Steps to follow before installing the MPKI 7.x Administrator ID on 64-bit or 32-bit Windows 7 & Windows Vista machines running Internet Explorer 8 or 9 (32-bit)

 

For all MPKI 7.x Administrator ID’s the new root CAs are not present be default in Windows 7 machines. If you will use your administrator ID on a 64-bit or 32-bit Windows 7 and Windows Vista machine running Internet Explorer 8 or 9 (32-bit), you must correctly install and trust the appropriate Production/Pilot Symantec Root CAs before you enroll for and pick up the administrator ID, or the installation will fail without displaying an error.

 

Task 1: Install and trust the appropriate Production/Pilot Symantec Root CAs

1. Download the appropriate Root CAs for production and for pilot , and save it to the machine where you will install the administrator ID.
2. Open Microsoft Management Console (Click Start, enter mmc in the Search programs and files box, and click on the resulting mmc.exe).
3. The Console window will appear. From the Console Root, click File > Add/Remove Snap-in.
4. From the list of Available snap-ins, select Certificates.
5. Click Add > My user account > Finish to add the Certificates – Current User snap-in, and then click OK.
6. From the left tree, expand Console Root > Certificates – Current User > Trusted Root Certification Authorities, and then right-click on Certificates.
7. Select All Tasks > Import.
8. The Certificate Import Wizard opens. Click Next.
9. Click Browse, navigate to the Symantec Private Root CA you downloaded in step 1, and then click Open.
10. Click Next to confirm the CA file import.
11. Keep the default Certificate Store setting (Place all certificates in the following store: Trusted Root Certification Authorities), and click Next.
12. Click Finish.
13. Click Yes when the security warning appears.
14. Click OK to close the Certificate Import Wizard.

 

Task 2: Add the Service Enrollment URL to Trusted Sites:

1. Open Microsoft Internet Explorer.
2. From the Tools menu, click Internet Options.
3. Click the Security tab.
4. Under Select a zone to view or change security settings., click Trusted sites.
5. Under Trusted sites, click Sites.
6. Under Add this Web site to the zone:, type https://onsite.adacom.com or https://onsite-test.adacom.com and click Add.
7. Click OK two times to close the Internet Options dialog boxes.

 

Task 3: Enable ActiveX:

1. Open Microsoft Internet Explorer.
2. From the Tools menu, click Internet Options.
3. Click the Security tab.
4. Under Select a zone to view or change security settings., click Trusted sites.
5. Under Custom, click Custom Level.
6. Under ActiveX Controls and plug-ins, set the following:

 

• Allow Previously unused ActiveX controls to run without prompt – Enable
• Allow Scriptlets – Disable
• Automatic Prompting for ActiveX controls – Enable
• Display video and animation on a webpage that does not use external media player – Disable
• Download signed ActiveX Control – Prompt
• Download unsigned ActiveX control – Disable
• Initialize and script ActiveX controls not marked as safe for supporting – Prompt
• Only allow approved domains to use ActiveX without prompt – Enable
• Run ActiveX controls and plug-ins – Enable
• Script ActiveX controls marked safe for scripting – Enable

 

Task 4: Install the Administrator ID in the browser or smart card (token)

1. Pick up your Administrator ID from the URL in the approval email.
2. After you will receive the success page

 

NOTE: If you do not see your administrator ID, then you will need to revoke and replace the current certificate in order to re-attempt the installation process.