Browsers and computer

Whenever we are going to carry out a process of electronic signature or digital identification based on certificates, those certificates will need to be made available on the computer for the application to be made by the signature.

The certificates are stored in the “Certificate Store”.

• For the certificates contained in a digital card, such as Electronic IDThe card itself is the warehouse.
• The Marketing Authorisation Holder and Manufacturer software are stored in a warehouse which may be located on the operating system or on the computer itself. In order to use it first you need to import or charge the certificate in that warehouse.

Visit the sectionElectronic IDto see more information.

In order to use the electronic ID from a computer, it is necessary to have a card reader compatible with the DNIe. The reader must comply with at least:

• the standard ISO 7816 (1, 2 and 3)
• withstand asynchronous cards based on protocols T=0 (and T=1)
• to withstand minimum communication speeds of 9,600 bps
• stand up to standards:
  • PC/SC (Personal Computer/Smart Card)
  • CSP (Cryptographic Service Provider, Microsoft)
  • API PKCS#11

In addition, in order to be able to interact properly with cryptographic cards (DNIe) in particular, the equipment must have installed some ‘pieces’ of software calledcryptographic modules.

• In a Microsoft Windows environment, the computer must have installed a service called "Cryptographic ServiceProvider" (CSP).
• In UNIX/Linux or MAC environments, we can use the electronic ID through a cryptographic module called PKCS#11.

Certificates may contain That is why I would like to ask the Commissioner whether the Commission is prepared to accept the amendments tabled by the Committee on Budgets. That depends on the type of certificate we have and its extension.

Al mind A certificate is important that it contains the private key, because without it we will not be able to sign. Therefore, make sure that the certificate file you import has any of these extensions .pfx .p12 or .pem.

• The Marketing Authorisation Holder and Manufacturer import of certificates is the process enabling the certificate to be loaded on the computer or browser for subsequent use in the signature or identification.
• The Marketing Authorisation Holder and Manufacturer export of certificates is the process which allows a copy of the certificate installed on the computer or in the browser for later use on another computer or process.

  Sometimes it is necessary extract from the warehouse a certificate for the following:

  • Backup or backup certificate
  • Install it on another computer
  • Send the public share to another person

  In the export process we will be asked or a box can be checked indicating that we want to export the private key.

  In this case, the generated file will be saved with an extension .p12, .pfxo .pem.. Remember that this certificate cannot be distributed and that keep it in a safe place.

  In this case, the generated file will be saved with an extension .r or .der

  • Check the box if you want the exported certificate to be used to sign.
  • Do not check the box if you want the certificate to be public and send the certificate to another person.

  The export must be made from the store in which the certificate is installed. In the following points you can see the different ways to access the stores available on your computer.

Windows Certificate Store is used by browsers such as Internet Explorer and Chrome and by other applications such as Office and Adobe Reader.

The import of certificates in this warehouse can be done from either of the aforementioned browsers. The way to access the warehouse and import tools is as follows:

In Internet Explorer:

Google Chrome:

Firefox has its own certificate store independent of the OS warehouse. Therefore, if you want to sign documents from Firefox, you must first import certificates from the same browser.

The way to access Firefox warehouse management is as follows:

Adobe and Adobe Reader applications enable the validation of signatures contained in electronically signed pdf documents. However, in order for this to be possible, Adobe must recognize and rely on the real certificates of the Certifying Entities that have issued the certificates with which the document has been signed.

For example, to correctly validate a pdf document issued by the BOE, it is necessary to set up the Adobe environment to recognise the root certificate of the FNMT, since it was this entity that issued the certificate with which the BOE document was signed.

In the next link you can read the ways to set up Adobe for the specific case of validation of BOE documents.

In general, Adobe can be configured using one of the following methods:

• Use the Windows Certificate Store.
• Download the root certificate of the Certification Authority that issued the certificate.
• Installing the certificate in the Windows warehouse. Double-click the downloaded file and a window will be displayed.

On the tab "Detailsyou can check the attributes indicated to confirm that this is the correct certificate.

Press the button "Install Certificate"

Press the button "Next >"

Press the button "Examinesr" and select "Trust issuing entities"

Press the button "Next >and on the last screen "End"

As this is the certificate of a Root Certification Authority a window will appear to request confirmation

Press the button "If"

• Set up Adobe Acrobat Reader to trust the Windows store.

Start Adobe Reader and go to menu "Edit > Preferences".

Select the "Securityand press the button "Advanced Preferences".

Select the " tabWindows Integration and check the option "Validating Signatures".

Press the button "Acceptto end

• Use the Acrobat Reader certificate store.

Acrobat Reader has its own trust certificate store, which by default is the one you use.

The installation and configuration procedure is as follows:

• Download the root certificate of the Certification Authority that issued the certificate.
• Import the certificate of the accredited authority downloaded.

Start Adobe Acrobat Reader and select the menu "Advanced > Manage Trust Identities".

In the most modern versions, this menu is in "Documents > Manage Trust Identities".

Press the button "Add Contact"

Press the button "Examine" and select the downloaded certificate above

In the window that opens select the newly imported Contact.

Below are the certificates contained in this file

Select the certificate from the Certification Authority and press the "Trusting"

Check the option "Signatures and as a source of trustand press the button "Accept"

Press the button "Import"

Press the button "Accept"