Organization
Mission
Green IT
ITSC Digest
Announcements
System Availability
LAN Admin Resources (Intranet Only)
Student User Consultation Committee
Video Tour
Locations
Opening Hours
Contact Us
My Accounts
Change Password
Change E-mail Alias and Drop Box
Apply for Additional Disk Quota
Apply Accounts for
:: Department
:: Project
:: Student Organization
:: Visiting Guest
:: E-mail Service for Retiree
Policies and Guidelines
Services
:: E-mail (CWEM)
:: Mass Mailing
:: CU Net-TV
:: More..
Campus Backbone Network
IP Phone and Data Port
VPN Access
WiFi Access
WiFi Hotspot Partnership Programme
Self-Service Printing
External Network Connectivity
Alerts, News and Events
:: E-mail Fraud (Phishing) Alert
:: More..
Good Practices for
:: General Users
:: Technical Professionals (Intranet Only)
LAN Admin Resources (Intranet Only)
Information Security Policies (Intranet Only)
Useful Tools and Links
:: Anti-virus Software - Kaspersky
:: Certificate Authority
:: Central Authentication and Directory Service
:: More...
FAQ
Glossary
Report IS Incidents
Using Computers
Facilities (Datalocker, Training and Discussion Rooms)
Services (Printing, Scanning and HelpDesk)
Lost and Found
Locations
Opening Hours
Conditions of Use
eLearning
High-performance Computing
iHome Server
Logic Server
Maintenance Schedule
Computer Equipment Acquisition (Intranet Only)
Software Licensing
Software Standards
Services to Department
University Administration Systems
AMSD Forms
MyCUHK
CUSIS
CU Link
Add Value to Print Account
Print Account Management System
e-Card
e-Survey
e-Ticketing
ITSC Training Courses
Training Room Booking
Application Forms
User Guides
Posters and Wallpapers
The Chinese University of Hong Kong Information Technology Services Centre 資訊科技服務處 香港中文大學 User Areas Network Services Research and Teaching Computing Computer Accounts About ITSC Application Systems Departmental IT Support Contact ITSC Policies and Guidelines Site Index ITSC Information Security Quick Links for Students Quick Links for Staff
bullet Alerts, News and Events
bullet Good Practices for
bullet General Users
bullet Technical Professionals (Intranet Only)
bullet Information Security Policies (Intranet Only)
bullet Useful Tools and Links
bullet Anti-virus Software - Kaspersky
bullet CUHK Certificate Authority (CA)
bullet Introduction to PKI
  bullet The CUHK Certificate Authority
  bullet How to apply for a CUHK Digital Certificate?
  bullet How to use a CUHK Digital Certificate?
  bullet Web-applications Using HKPost Digital Certificate
  bullet Security Issues
  bullet FAQ
  bullet Others
bullet Central Authentication and Directory Service
bullet More...
bullet FAQ
bullet Glossary
bullet Report IS incidents
   
How to use a CUHK Digital Certificate
  1. Install CUHK Root CA Certificate
  2. Client cert
    1. Common software packages that support digital certificate
    2. Certificate stores
    3. Installation
    4. Backup your private key
    5. Sending secure email
    6. Use with CU Link
  3. Server cert
    1. Installation on IIS 4
    2. Installation on IIS 5/6
  1. Install CUHK Root CA Certificate

    In order to operate smoothly with CUHK CA issued digital certificates, you need to install the CUHK Root CA Certificate into your Internet browsers and e-mail applications. By installing the CUHK Root CA Certificate, all digital certificates issued by CUHK CA will be 'trusted' automatically. So it is very important to verify that the root certificate you are installing is genuine, not a fake root certificate generated by someone with malicious intention.

    Install CUHK Root CA Certificate:
  2. Client Certificate

    1. Common software packages that support digital certificate
      Software package Functions
      Internet Explorer 6 and 7 Access web sites that require client certificate authentication
      Outlook 2002/2003 Encrypt/decrypt email
      Outlook Express 6 Encrypt/decrypt email
      Netscape 7.x Access web sites that require client certificate authentication, encrypt/decrypt email

    2. Certificate stores

      It is important for you to know where your private key is stored in different software packages and how to protect it from being accessed by other users.
      Software package / function Location of private key (certificate store) Private key protected by ... Remarks
      Internet Explorer 6 and 7,
      Outlook 2002/2003,
      Outlook Express 6      		 Windows Registry (a file on your local computer)

      OR      		 Windows password
      1. All 3 packages share the same certificate store.
      2. To prevent others from accessing your private key, logout Windows after use.
      CU Link smart card CU Link PIN
      1. Your private key will never leave your CU Link, so removing CU Link from the smart card reader will prevent others from accessing your private key.
      Netscape 7.x Netscape Certificate Database (a file on your local computer)

      OR      		 Netscape Master Password  
      CU Link smart card CU Link PIN
      1. Your private key will never leave your CU Link, so removing CU Link from the smart card reader will prevent others from accessing your private key.
      Backup / transfer of private key PKCS12 file (a file with .p12 or .pfx extension) PKCS12 password
      1. PKCS12 is a standard file format to store both the private key and certificate.
      2. You can backup your private key from IE or Netscape onto a PKCS12 file, or restore from a PKCS12 file to IE or Netscape.
      3. You can also copy your private key and certificate to another browser/machine via a PKCS12 file.

    3. Installation
      1. Internet Explorer 6 and 7 / Outlook 2002/2003
      2. Netscape 7.x
    4. Backup your private key
      1. Internet Explorer 6 / Outlook 2002/2003
      2. Netscape 7.x
    5. Sending secure email
    6. Use with CU Link
      1. Does my CU Link support digital certificate?First Time InstallationCUHK Card Utility
      2. Troubleshooting
  3. Server Certificate

    1. Installation on IIS 4
    2. Installation on IIS 5/6
  

Need Help?
For comments and enquiries about this service, please write to the ITSC Electronic Helpdesk at
http://helpdesk.itsc.cuhk.edu.hk