SoftPDC FAQ

Q: What is a VT SoftPDC?
A: A SoftPDC is a x509 certificate issued by Virginia Tech in digital form. Unlike an eToken PDC’s, SoftPDCs are stored in a software file instead of a hardware device.

Q: How many active SoftPDC key pairs may I have at one time?

A: You may use your SoftPDC on as many devices as you need, but you may only have one active SoftPDC key pair at a time.

Q: Can my VT SoftPDC be used for digital signature?

A: Yes.

Q: Can my VT Soft PDC be used for encryption?

A: Yes.

Q: Can my VT Soft PDC be used for authentication?

A: Yes.

Q: What applications support the use of my VT SoftPDC?

A: Any application that can use a x509 certificate, examples are: that MS Office, MS Outlook, Firefox, Adobe Acrobat Pro, Adobe Reader, Various PGP products.

Q: How do I enroll for a VT SoftPDC?

A: Download as follows; CAS login required, if in doubt use default pkcs12 format, you will be required to create a password for the key pair, you will need this password in step 7 of  “How do I install the certificates into the Windows key store (pkcs12 only)?”: (Please note: this link don’t actually exist yet) https://ash.eprov.seti.vt.edu/softpdc/        

Q: Do I need any other certificates?

A: Yes, download Virginia_Tech_Soft_User_CA from https://vtca-p.eprov.seti.vt.edu:8442/ejbca/retrieve/ca_certs.jsp  (Please note: this link doesn’t actually have the Virginia Tech Soft User CA)

Q: What is a PKCS12 file?

A: A special file format containing a user's public keys and protected private keys.

Q: What is a Java Keystore?

A: A special file format containing a user's public keys and protected private keys, used in Java applications

Q: How do I renew my VT SoftPDC?

A: Navigate to the following link; CAS login required: (Please note: this link don’t actually exist yet) https://ash.eprov.seti.vt.edu/softpdc/  Click on Renew KeyPair.

Q: How do I revoke my VT SoftPDC?

A: Navigate to the following link; CAS login required: (Please note: this link don’t actually exist yet) https://ash.eprov.seti.vt.edu/softpdc/  Click on Revoke KeyPair.

Q: What is a key escrow?

A: When you create a SoftPDC, a copy of your private key is kept in an encrypted Oracle database. This copy of your private key may be used, in the case that you lose your SoftPDC,  to unencrypt files you have encrypted with the SoftPDC.

Q: How do I recover my VT SofPDC keys from key escrow?

A: Navigate to the following link; CAS login required: (Please note: this link don’t actually exist yet) https://ash.eprov.seti.vt.edu/softpdc/  Click on the Renew KeyPair button if the certificate is active, Recover KeyPair if the certificate is revoked.

Q: How do I import my VT SoftPDC into Adobe Acrobat Pro/Reader  9.x?

A: If you have a certificate that is already in your file system, you can import it into Acrobat for use with PDF files. To import certificates, find out where they are stored (the filename and path).

  1. Do one of the following:
    1. In Acrobat, choose Advanced > Manage Trusted Identities.
    2. In Reader, choose Document > Manage Trusted Identities.
  2. In the Display menu, select Contacts, and then click Add Contacts.
  3. Click Browse, select the certificate file, and click Open.
  4. Select the added certificate in the Contacts list to add it to the Certificates list. For root certificates, select the certificate in the Certificates list, click Trust, check the box next to “Use this certificate as trusted root”, and click OK.
  5. Click Import.
  6. Click Ok on the Import Complete popup.

Q: How do I import my VT SoftPDC into Adobe Acrobat Pro/Reader  10.x?

A: If you have a certificate that is already in your file system, you can import it into Acrobat for use with PDF files. To import certificates, find out where they are stored (the filename and path).

  1. Do one of the following:
    1. In Acrobat, choose Tools > Sign & Certify > More Sign & Certify > Manage Trusted Identities.
    2. In Reader, choose Edit > Protection ->Manage Trusted Identities.
    3. In the Display menu, select Contacts, and then click Add Contacts.
    4. Click Browse, select the certificate file, and click Open.
    5. Select the added certificate in the Contacts list to add it to the Certificates list. For root certificates, select the certificate in the Certificates list, click Trust, check the box next to “Use this certificate as trusted root”, and click OK.
    6. Click Import.
    7. Click Ok on the Import Complete popup.

Q: How do I import my VT SoftPDC into the Windows Keystore?

A: Perform the following steps:

  1. Open Internet Explorer.
  2. IE 8 select Tools -> Internet Options. For IE 9 select the gear on the far right -> Internet options.
  3. Select the Contents tab and the Certificates button.
  4. Click on the Personal tab and Import button.
  5. The Certificate Import Wizard open click Next.
  6. Use the Browse button to navigate to your SoftPDC, click Next.
  7. Password prompt, enter the password you created when you downloaded the SoftPDC
  8. Click the bullet next to “Place all certificates in the following store”.
  9. Browse to Personal , click Next.
  10. Verify settings, Click Finish.
  11. Popup indicates the Import was successful, Click on Ok. The certificate should be visible under the Personal tab. 
  12. Trust chain configuration to be documented later.

Q: How do I import my VT SoftPDC into Firefox?

A: Open Firefox and:

  1. Linux select Edit -> Preferences.
    Mac select Firefox -> Preferences.
    Windows Firefox 3.x select Tools -> Options .
    Windows Firefox 4.x select Firefox -> Options-> Options.
  2. Select the Advanced and Encryption tabs.       
  3. Select the click on the View Certificate Button.
  4. Click on the Your Certificate tab and then click on the Import Button.
  5. Navigate you your certificate and click Open.
  6. Enter the password you created when you downloaded the certificate, click OK .
  7. Click OK to close the popup “Successfully restored your security certificate(s) and private key(s)”.
  8. Click OK to close the Certificate Manager.
  9. Click OK to close Options.

