Section II: Import certificate into Firefox
After your identity has been verified at your RA you will receive an email containing information about your signed public key and how to obtain it. This email is created automatically by the DFN. It is not sent by us.
The Firefox Browser offers a convenient method to securely store private keys with the help of a "Certificate Manager". A "Master Password" ensures that your certificates are safe from unauthorized access. If you have not already set a strong "Master Password" in your Firefox browser we strongly suggest that you do so now.
- Before you proceed you should activate the checkbox "[v] Ask me every time" on the "Encryption" section of the "Advanced" tab in your Firefox preferences. This will help to prevent some problems we faced while testing this procedure. If the root certificate is still missing in your Firefox browser, you can install it by copying the first link of the email "1. Für die CA-Zertifikate wählen Sie bitte die Seite ..." into your Firefox browser and clicking on the Sub-Tab "Grid Root CA Zertifikat".
- There are two possible ways to import the certificate:
To import the key into Firefox's certificate manager use the second link situated after "2. Ihr eigenes Zertifikat erhalten Sie direkt über folgenden Link:" in the email from your RA. At the page the link refers to, click on "Zertifikat importieren" and -- depending on your Firefox settings and version -- the following dialog will either appear or remain absent.
"[x] Dieser CA vertrauen, um Webseiten zu identifizieren."
"[x] Dieser CA vertrauen, um E-Mail-Nutzer zu identifizieren."
"[x] Dieser CA vertrauen, um Software-Entwickler zu identifizieren."If the dialog appears make sure that all boxes are checked and proceed. Typically when this dialog box does not appear, a warning message will be displayed telling you that the downloaded private key has been installed and you should consider making a backup.
"Warnung: Ihr persönliches Zertifikat wurde installiert. Sie sollten eine Sicherungskopie dieses Zertifikats aufheben."
Though this dialog is a warning, everything is ok.
- ALTERNATIVE: The first link in the email ("1. Für die CA-Zertifikate wählen Sie bitte die Seite") gives an alternative way to access and import your certificates: Copy the first link, and access the page. Import the certificate by clicking 'CA-Information', 'Laden des CA-Zertifikats' und 'Wurzelzertifikat'. You may have to import several certificates, but the minimum will be the Wurzelzertifikate and your personal certificate.
- As you will need a backup of your certificate you should follow Firefox's advice and create one now. This is done in the "Preferences" dialog of Firefox under "Advanced" in the "Encryption" tab. When you click on "View Certificates" a new window pops up. If everything went well so far, your name should be listed below a "DFN-Verein" entry in the "Your Certificates" tab of this window. Simply select the line below "DFN-Verein" containing your name and click on "Backup". Choose the location where the backup file is to be created and enter your Master Password into the respective dialog box. The last dialog asks you for a password for the backup. All these passwords are a nuisance but if you choose a bad password for this backup your private key is at stake. So you should once more think of a strong password and remember it. The password quality meter in the lower part of the dialog box is a hint of the strength of the password you made up. Finally click on "OK" and the backup file will be created at the previously chosen location.
If your original private key is lost either by a hardware failure or due to faulty operation you will have to repeat the previous and following steps to apply for a new one. Hence it is sensible to save the backup in a secure place. Consider for example burning a CD containing your key.
Back to Section I Proceed with Section III