TABLE OF CONTENTS Objective: ....................................................................................................................................................................... 3 Participants: .............................................................................................................................................................. 3 Content: ......................................................................................................................................................................... 3 Items to take into account before installing the digital certificate ........................................................................... 3 Downloading and installing the digital certificate ..................................................................................................... 4 Installing digital certificate on Chrome using an extension ................................................................................ 10 Most common issues and how to resolve them .......................................................................................................... 13
OBJECTIVE: The objective of this module is for all CS agents to be able to know how to install the digital certificate for PC terminal 2.0, and how to use the available troubleshooting resources in order to resolve the most common issues that we can face when installing the digital certificate for PC terminal 2.0.
PARTICIPANTS: All CSL1 agents must complete this module until successfully completing the module Certification
CONTENT:
ITEMS TO TAKE INTO ACCOUNT BEFORE INSTALLING THE DIGITAL CERTIFICATE
Before installing a digital certificate please take into account the following items: Confirm that the user logged in, have administrative permissions or is on an administrator session. Confirm that time and date is current, because if the date and is not properly configured the certificate cannot be installed. Make sure that software that protect the core operating system and configuration files on a workstation like for example Deep freeze, is not active on the computer since these types of software will erase the certificate installed on the next reboot. Are there any other Emida Digital Certificates already installed? If so, the ones installed will not be used anymore, make sure you delete them and install the appropriate ones for the merchant. Make sure that the operative system is windows, since on OSX the certificate cannot be installed Make sure that there are no pending windows updates ( for example like a service pack pending to be downloaded) Also make sure that the windows version is not a starter version since on these version the certificate cannot be installed at all due to software limitations
DOWNLOADING AND INSTALLING THE DIGITAL CERTIFICATE Now that the items above were checked, you can start to download and install the digital certificate for PC terminal 2.0, as you can see below: Downloading the digital certificate: 1- Access to the URL http://pcterm.emida.net/webposWeb/PCTerminal.iface and Start by clicking, Download Certificate Here Figure 1
2- The PC Terminal Certificate Enrollment page will appear. Click Download Cert Installer:
Figure 2
3- The setup wizard will begin. Click Next:
Figure 3
4- Let the installer complete the process:
Figure 4
5- Once is completed, click Finish to exit the setup
Figure 5 6- Click OK for the CertUtil:
Figure 6
7- Type username and password and click Request Client Certificate:
Figure 7
8- Click OK when complete:
Figure 8
9- It is now possible to log in. Type username and password then click Login
Figure 9
10-One is now logged into the system with the certification process being successful:
Figure 10
INSTALLING DI GI TAL CERTIFI CATE ON CHROME USI NG AN EXTENSION
After confirming that the certificate cannot be installed due to IE version or due to the error this page has not finishing loading yet, we can proceed with the following steps:
1- Now we need to enable the active X on internet explorer by following the standard procedure tools/internet options/security/custom level and select Prompt for the control marked on red below. Figure 11
2- Then on Google Chrome we select settings /Bookmarks/ import bookmarks and settings in order to bring the configurations from internet explorer. Figure 12
3- Now we can install the Chorme extensin IE TAB MULTI using the link below https://chrome.google.com/webstore/detail/fnfnbeppfinmnjnjhedifcfllpcfgeea: Figure 13
4- Now it is requeried to press the IE tab icon and enter the address whithin the IE tab option as you can see below and star the certifcate download process as usual Figure 14
MOST COMMON I SSUES AND HOW TO RESOLVE THEM Error no such user ID or Password This error will be showed when requesting the digital certificate, and the user is entering the correct credentials, and this can be solved by creating a new set of credentials for that specific user.
The computer shows that there are no administrative privileges to install run the certificate utility This error is generated because the user is not logged as an administrator or it does not have the required administrative privileges, and in this case the user needs to login as an administrator or the user will need to ask for the necessary administrative privileges.
The browser shows that the page cannot be displayed
the error internet explorer cannot display this page can be presented under various circumstances, and if after deleting the browsing history, temporary files, cache and cookies, resetting IE and already used Google chrome the merchant is still unable to access to the PC terminal URL we can do the following:
We need to execute the tracert command from the CMD window using the URL
In cases where there are DNS resolution problems it is clear that the url pcterm.emida.net cannot be resolved but with the IP the command is successful, under these circumstances we must clear the DNS registry and set a new register of the DNS using the commands ipconfig/flushdns and ipconfig/registerdns as you can see below. Figure 15
Minutes later after doing this the pc terminal URL should be accessible, but if the issue continues
The browser shows that net framework 2.0 is required
When configuring PC terminal 2.0 for all Emida geographies one of the minimal requirements to install the digital certificate is the NET framework 2.0 as you can see below:
Figure 16
If NET framework is not installed the certificate setup pop up will show the following: Figure 17
And since the machine does not have the minimal requirements to install the digital certificate it will be necessary to download the NET Framework 2.0. And we can do this by going to the following URL http://www.microsoft.com/en-us/download/details.aspx?id=1639 which will take us to the screen below:
Figure 18
And after we click on the download button it will show the following Figure 19
Each option represents a different configuration for a specific operative system version and in order to select the correct option we will need to take into account the following: The first option NetFx20SP2_x86.exe is intended to be used with windows 32 bits versions which is the most recurrent version for windows xp.
