Fasttrack/CPIN: Self-Service PKI Certificate Creation Process

FastTrack/CPIN: Self-Service PKI Certificate Creation Process

The following are the steps required by new users to create a PKI certificate profile.

Upon generation of the PKI certificate, a new user will receive an automatically generated email message similar to the example listed below.

-----Original Message-----
From: [mailto:
Sent: May 26, 2014 4:12 PM
To: PKI Recipient
Subject: New Certificate Authorization Code
This email is computer generated. PLEASE DO NOT REPLY.
Your GO:PKI certificate for access to CAS login and application is ready to be installed. Please click on the link below to start the self-registration process.

Upon completion of self-registration, you will be required to save your certificate file. Following, please continue to enroll with the "Self Recovery Service". This process would enable each completed enrolment to be able to perform self-service password resets using secret questions established within the enrolment.
If you have any problems completing the registration process, please contact your IT support staff or your Local Registration Authority (LRA) for assistance.
Thank you,
Head Local Registration Authority for CAS.
DN=serialnumber=DSAP361513+cn=FirstNameLastName,ou=Partner, ou=External, o=Government of Ontario, st=ON, c=CAAuthCode=BU3U-ZDPT-WYLI
------

Click on the link in this email message(using the Internet Explorer browser). Note that it is assumed the appropriate version of Java is installed. This function is only supported on 32-bit OS.

Please follow the step by step instructionsto create your PKI certificate:

1. Select your language.

1. Enter your first and last name in the appropriate fields as you entered them on your application. Note wildcards can be used. You can leave the email blank and then click on ‘Continue’.

1. Click on the circle besides your name and then click on ‘continue’.

1. Answer the questions, click on ‘continue’

1. Click on ‘I Agree – Continue’

1. Click on ‘Manual Locate’ and select the folder ‘Desktop’ or a location as directed by your IT staff. The location must be only accessible by the user on a personal drive:

1. Enter ‘yourname.epf’ as the filename: (don’t forget the ‘.epf’ part). Click on ‘Open’.

1. The filename will show on the ‘PKI profile File location’ as shown below. Enter your personal password as the Rules on the left are checked as a guide. Click on ‘Continue’:

1. Click on ‘Finish’. The system will bring you to the login window:

1. Enter the password and click on ‘Continue’.

1. Setup the questions and answers, and click on ‘Continue’

1. Click on ‘Finish’. You will be offered the option to change Secret Question/answers or password.

1. If you don’t need to change these, click on ‘LOGOUT’.

1. Click on ‘Logout’ to complete the procedure.

Your PKI certificate is now ready for use. Simply launch the application (either FastTrack and/or CPIN) using the links provided by your IT staff.

PKI Self-Serve:

PKI PRO [password reset/profile recovery online] is a self-service tool available 24/7 that allows you to reset your PKI password and recover your PKI profile online using a series of Secret Questions and Answers (SQAs). Using PKI PRO also further enhances the privacy and security of your personal information.

PKI PRO is dependent on you enrolling your SQAs before you are able to perform a password reset or profile recovery.

You must enroll five SQAs to use PKI PRO. You are able to customize your responses by selecting from a variety of different questions. Please be sure to provide easy-to-remember answers!(See Step 11 above.)

Once you’ve enrolled these SQAs, you will be able to use the "Can't Login in?" button on the MyOPS Login screen to reset your PKI password or recover your PKI profile online, on your own, without requiring your LRA’s assistance.

Page 1 of 10