This section is about the configuration of the workstation to support the SSL standard, allowing access to sites with an encrypted connection (HTTPS protocol).
In the browser, select the menu "Tools > Internet Options":
Select the tab "Advanced":
In the section "Settings", make sure that the boxes TLS 1.0, TLS 1.1 and TLS 1.2 are ticked, as shown above.
In order to log on to the web sites with your software certificate, it is imperative to add these sites to the list of trusted sites.
The Trusted Sites zone allows the declaration of sites’ names you consider safe.
In this section, you must be logged into the workstation with the Windows account that will use the software certificate.
To do this, open Internet Explorer and click the menu "Tools > Internet Options".
In the window that appears, click the "Security" tab. select the "Trusted Sites" icon and click the "Sites" button.
The following window appears.
In the field "Add this website to the zone", enter the URL corresponding to the PKI:
Proceed the same way to add the following websites:
https://portail.iservices.rte-france.com: this is the internet portal
https://secure.iservices.rte-france.com: this is the SSL VPN connection portal
The 3 websites shall now appear in the list "Websites".
Click "Close", then "OK".
This CA is the Historical CA of RTE, dealing with 2048 bit keys. This CA is necessary to ensure the cohabitation between the former and the latter PKIs.
RTE Historical CA’s certificate must now be installed in your browser so that it is recognized as a trusted Certificate Authority.
To do so, please go to the following address:
The download window appears:
Click the "Save" button and choose a location to save the file "Certification_Autority_RTE_2048.cer" containing RTE Historical CA’s certificate.
Once the download is completed, the following window appears:
Click "Open folder" to go to the directory where you saved the file.
Right-click the "Certification_Autority_RTE_2048.cer" file you just downloaded and choose "Install Certificate".
The installation wizard of the certificate is displayed:
Click "Next"
Select "Place all certificates in the following store" and click "Browse".
In the window that appears, select "Trusted Root Certification Authorities" and click "OK".
Once you have chosen the certificate store, you get the following window:
Click "Next".
Click "Finish"
Click "OK".
This CA is the new Root CA of RTE, dealing with 4096 bit keys. This CA is necessary to ensure the validation of the chain of trust.
RTE Root CA certificate must now be installed in your browser.
To do so, please go to the following address:
The download window appears:
Click the "Save" button and choose a location to save the file "ACR_RTE_Root_CA_20160303.cer" containing RTE Root CA’s certificate.
Once the download is completed, the following window appears:
Click "Open folder" to go to the directory where you saved the file.
Right-click the "ACR_RTE_Root_CA_20160303.cer" file you just downloaded and choose "Install Certificate".
The installation wizard of the certificate is displayed:
Click on the "Next" button
Select "Place all certificates in the following store" and click "Browse".
In the window that appears, select "Trusted Root Certification Authorities" and click "OK".
Once you have chosen the certificate store, you get the following window:
Click on "Next".
Click "Finish", and if the next window display a security Warning then click "Yes":
Click on "OK".
This CA is the new Client CA of RTE, dealing with 4096 bit keys. This CA is necessary to generate the new PKI’s certificates.
RTE Client CA certificate must now be installed in your browser.
To do so, please go to the following address:
The download window appears:
Click the "Save" button and choose a location to save the file "ACF_RTE_Client_CA_20160303.cer" containing RTE Client CA’s certificate.
Once the download is completed, the following window appears:
Click "Open folder" to go to the directory where you saved the file.
Right-click the "ACF_RTE_Client_CA_20160303.cer" file you just downloaded and choose "Install Certificate".
The installation wizard of the certificate is displayed:
Click on the "Next" button.
Select "Automatically select the certificate store based on the type of certificate" and click "Next".
Click on "Finish".
Click "OK".
The certificates of RTE’s CA you just import are stored in the Certification Authorities store of Internet Explorer.
To view them, click the menu "Tools > Internet Options"
A window appears. Go to the "Content" tab and click the "Certificates" button.
In the window that appears, go to the tab "Trusted Root Certification Authorities". You can see RTE Historical CA’s certificate (here) and RTE Root CA’s certificate (here):
On the tab "Intermediate Certification Authorities" you can see RTE Client CA’s certificate (here):
Select the certificate "RTE Certification Authority"
To ensure the authenticity of this certificate, check that the thumbprint "SHA1" related to the certificate "RTE Certification Authority" is identical to the one presented below.
Select the certificate "RTE Root Certification Authority".
In the tab "Intermediate Certification Authorities", select the certificate "RTE Client Certification Authority"
To be able to authenticate yourself on a website with your smart card, the site URL must be part of the browser’s list of trusted sites