Using your digital signature with Firefox on macOS: Разлика между версии

От Infonotary
Направо към навигацията Направо към търсенето
Редакция без резюме
Редакция без резюме
 
(Не са показани 4 междинни версии от същия потребител)
Ред 1: Ред 1:
== Before proceeding with this you must do ==
== Before you proceed you must do ==


* If you have smart card and smart card reader from Infonotary, but you havn't install drivers for them you must complete the instructions from [[Installation of smart card reader and smart card drivers in Mac OS X ]].
* If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following [[Installation of smart card reader and smart card drivers in Mac OS X]]


* '''IMPORTANT WHEN USING THE PRODUCTS OF MOZILLA!!!:''' When you use Mozilla prodsucts you must know, that it uses direct access to smart cards. When we install succesfully certificates in Mozilla Firefox or Thunderbird , '''WE MUST NOT''' delete them from there, because that way we will delete them from the smart card along the public and private keys!
* '''IMPORTANT :''' In the information message "Please enter the '''master password for InfoNotary'''", enter your PIN code.


* '''IMPORTANT :''' Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you '''SHOULD NOT''' delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.


== Configuring Mozilla Firefox on Mac OS==
* '''IMPORTANT :''' In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.
* '''[[Configuring Firefox ESR v52 on Mac OS]]'''
 
 
== Install Infonotary certificate chain ==
 
<!--Before you can start using the certificate, you must install the Infonotary certificate chain.
 
Certificate chain for certificates issued before 08.01.2018 - [http://www.infonotary.com/site/files/INotaryCertChain.p12 INotaryCertChain.p12].
 
Certificate chain for certificates issued after 08.01.2018 - [http://www.infonotary.com/site/files/InfoNotary_Qualified_eIDAS.p12 InfoNotary_Qualified_eIDAS.p12]-->
 
 
 
Start '''Mozilla Firefox'''. From the menu, choose '''Preferences'''.
 
[[Файл:MenuFirefoxMacOS.png|350px]]
 
From '''Privacy & Security''', choose '''View Certificates'''.
 
[[Файл:MenuFirefoxMacQuantumVC.png|750px]]
 
Choose the tab '''Your certificates''' and click on '''Import'''.
 
[[Файл:MenuFirefoxquantum2cert.png|750px]]
 
Specify the path to certification chain - [http://repository.infonotary.com/ra/InfoNotary_Qualified_eIDAS.p12 InfoNotary_Qualified_eIDAS.p12]
 
[[Файл:ChoosecertMac.png|500px]]
 
Leave the field blank and click '''OK'''.
 
[[Файл:MenuFirefoxMacEncryptPass.png]]
 
Newly installed certificates can be found in section '''Authorities'''.
 
[[Файл:MenuFirefoxquantum5cert.png|750px]]
 
In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on '''Edit Trust'''. The easiest way to do this setting for the certificate <!--"'''InfoNotary CSP Root'''" and/or -->"'''InfoNotary TSP Root'''" select two possible options. This will make all the InfoNotary trusted certificates for all operations.
 
[[Файл:MenuFirefoxMacQuantumTrust.png]]
 
== Install software security module ==
 
In order to use you digital certificate with Mozilla based applications like Firefox, Thunderbird etc., you must register PKCS#11 module, for your smart card. It is nessesary to install the drivers for the smart card before that.
 
Start Firefox Quantum. From the menu, choose '''Preferences'''.
 
[[Файл:MenuFirefoxMacOS.png|350px]]
 
From '''Privacy & Security''', choose '''Security Devices'''.
 
[[Файл:MenuFirefoxMacQuantumSDev.png|750px]]
 
To add a new device, choose '''Load'''.


<!--== Installation in Mozilla Firefox and Thunderbird ==
[[Файл:MenuFirefoxquantum2secdev.png|750px]]


'''The preferred way to configure Firefox and Thunderbird is through [https://addons.mozilla.org/firefox/addon/infonotary-configurator-for-mo/ InfoNotary Configurator for Mozilla]'''. After you install this extension everything will be configured automatically.
Change the name of the module (Module Name), as desired.


If you install it before the drivers or you have installed a different driver for the smart card you have, register the module manually from the preferences of the Configurator. Go to menu Tools->Add-ons, in the new pick Extensions, after that mark InfoNotary Configurator for Mozilla and click Preferences. Then Register Smart Card. In case is inactive you don't have to do anything.
[[Файл:MenuFirefoxMacQuantumLoadModule.png]]


== Testing installation ==
Select PKCS # 11 library corresponding to your smart card.
To test you can go to [https://gate.infonotary.com/diagnostics/dumpcert.cgi testing site of Infonotary]. In case everything configured correctly you will receive Data accepted. You can do a local check with the button "Sign text" in the preferences of InfoNotary Mozilla Configurator.-->
* '''IDPrime''' - /Library/Frameworks/eToken.framework/Versions/A/libIDPrimePKCS11.dylib


<!-- You dont have to do this section if you have the extension for Mozilla -->
* '''OpenSC''' - /Library/OpenSC/lib/opensc-pkcs11.so
<!-- Manual configuration


== Manual configuration in Mozilla Firefox and Thunderbird ==
* '''Bit4ID''' - /Library/bit4id/pkcs11/libbit4ipki.dylib