The second option NetFx20SP2_ia64.exe is intended to be used with windows 64 bits versions which is a high performance version mostly used by servers.
The third option NetFx20SP2_x64.exe is intended to be used with common windows 64 bits versions and it can be found on some windows 7 versions and it is not suitable for windows XP.
Now we choose the appropriate option and we click on next to download the file in order to install it as you can see below Figure 20
The browser shows the error ATTEMPT TO ACCESS DE CERTIFICATION SERVER HAS TIME OUT This error is generated when requesting the digital certificate and the installer tries to connect with the certificate server as you can see below:
Figure 21
This error is caused since the certificate installer is unable to communicate with the URL in order to validate and request the certificate. In most cases a firewall or antivirus restrictions will block the communication with the entity in charge of certificate validation and requests.
Now we need to remove the restriction by temporary disabling the antivirus and the firewall as you can see below:
Disabling firewall: We need to go to control panel/ windows firewall and turning off the windows firewall
Disabling the antivirus:
AVAST Right-click on the avast! Icon in system tray (looks like this: but orange in color starting with v5). Select avast! Shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.
AVG
AVG components protect your computer on multiple levels. If you need to disable all AVG components at once, please follow these steps: 1. Right-click the AVG icon in the system tray next to the clock. 2. Click temporarily disable AVG protection. 3. Choose how long you want the protection to be disabled and whether to disable the Firewall as well, and then click OK.
AVIRA ANTIVIR Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background. Right click it-> untick the option AntiVir Guard enable. You should now see a closed, white umbrella on a red background (looks to this: ) BIT DEFENDER Double click on the system icon for Bit Defender When the Bit Defender window appears, move mouse arrow to the left side and click >> Virus Shield. Move mouse arrow to the black check by Virus Shield is enabled and click. The black works will change to red, >> Virus Shield is disabled. Move mouse arrow to the top right corner and click the down arrows. Bit Defender is now inactive. To enable Bit Defender, do the same steps except click to enable. ESET NOD32 ANTIVIRUS V4 Double click on the system tray icon: on the bottom right hand corner. Select Disable real-time file system protection. A popup will ask "Are you sure you want to disable...protection?" Click "Yes" to disable the Antivirus guard. ESET SMART SECURITY Double click on the system tray icon: to open the main application window. Or via Start >> All Programs >> ESET >> ESET Smart Security. Click on Setup >> Antivirus and antispyware >> temporarily disable Antivirus and antispyware protection. When prompted to confirm temporarily disable select Yes. Note: Protection will be automatically started after a system reboot. F-SECURE ANTIVIRUS please navigate to the system tray on the bottom right hand corner and look for a blue sign. Right click it-> select Unload. The F-Secure sign should now be surrounded by a red striked through circle (looking like this: )
KASPERSKY ANTIVIRUS please navigate to the system tray on the bottom right hand corner and look for a sign. Right click it-> select Pause Protection. Click on -> By User Request A popup will claim that protection is now disabled and a sign like this: will now be shown. MCAFEE ANTIVIRUS please navigate to the system tray on the bottom right hand corner and look for a sign. Right-click it -> chose "Exit." A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard. MCAFEE SECURITY CENTER 7.1 please navigate to the system tray and double-click the taskbar icon to open Security Center. Click Advanced Menu (bottom mid-left). Click Configure (left). Click Computer & Files (top left). VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on. Do the same via Internet & Network for Firewall Plus.
MICROSOFT SECURITY ESSENTIALS Right-click on the MSE icon in the system tray and choose Open. Click the Settings tab, then click Real Time Protection. Uncheck the box next to "Turn on real time protection". Click the "Save changes" button. Exit MSE when done. NORTON ANTIVIRUS (by Symantec) please navigate to the system tray on the bottom right hand corner and look for a sign. Right-click it -> chose "Disable Auto-Protect." Select duration of 5 hours (this assures no interference with the cleanup of your pc) Click "Ok." A popup will warn that protection will now be disabled and the sign will now look like this:
NORTON 360 Right-click the Norton 360 Premier Edition icon in the system tray and select Disable Antivirus Automatic- Protect. You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, until system restart, permanently.
SYMANTEC ENDPOINT PROTECTION Right click on the icon in the taskbar notification area & select "Disable Symantec Endpoint Protection".
The Emida certificate utility screen shows the error User has no remaining certificate requests available
This error is generated because the user that is requesting the certificate has no certificates remaining to install as you can see on fig. 23 and 23.
Figure 22
And this can be resolved by adding more certificates( up to 2) on the field labeled as Certificate Install Remaining Amount, so in this way the user will be able to install more certificates.