logorte

Web Access to the RTE Information System


mozilla

Microsoft Internet Explorer



Preliminary configuration

Configuration of the security settings

This section is about the configuration of the workstation to support the SSL standard, allowing access to sites with an encrypted connection
( HTTPS protocol ).

In the browser, select the menu " Tools > Internet Options ":

Paramètre de sécurité

Select the tab " Advanced ":

paramètre avancé

In the section " Security ", make sure that the boxes TLS 1.0, TLS 1.1 and TLS 1.2 are ticked, as shown above.


Adding trusted sites

In order to log on to the web sites with your software certificate, it is imperative to add these sites to the list of trusted sites.
The Trusted Sites zone allows the declaration of sites’ names you consider safe.
In this section, you must be logged into the workstation with the Windows account that will use the software certificate.

To do this: open Internet Explorer and click the menu " Tools > Internet Options ".

option internet

In the window that appears, click the " Security " tab. select the " Trusted Sites " icon and click the " Sites " button.

sites

The following window appears:

Fênetre ouverte

In the field " Add this website to the zone ", enter the URL corresponding to the PKI:

https://kregistration-user.certificat2.com

Then click " Add ". The site then appears in the list " Websites " as shown below.

Ajout

Proceed in the same way to add the following websites:

https://portail.iservices.rte-france.com: this is the internet portal
https://secure.iservices.rte-france.com: this is the SSL VPN connection portal

The 3 websites shall now appear in the list " Websites ".

Site web

Click " Close ", then " OK ".

Installing RTE’s CAs certificates

Download and install

RTE Certification Authority

This CA is the Historical CA of RTE, dealing with 2048 bit keys.
This CA is necessary to ensure the cohabitation between the former and the latter PKIs.
RTE Historical CA’s certificate must now be installed in your browser so that it is recognized as a trusted Certificate Authority.

To do so, please go to the following address:

IMPORTANT NOTE

It is imperative to respect the case (upper / lower case) of the site’s address.
https://kregistration-user.certificat2.com/kreg-resources/CSS/RTE/RTE/Certification_Autority_RTE_2048.cer

The download window appears:

Fênetre de téléchargement

Click the " Save " button and choose a location to save the file " Certification_Autority_RTE_2048.cer " containing RTE Historical CA’s certificate.

Fênetre de fin du téléchargement

Click " Open folder " to go to the directory where you saved the file.

Right-click the " Certification_Autority_RTE_2048.cer " file you just downloaded and choose " Install Certificate ".

Installation du certificat

The installation wizard of the certificate is displayed:

Assistant d'installation

Click " Next ".

Assistant d'installation 2

Select " Place all certificates in the following store " and click " Browse ".

In the window that appears, select " Trusted Root Certification Authorities " and click " OK ".

Magasin de certificat

Once you have chosen the certificate store, you get the following window:

Magasin de certificat

Click " Next ".

Magasin de certificat

Click " Finish ".

Magasin de certificat

Click " Ok ".


RTE Root Certification Authority

This CA is the new Root CA of RTE, dealing with 4096 bit keys. This CA is necessary to ensure the validation of the chain of trust.
RTE Root CA certificate must now be installed in your browser.
To do so, please go to the following address:

IMPORTANT NOTE

It is imperative to respect the case ( upper / lower case ) of the site’s address.
https://kregistration-user.certificat2.com/kreg-resources/CSS/RTE/RTE2/ACR_RTE_Root_CA_20160303.cer

The download window appears:

Fênetre de téléchargement

Click the " Save " button and choose a location to save the file " ACR_RTE_Root_CA_20160303.cer " containing RTE Root CA’s certificate.
Once the download is completed, the following window appears:

Téléchargement ACR

Click " Open folder " to go to the directory where you saved the file.

Right-click the " ACR_RTE_Root_CA_20160303.cer " file you just downloaded and choose " Install Certificate ".

Installation du certificat

The installation wizard of the certificate is displayed:

Assistant d'installation

Click " Next ".

Assistant d'installation 2

Select " Place all certificates in the following store " and click " Browse ".

In the window that appears, select " Trusted Root Certification Authorities " and click " OK ".

Magasin de certificat

Once you have chosen the certificate store, you get the following window:

Magasin de certificat

Click " Next ".

Magasin de certificat

Click " Finish ", and if the next window display a security Warning then click " Yes ":

Magasin de certificat

Click " OK ".

