Enterprise Public Key Infrastructure (EPKI) Manager
Version 3.0
For issuance & management of Enterprise-wide
SSL Certificates & Secure Email (S/MIME)
Certificates
Introduction
The EPKI Manager allows you to issue bulk
numbers of:
SSL Certificates for use on domain names
owned by your Company
Secure Email Certificates (S/MIME) for use
by employees of your Company
Your nominated EPKI Manager Administrator(s)
will be able to manage all the company's
Certificates from a central web based console.
Additional certificates may be purchased
through the console in minutes; ensuring new
servers and employee email may be secured in
minutes rather than days.
You may use the User Management facility to
create new users for your EPKI account and
specify permissions for Users on a granular
basis, including certificate issuance, revocation
and reporting permissions.
Login details:
Please find your login details in the email sent
by your Account Manager. Should you need
reminding of these details please contact
support@comodogroup.com.
Visit www.instantssl.com or
www.comodogroup. com and click the "login"
button the menu.
EPKI Manager Details
Using the EPKI Manager
Once logged into the Comodo management system, select the "EPKI Manager" link.
You will be presented with the following page:
Applying for a Certificate
You can use your EPKI Manager to apply for SSL and S/MIME Certificates for your
organisation.
To apply for an SSL Certificate:
Select your SSL Certificate product type from the Customer Order Options list. e.g.
Intranet Certificate (for use on internal servers or private IP address only)
InstantSSL Certificate
InstantSSL Pro Certificate
PremiumSSL Certificate
PremiumSSL Wildcard Certificate
Account actions:
Deposit funds &
view buy prices
Placing a
customer order:
Available products
Get Support
Manage EPKI
Manager Users
and their
permissions
Run reports on
orders placed
Step 1: Select the SSL product type:(e.g. InstantSSL, InstantSSL Pro, EliteSSL)
Step 2: Generate a CSR using your webserver software
Step 3: Copy and paste the CSR into the web form
Step 4: Select from the list the server software used to create the CSR
Step 5: Select the validity period for the certificate: either 1, 2 or 3 years
Note:
The product type and validity period will affect the price charged for the certificate.
Please refer to your pricing band for your actual buy prices as set by your Account
Manager.
Applying for a Corporate Secure E-Mail Certificate (S/MIME)
Select Corporate Secure Email Certificate product type from the Customer Order Options
list. As the Administrator you will be make an application for a Secure Email Certificate for
your employees. The process is as follows:
Administrator completes the enrolment form providing employee name, email
address and selects relevant security policies
Comodo email the employee with a link to begin Certificate enrolment process - the
enrolment for the Certificate must take place on the same PC on which the
Certificate will be used
Comodo issue the Certificate and automatically install the Certificate onto the
employees PC
The employee is automatically redirected to the support pages for configuration and
usage instructions
The enrolment form:
Step 1: Setting up a Validated Domain Name
Corporate Secure Email Certificates may only be applied for on domain names which you
have a right to use. Before applying for Certificates, you must first submit the domain
name for validation:
Follow the link in the first stage of enrolment to submit a domain name for validation to
Comodo's IdAuthority. Comodo will validate ownership of the submitted domain name.
Step 2: Entering Employee Details to be included in the Certificate
When validated your domain name will appear in a selection box in the enrolment form:
Complete the employee details and confirm the employee is an employee or authorized
representative of your company.
Step 3: Selecting Security Options for the employee's Certificate
You will be asked to specify the security options for the employee's Certificate.
Cryptographic Service Provide (CSP): The CSP is responsible for generating the
cryptographic keys. Select from the drop down list which CSP is to be used when the
employee enrols for their Corporate Secure Email Certificate. If the Certificate is to be
generated an placed on a smart card or other security device, ensure you select the
relevant CSP from the list.
Please note that the CSP you select MUST be present on the employee's PC.
Private Key User Protected: Place a tick in this check box to place additional protection
on the use of the private key (signing key) associated with the employee's Certificate.
Additional protection will challenge to the employee to OK the use of the Certificate every
time the private key is used.
