have not installed the drivers for it, follow the instructions [[ Installation of smart card reader and smart card drivers in Linux]].


* '''IMPORTANT WHEN USING THE PRODICTS OF MOZILLA!!!:''' When you use Mozilla prodsucts you must know, that it uses direct access to smart cards. When we install succesfully certificates in Mozilla Firefox or Thunderbird , '''WE MUST NOT''' delete them from there, because that way we will delete them from the smart card along the public and private keys!
* If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following [[use repositories of InfoNotary]]


* '''IMPORTANT :''' In the information message "Please enter the '''master password for InfoNotary'''", enter your PIN code.


== Install Infonotary certificate chain ==
* '''IMPORTANT :''' Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you '''SHOULD NOT''' delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.


Before you can start using the certificate, you must install the Infonotary certificate chain.
* '''IMPORTANT :''' In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.
 
* '''IMPORTANT for Ubuntu 22.04 :''' The installed Firefox Snap in Ubuntu 22.04 have problems loading libraries for smart cards. It is necessary to download a standard [https://www.mozilla.org/ Mozilla Firefox]
 
== Install InfoNotary certificate chain ==
 
<!--Before you can start using the certificate, you must install the Infonotary certificate chain.


Certificate chain for certificates issued '''before''' 08.01.2018 - [http://www.infonotary.com/site/files/INotaryCertChain.p12 INotaryCertChain.p12].
Certificate chain for certificates issued '''before''' 08.01.2018 - [http://www.infonotary.com/site/files/INotaryCertChain.p12 INotaryCertChain.p12].


Certificate chain for certificates issued '''after''' 08.01.2018 - [http://www.infonotary.com/site/files/InfoNotary_Qualified_eIDAS.p12 InfoNotary_Qualified_eIDAS.p12]
Certificate chain for certificates issued '''after''' 08.01.2018 - [http://www.infonotary.com/site/files/InfoNotary_Qualified_eIDAS.p12 InfoNotary_Qualified_eIDAS.p12]-->


<!--You can find Infonotary root certificates in the Installation CD in folder “certificates” or on the web site [http://www.infonotary.com/site/files/INotaryCertChain.p12 INotaryCertChain.p12].-->


Start '''Firefox Quantum'''. From the menu, choose '''Preferences'''.
Start '''Mozilla Firefox'''. From the menu, choose '''Preferences'''.


[[Файл:Preferences menu Linux.png|240px]]
[[Файл:Preferences menu Linux.png|240px]]
Ред 27: Ред 32:
[[Файл:View certificate Linux.png|750px]]
[[Файл:View certificate Linux.png|750px]]


Specify the path to certification chain - [http://www.infonotary.com/site/files/INotaryCertChain.p12 INotaryCertChain.p12] or [http://www.infonotary.com/site/files/InfoNotary_Qualified_eIDAS.p12 InfoNotary_Qualified_eIDAS.p12]
Specify the path to certification chain - [http://www.infonotary.com/site/files/InfoNotary_Qualified_eIDAS.p12 InfoNotary_Qualified_eIDAS.p12]


[[Файл:Import Qualifief Linux.png|500px]]
[[Файл:Import Qualifief Linux.png|500px]]
Ред 39: Ред 44:
[[Файл:Edit Trust Linux.png|750px]]
[[Файл:Edit Trust Linux.png|750px]]


In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on '''Edit Trust'''. The easiest way to do this setting for the certificate "'''InfoNotary CSP Root'''" and/or "'''InfoNotary TSP Root'''" select two possible options. This will make all the InfoNotary trusted certificates for all operations.
In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on '''Edit Trust'''. The easiest way to do this setting for the certificate <!--"'''InfoNotary CSP Root'''" and/or -->"'''InfoNotary TSP Root'''" is to select the two possible options. This will make all the InfoNotary trusted certificates for all operations


[[Файл:Edit CA Linux.png]]
[[Файл:Edit CA Linux.png]]
Ред 63: Ред 68:
[[Файл:Load PKCS11 Linux1.png]]
[[Файл:Load PKCS11 Linux1.png]]


Choose PKCS#11 library, that correspondents to your smart card съответстващата на вашата смарт карта.
Choose PKCS#11 library, that correspondents to your smart card.
 
