Steps to follow before installing the MPKI 7.x Administrator ID on 64-bit or 32-bit Windows 7 & Windows Vista machines running Internet Explorer 8 or 9 (32-bit)
For all MPKI 7.x Administrator ID’s the new root CAs are not present be default in Windows 7 machines. If you will use your administrator ID on a 64-bit or 32-bit Windows 7 and Windows Vista machine running Internet Explorer 8 or 9 (32-bit), you must correctly install and trust the appropriate Production/Pilot Symantec Root CAs before you enroll for and pick up the administrator ID, or the installation will fail without displaying an error.
Task 1: Install and trust the appropriate Production/Pilot Symantec Root CAs
- Download the appropriate Root CAs for production and for pilot , and save it to the machine where you will install the administrator ID.
- Open Microsoft Management Console (Click Start, enter mmc in the Search programs and files box, and click on the resulting mmc.exe).
- The Console window will appear. From the Console Root, click File > Add/Remove Snap-in.
- From the list of Available snap-ins, select Certificates.
- Click Add > My user account > Finish to add the Certificates – Current User snap-in, and then click OK.
- From the left tree, expand Console Root > Certificates – Current User > Trusted Root Certification Authorities, and then right-click on Certificates.
- Select All Tasks > Import.
- The Certificate Import Wizard opens. Click Next.
- Click Browse, navigate to the Symantec Private Root CA you downloaded in step 1, and then click Open.
- Click Next to confirm the CA file import.
- Keep the default Certificate Store setting (Place all certificates in the following store: Trusted Root Certification Authorities), and click Next.
- Click Finish.
- Click Yes when the security warning appears.
- Click OK to close the Certificate Import Wizard.
Task 2: Add the Service Enrollment URL to Trusted Sites:
- Open Microsoft Internet Explorer.
- From the Tools menu, click Internet Options.
- Click the Security tab.
- Under Select a zone to view or change security settings., click Trusted sites.
- Under Trusted sites, click Sites.
- Under Add this Web site to the zone:, type https://onsite.adacom.com or https://onsite-test.adacom.com and click Add.
- Click OK two times to close the Internet Options dialog boxes.
Task 3: Enable ActiveX:
- Open Microsoft Internet Explorer.
- From the Tools menu, click Internet Options.
- Click the Security tab.
- Under Select a zone to view or change security settings., click Trusted sites.
- Under Custom, click Custom Level.
- Under ActiveX Controls and plug-ins, set the following:
- Allow Previously unused ActiveX controls to run without prompt – Enable
- Allow Scriptlets – Disable
- Automatic Prompting for ActiveX controls – Enable
- Display video and animation on a webpage that does not use external media player – Disable
- Download signed ActiveX Control – Prompt
- Download unsigned ActiveX control – Disable
- Initialize and script ActiveX controls not marked as safe for supporting – Prompt
- Only allow approved domains to use ActiveX without prompt – Enable
- Run ActiveX controls and plug-ins – Enable
- Script ActiveX controls marked safe for scripting – Enable
Task 4: Install the Administrator ID in the browser or smart card (token)
- Pick up your Administrator ID from the URL in the approval email.
- After you will receive the success page
NOTE: If you do not see your administrator ID, then you will need to revoke and replace the current certificate in order to re-attempt the installation process.