Private Key Exportable: Place a tick in this check box if the private key associated with
the employee's Certificate should be exportable, e.g. if the Certificate can be backed up. If
you do not allow exportability and the Certificate is lost, all emails encrypted for the
employee will no longer be accessible.
Step 4: Select Validity Period:
Submit the form and the issuance process will begin.
Step 5: Required Employee Actions
And email will be sent to the stated employee containing a link to a specific setup page.
This page will automatically generate a Corporate Secure Email Certificate request and
submit this request to the Comodo Certification Authority. Comodo will then generate the
Certificate.
Once the link has been followed, it is important that the employee keep the browser
window open - the Certificate, when issued, will then automatically be installed. The
browser will then automatically redirect to the support pages to assist the employee in
configuration and usage.
For support on configuration and installation please view:
http://www.comodogroup.com/support/products/email_certs/corporate/index.html
Paying for Certificates
Your account will be debited with the value of the certificate product type and validity
period selected upon application of the Certificate. Upon receipt of the Certificate
application the Certificate will be issued and emailed to your Account Administrator.
Providing that the Certificate application contains no invalid or conflicting data, the
Certificate will usually be issued within 1 hour.
IMPORTANT - Your Responsibilities when using the EPKI Manager
In order to make the Certificate issuance process as fast and seamless as possible for
immediate Certificate issuance, the organisation has a number of responsibilities. It is your
responsibility to ensure the following:
You have the right to use the domain name contained in the SSL application. You
must only make applications for domain names you own.
The named individual in the Corporate Secure Email Certificate application is a
bona fide employee / representative of your company.
Making an illegitimate Certificate application could affect the warranty provided by Comodo
and your EPKI Manager Account and is a breach of the EPKI Manager Subscriber
Agreement.
Managing Users:
Your EPKI Manager Administrator (Super User) has the ability to add conduct all EPKI
Manager Functions (purchase products, deposit funds, run reports on all transactions) and
may add additional Users on a discretionary basis. Adding a User prompts the Super User
to complete the new User details. By default the User will inherit the Super User's
company address unless, optionally, a different address is required.
New User : Click to add a new User.
Amend User : Once a User has been added, they will be displayed in the User list. Select
the User from the User list and click Amend User to change User details.
Uncheck the Is Active box
to disable the login for the
selected User.
Managing User's Permissions: Selecting the User from the User list will then display the
permissions associated with the user.
Purchase: Placing a tick in the Purchase column next to each product type (SSL
Certificates, Corporate Secure Email Certificates, Deposit Funds) dictates whether the user
may buy these products.
Revoke: Placing a tick in the Revoke column next to each product type (SSL Certificates,
Corporate Secure Email Certificates) dictates whether the user may revoke these products.
Note that a revocation of deposited funds is not available.
View Others: By default the user may only run reports on the product type he/she has
purchased. Placing a tick in the View Others column for each product type (SSL
Certificates, Corporate Secure Email Certificates, Deposit Funds) allows the User to run
reports on all product types made by all Users.
Refunds: Please contact Comodo directly should you require a refund on a certificate.
Your Current Buy Prices: Click the "View your Current Buy Prices" to display a summary
table containing your current buy prices as set by your Account Manager.
Depositing Additional Funds: Your Reseller Account operates on a prepayment system.
You may top up your account at any time with additional funds by selecting "Deposit Funds".
Unless you have sufficient funds in your Reseller Account you will not be able to Authorise
Orders.
Getting Help: Should you have any questions regarding your Reseller account please do
not hesitate to contact our support department, we will be happy to assist you in any matter.
User List - click on
name to display
permissions
Comodo
Comodo Inc., 525 Washington Blvd., Jersey City, NJ 07310
Tel Sales: +1.888.COMODO.1 (+1 888 266 6361)
Fax Sales: +1.201.963.9003
Canadian Tel Sales: +1 877 80 32 556
Website : www.comodo.com
Sales email : sales@comodo.com
Business Development & Strategic Partnerships
If you would like to discuss a Business Development & Strategic Partnership please
contact us on: busdev@comodo.com
漏 2005 Comodo. All rights reserved.
download For issuance & management of Enterprise-wide SSL Certificates & Secure ...