If you prefer to do the configuration manually you must do the following:
* '''Siemens''' - /usr/local/lib/libsiecap11.dylib


=== Installation of Infonotary certificate chain ===
After you click '''OK''', your smart card will appear in the list of available devices.
Before starting to work with your signature it is nessesary to install the root certificates of Infonotary. Infonotary certificate chain can be found in the folder „certificates“ on the installation CD or on our web site:


[http://www.infonotary.com/site/files/INotaryCertChain.p12 http://www.infonotary.com/site/files/INotaryCertChain.p12]
[[Файл:MenuFirefoxquantum4secdev.PNG|750px]]


# Start Mozilla Firefox and go to menu Firefox pick „Preferences“:<br/> [[Картинка:Firefox_MacOSX_Preferences.png]]
# From there tab „Advanced“, then „Encryption“, as it is shown on the picture and click „View Certificates“<br/> [[Картинка:Firefox_MacOSX_Certificate_Manager.jpg]]
# Then press „Import“ and specify the path to – InotaryCertChain.p12.
# Firefox will ask for password for „Software Security Device“. <br/>[[Картинка:Firefox_macosx_password_entry_dialog.jpg]]
# Leave the field for password blank and click OK:<br/>[[Картинка:Firefox macosx chain install password dialog.jpg]]
# If your installation is successfull you will receive the following message:<br/>[[Картинка:Firefox_macosx_chain_installed.jpg]] <br/> The newly installed certificate can be found in the tab „Authorities“.<br/> In Mozilla produsts you have to edit the trust for the root certificate. You have click on the root certificate and click Edit Trust as on the pucture and click all the checks: <br/> [[Картинка:Firefox macosx CA certificate trust settings.jpg]]


<!--== Configuring Mozilla Firefox on Mac OS==
* '''[[Configuring Firefox ESR v52 on Mac OS]]'''
* '''[[Configuring Firefox Quantum on Mac OS]]'''-->


=== How to install a software security device ===


# Plug your reader and smart card in your computer.
# Start Firefox and from the menu Firefox go to „Preferences“;
# Pick the tab  „Advanced“, then „Encryption“, and click on „Security Devices“:<br/> [[Картинка:Firefox macosx device manager.png]]
# Press Load.<br/> [[Картинка:Firefox_macosx_load_PKCS11_device.png]]
# Enter a name „Module Name“ , and in the field „Module filename“ put „/Library/OpenSC/lib/onepin-opensc-pkcs11.so“. After that click OK.
# Firefox will ask you to prompt:<br/> [[Картинка:Firefox_macosx_load_PKCS11_device_confirm.png]] <br/>Wait till the button OK is active and click it.
# If it is OK you will see the following text. <br/> [[Картинка:Firefox_macosx_load_PKCS11_device_OK.png]] <br/> If it is shown a message that it is imposible to add module, most probably the reader was plugged after you start Firefox or the smart card is not inserted correctly. <br/> [[Картинка:Firefox_macosx_load_PKCS11_device_error.png]]
-->
<!-- End of manual configuration -->


[[Категория:Инсталация и използване на удостоверения за електронен подпис]]
[[Категория:Инсталация и използване на удостоверения за електронен подпис]]
[[Категория:macOS]]
[[Категория:macOS]]
[[Категория:Помощ]]
[[Категория:Помощ]]

Текуща версия към 16:32, 18 юли 2023

Before you proceed you must do

  • IMPORTANT : In the information message "Please enter the master password for InfoNotary", enter your PIN code.
  • IMPORTANT : Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
  • IMPORTANT : In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.


Install Infonotary certificate chain

Start Mozilla Firefox. From the menu, choose Preferences.

MenuFirefoxMacOS.png

From Privacy & Security, choose View Certificates.

MenuFirefoxMacQuantumVC.png

Choose the tab Your certificates and click on Import.

MenuFirefoxquantum2cert.png

Specify the path to certification chain - InfoNotary_Qualified_eIDAS.p12

ChoosecertMac.png

Leave the field blank and click OK.

MenuFirefoxMacEncryptPass.png

Newly installed certificates can be found in section Authorities.

MenuFirefoxquantum5cert.png

In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary TSP Root" select two possible options. This will make all the InfoNotary trusted certificates for all operations.

MenuFirefoxMacQuantumTrust.png

Install software security module

In order to use you digital certificate with Mozilla based applications like Firefox, Thunderbird etc., you must register PKCS#11 module, for your smart card. It is nessesary to install the drivers for the smart card before that.

Start Firefox Quantum. From the menu, choose Preferences.

MenuFirefoxMacOS.png

From Privacy & Security, choose Security Devices.

MenuFirefoxMacQuantumSDev.png

To add a new device, choose Load.

MenuFirefoxquantum2secdev.png

Change the name of the module (Module Name), as desired.

MenuFirefoxMacQuantumLoadModule.png

Select PKCS # 11 library corresponding to your smart card.

  • IDPrime - /Library/Frameworks/eToken.framework/Versions/A/libIDPrimePKCS11.dylib
  • OpenSC - /Library/OpenSC/lib/opensc-pkcs11.so
  • Bit4ID - /Library/bit4id/pkcs11/libbit4ipki.dylib
  • Siemens - /usr/local/lib/libsiecap11.dylib

After you click OK, your smart card will appear in the list of available devices.

MenuFirefoxquantum4secdev.PNG