Q: How do I import my VT SoftPDC into the MacOS Key Chain?

A: Double-click on the file, enter the certificate password and click OK. The certificate will automatically be imported into the Login keychain (the certificate will be listed as not signed by a trusted root, I am not able to test if adding the Virginia Tech SOFT CA and Virginia_Tech_Global_SoftPDC certificates will rectify the problem until I am issued production certificates)

Q: How do I remove my VT SoftPDC from the Windows Keystore?

A: .Open Internet Explorer.

  1. IE 8 select Tools -> Internet Options. For IE 9 select the gear on the far right -> Internet options.
  2. Select the Contents tab and the Certificates button.
  3. Click on the Personal tab and select your certificate, click on the Remove button.
  4. Click on Yes in the conformation popup.
  5. Click on Close and OK to close Internet Options.

Q: How do I remove my VT SoftPDC from the Firefox?

A: Open Firefox and

1.    Linux select Edit -> Preferences.
Mac select Firefox -> Preferences.
Windows Firefox 3.x select Tools -> Options .
Windows Firefox 4.x select Firefox -> Options-> Options.

2.    Select the Advanced and Encryption tabs.       

3.    Select the click on the View Certificate Button.

4.    Click on the Your Certificate tab and then click on your certificate, click on the Delete button.

5.    Click OK in the conformation popup.

6.    Exit from Options\Preferences.

Q: How do I remove my VT SoftPDC from the Mac OS Key store?

A: Open the Keychain Access utility, click on the certificate to delete, click on Edit -> Delete, click on the Delete button in the conformation popup.

Q: How to I configure Adobe Acrobat Pro/Reader 9.x or 10.x to use my VT SoftPDC?

A: Perform the following steps:

  1. Select Edit -> Preferences -> highlight Security on the left panel, click on Advanced Preferences, under the Verification tab, ensure the checkbox for “Require certificate revocation checking to succeed whenever possible during signature validation” is checked.
  2. Under the Windows Integration Tab, check the boxes next to “Enable searching the Windows Certificate Store for certificates other than yours”, “The Validating Signatures” and “Validating Certified Documents”.  Click OK twice to exit preferences.
  3. You are now ready to digitally sign documents in Abobe Acrobat\Reader 9.x or 10.x.

Q: How do I digitally sign a PDF document in Adobe 9.x using my VT SoftPDC?

A: Follow the directions at http://help.adobe.com/en_US/Acrobat/9.0/Professional/WS58a04a822e3e50102bd615109794195ff-7d48.w.html

Q: How do I digitally sign a PDF document in Adobe 10.x using my VT SoftPDC?

A: Use the directions at http://help.adobe.com/en_US/acrobat/pro/using/WSAC8084C2-14F7-4841-9EF8-92106D22C3DB.w.html

 Q: How do I digitally encrypt a PDF document in Adobe 9.x using my VT SoftPDC?

*A:  *Follow the directions at: http://help.adobe.com/en_US/Acrobat/9.0/Standard/WS58a04a822e3e50102bd615109794195ff-7d6c.w.html .

Q: How do I digitally encrypt a PDF document in Adobe 10.x using my VT SoftPDC?

A: Follow the directions at http://help.adobe.com/en_US/acrobat/pro/using/WS58a04a822e3e50102bd615109794195ff-7d8b.w.html#WS58a04a822e3e50102bd615109794195ff-7d6c.w .

 

Q: How do I configure MS Outlook 2010 to use my VT SoftPDC?

A: Users can import a digital ID from a file. To do this, on the File tab, click Options, and then click Trust Center. Under Microsoft Outlook Trust Center, click Trust Center Settings. On the E-mail Security tab, under Digital IDs (Certificates), click the Import/Export. Browse to your file, enter the password and a name, click OK and then click Ok in the conformation popup. In the Encrypted email section check the box next to “Add digital signatures to outgoing messages”. Click OK twice to exit Options.

Q: How do I digitally sign/encrypt an email using MS Outlook 2010?

A: To do this, on the File tab, click Options, and then click Trust Center. Under Microsoft Outlook Trust Center, click Trust Center Settings. On the E-mail Security tab, under Encrypted email check the box next to “Add digital signatures to outgoing messages” or “Encrypt contents and attachments for outgoing messages” as appropriate. Click OK twice to exit Options.

Q: How do I digitally sign a MS Office document?

A: Follow the directions at http://office.microsoft.com/en-us/word-help/add-or-remove-a-digital-signature-in-office-files-HA010354308.aspx#BM6 .

Q: How do I move my VT SoftPDC to another computer?

A: You can use the original file you downloaded when you created the SoftPDC or export the certificate from it’s existing keystore and then import it into the keystore of the new computer.

Q: How do I keep my VT SoftPDC secure?

A: Pick strong passwords by following the suggestions at: http://www.computing.vt.edu/accounts_and_access/pickinggoodpasswords.html . Minimize the number of computers you use the SoftPDC on. Remove unused SoftPDCs.

Q: My VT SoftPDC was lost or compromised.  What steps should I take?

A: Revoke the SoftPDC, decrypt any data encrypted with the SoftPDC, enroll for a new one, re-encrypt your data if necessary.

Q: I forgot the password to my SoftPDC file, what should I do?

A: Navigate to the following link; CAS login required: (Please note: this link don’t actually exist yet) https://ash.eprov.seti.vt.edu/softpdc/  Click on the Renew button next to your certificate. Select a new password and download the SoftPDC. Depending on how you use your certificate you may have to replace the old SoftPDC with the new SoftPDC.

  • No labels