Chapter 6Chapter image

Using Digital Certificates

You can install certificates and configure certificate settings for Internet Explorer by using the following methods:

The options for configuring certificates are the same whether you access them from Internet Explorer 5, the Internet Explorer Customization wizard, or the IEAK Profile Manager. For more information about using the Internet Explorer Customization wizard and the IEAK Profile Manager, see Chapter 15, "Running the Internet Explorer Customization Wizard" and Chapter 22, "Keeping Programs Updated."

Note Outlook Express also includes certificates, called "digital IDs," which can be configured separately within the e-mail program.

Installing and Removing Trusted Certificates

The Internet Explorer Certificate Manager enables you to install and remove trusted certificates for clients and CAs. Many CAs have their root certificates already installed in Internet Explorer. You can select any of these installed certificates as trusted CAs for client authentication, secure e-mail, or other certificate purposes, such as code signing and time stamping. If a CA does not have its root certificate in Internet Explorer, you can import the root certificate into Internet Explorer. Each CA's Web site contains instructions describing how to obtain the root certificate. You may also want to install client certificates, which are used to authenticate users' computers as clients for secure Web communications.

To install or remove clients and CAs from the list of trusted certificates
  1. On the Tools menu, click Internet Options, and then click the Content tab.
  2. Click Certificates.
  3. Click one of the following tabbed categories for the type of certificates you want to install or remove:

    The following illustration shows the Certification Manager with the Intermediate Certification Authorities category selected.

    Certification Manager

  4. In the Intended Purpose box, select the filter for the types of certificates that you want to be displayed in the list.
  5. To add other certificates to the list, click Import. The Certificate Manager Import wizard steps you through the process of adding a certificate.

    To export certificates from the list, click Export. The Certificate Manager Export wizard steps you through the process of exporting a certificate.

    To specify the default drag-and-drop export file format (when the user drags a certificate from the Certificate Manager and drops it into a folder), click Advanced.

    The following illustration shows the Advanced Options dialog box.

    Advanced Options dialog box

    To delete an existing certificate from the list of trusted certificates, click Remove.

    To display the properties for a selected certificate, including the issuer of the certificate and its valid dates, click View.

Adding Trusted Publishers and Credentials Agencies

To designate a trusted publisher or credentials agency (also called certification authority and issuer of credentials) for Internet Explorer, use the Security Warning dialog box that appears when you attempt to download software from that publisher or credentials agency. Active content that is digitally signed by trusted publishers or credentials agencies with a valid certificate will download without user intervention, unless downloading active content is disabled in the settings for a specific security zone.

To add a trusted publisher or credentials agency
  1. Use Internet Explorer to download signed active content from the publisher or credentials agency.
  2. When the Security Warning dialog box appears, select Always trust content from publisher or credentials agency name.

    The following illustration shows the Security Warning dialog box.

    Security Warning dialog box

  3. To download the software and control, and add the publisher or credentials agency to the list of trusted publishers and credentials agencies, click Yes.

Removing Trusted Publishers and Credentials Agencies

You can use the Authenticode Security Technology dialog box to remove publishers and credentials agencies from the list of trusted authorities.

To remove a trusted publisher or credentials agency
  1. On the Tools menu, click Internet Options, and then click the Content tab.
  2. Click Publishers.
  3. To remove a trusted publisher or credentials agency, select the name of the agency from the list, and then click Remove.

    The following illustration shows a list of trusted publishers and credentials agencies.

    Trusted publishers and credentials agencies

Configuring Advanced Security Options for Certificate and Authentication Features

You can easily configure options for certificate and authentication features that your users may need.

To configure advanced security options for certificates
  1. On the Tools menu, click Internet Options, and then click the Advanced tab.
  2. In the Security area, review the options that are selected.
  3. Depending on the needs of your organization and its users, select or clear the appropriate check boxes.

    For example, to enable Fortezza support for users with Fortezza Crypto Cards and the Fortezza CSP plug-in for Internet Explorer, select the Use Fortezza check box.

    The following illustration shows the Security check boxes.

    Security check boxes

For information about security options for user privacy features, see Chapter 8, "Content Ratings and User Privacy."



Arrow: Top of page