'''IDPrime'''
* Standart location - ''' /usr/lib/libIDPrimePKCS11.so '''
* 64 bit version of RedHat/Fedora - ''' /usr/lib64/libIDPrimePKCS11.so '''
 
'''OpenSC''' - in dependents of your distribution, which you use, it could be:
'''OpenSC''' - in dependents of your distribution, which you use, it could be:
* 64 bits Debian distributions (Debian, Ubuntu, Mint) - '''/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'''
* 64 bits Debian distributions (Debian, Ubuntu, Mint) - '''/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'''
Ред 71: Ред 81:


'''Bit4ID'''
'''Bit4ID'''
* Standart location - '''/usr/lib/bit4id/libbit4ipki.so'''
* Standart location - '''/usr/lib/libbit4ipki.so'''
* 64 bit version of RedHat/Fedora - '''/usr/lib64/libbit4ipki.so'''
* 64 bit version of RedHat/Fedora - '''/usr/lib64/libbit4ipki.so'''


Ред 78: Ред 88:


After you click '''OK''', your smart card will appear in the list of available devices.
After you click '''OK''', your smart card will appear in the list of available devices.
[[Категория:Инсталация и използване на удостоверения за електронен подпис]]
[[Категория:Linux]]
[[Категория:Помощ]]

Текуща версия към 08:25, 19 юли 2023

Before proceeding you must do

  • If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following use repositories of InfoNotary
  • IMPORTANT : In the information message "Please enter the master password for InfoNotary", enter your PIN code.
  • IMPORTANT : Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
  • IMPORTANT : In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.
  • IMPORTANT for Ubuntu 22.04 : The installed Firefox Snap in Ubuntu 22.04 have problems loading libraries for smart cards. It is necessary to download a standard Mozilla Firefox

Install InfoNotary certificate chain

Start Mozilla Firefox. From the menu, choose Preferences.

Preferences menu Linux.png

From Privacy & Security, choose View Certificates.

Privacy&SecurityLinux.png

Choose the tab Your certificates and click on Import.

View certificate Linux.png

Specify the path to certification chain - InfoNotary_Qualified_eIDAS.p12

Import Qualifief Linux.png

Leave the field blank and click OK.

Password Linux.png

Newly installed certificates can be found in section Authorities.

Edit Trust Linux.png

In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary TSP Root" is to select the two possible options. This will make all the InfoNotary trusted certificates for all operations

Edit CA Linux.png

Install software security module

In order to use you digital certificate with Mozilla based applications like Firefox, Thunderbird etc., you must register PKCS#11 module, for your smart card. It is nessesary to install the drivers for the smart card before that.

Start Firefox Quantum. From the menu, choose Preferences.

Preferences menu Linux.png

From Privacy & Security, choose Security Devices.

Privavy&securityLinux sec dev.png

To add a new device, choose Load.

Load device Linux.png

Change the name of the module (Module Name), as desired.

Load PKCS11 Linux1.png

Choose PKCS#11 library, that correspondents to your smart card.

IDPrime

  • Standart location - /usr/lib/libIDPrimePKCS11.so
  • 64 bit version of RedHat/Fedora - /usr/lib64/libIDPrimePKCS11.so

OpenSC - in dependents of your distribution, which you use, it could be:

  • 64 bits Debian distributions (Debian, Ubuntu, Mint) - /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
  • 32 bits Debian distributions (Debian, Ubuntu, Mint) - /usr/lib/i386-linux-gnu/opensc-pkcs11.so
  • Old versions of Debian/Ubuntu and 32 bit versions of RedHat/Fedora - /usr/lib/opensc-pkcs11.so
  • 64 bit versions of RedHat/Fedora - /usr/lib64/opensc-pkcs11.so

Bit4ID

  • Standart location - /usr/lib/libbit4ipki.so
  • 64 bit version of RedHat/Fedora - /usr/lib64/libbit4ipki.so

Siemens

  • Standart location - /usr/local/lib/libsiecap11.so

After you click OK, your smart card will appear in the list of available devices.