RTE Client Certification Authority

This CA is the new Client CA of RTE, dealing with 4096 bit keys. This CA is necessary to generate the new PKI’s certificates.
RTE Client CA certificate must now be installed in your browser.
To do so, please go to the following address:

IMPORTANT NOTE

It is imperative to respect the case ( upper / lower case ) of the site’s address.
https://kregistration-user.certificat2.com/kreg-resources/CSS/RTE/RTE2/ACF_RTE_Client_CA_20160303.cer

The download window appears:

Certificat

Click the " Save " button and choose a location to save the file " ACR_RTE_Root_CA_20160303.cer " containing RTE Root CA’s certificate.
Once the download is completed, the following window appears:

Fin du téléchargement

Click " Open folder " to go to the directory where you saved the file.

Right-click the " ACF_RTE_Root_CA_20160303.cer " file you just downloaded and choose " Install Certificate ".

Installation du certificat

The installation wizard of the certificate is displayed:

Assistant d'installation

Click " Next ".

Assistant d'installation

Select " Automatically select the certificate store based on the type of certificate " and click " Next ".

Assistant d'installation

Click " Finish ".

Magasin de certificat

Click " Ok ".



Magasin de certificat

Visualization and verification of RTE’s CA certificates

Visualization of installed RTE’s CA certificates

The certificates of RTE’s CA you just import are stored in the Certification Authorities store of Internet Explorer.

To view them, click the menu " Tools > Internet Options ".


certificats

A window appears. Go to the " Content " tab and click the " Certificates " button.


certificats

In the window that appears, go to the tab " Trusted Root Certification Authorities". You can see RTE Historical CA’s certificate (here) and RTE Root CA’s certificate (here):

certificats

On the tab " Intermediate Certification Authorities" you can see RTE Client CA’s certificate (here):

certificats

Verification of RTE Certification Authority certificate

Select the certificate " RTE Certification Authority ".

1.2.2.2 - 1 - certificats

Click the button " View ", then click the " Details " tab.

1.2.2.2 - 2 - certificats

To ensure the authenticity of this certificate, check that the thumbprint " SHA1 " related to the certificate " RTE Certification Authority " is identical to the one presented below.

Digital hash of the certificate " RTE Certification Authority " SHA1

SHA1 39:83:D6:10:A2:C4:D5:60:45:A0:C1:D0:E3:FA:E1:42:45:8A:37:12


If this is not the case, delete the certificate and call RTE’s Hotline (here).


Verification of RTE Root Certification Authority certificate

Select the certificate " RTE Root Certification Authority ".

1.2.2.3 - 1 - certificats

Click the button " View " then click the " Details " tab.

1.2.2.3 - 2 - certificats

To ensure the authenticity of this certificate, check that the thumbprint " SHA1 " related to the certificate " RTE Certification Authority " is identical to the one presented below.

Digital hash of the certificate " RTE Certification Authority " SHA1

SHA1 39:83:D6:10:A2:C4:D5:60:45:A0:C1:D0:E3:FA:E1:42:45:8A:37:12

If this is not the case, delete the certificate and call RTE’s Hotline (here).


Verification of RTE Client Certification Authority certificate

In the tab " Intermediate Certification Authorities ", select the certificate " RTE Client Certification Authority ".

1.2.2.4 - 1 - certificats

Click the button " View " then click the " Details " tab.
1.2.2.4 - 2 - certificats

To ensure the authenticity of this certificate, check that the thumbprint " SHA1 " related to the certificate " RTE Certification Authority " is identical to the one presented below.

Digital hash of the certificate " RTE Certification Authority " SHA1

SHA1 C8:53:de:36:da:fd:38:37:c3:de:a5:6c:b0:d1:eb:06:28:f6:dc:ed

If this is not the case, delete the certificate and call RTE’s Hotline (here).

Display and verification of your certificate on smart card

You certificate on smart card is automatically detected by Internet Explorer and no extra configuration is necessary. To display the certificate of your smart card in Internet Explorer, start by inserting your smart card in the reader. You will need to access the web browser certificates store. To do it, open the certificate store via the menu " Tools> Internet Options ":
1.2.2.4 - 1 - certificats
Then select the " Content " tab, and select the " Certificates " button:
1.2.2.4 - 1 - certificats
Another window appears. Select your certificate then click " View ".
1.2.2.4 - 1 - certificats
A window appears and displays the characteristics of the certificate. By default, the " General " tab is selected and displayed.
1.2.2.4 - 1 - certificats


1.2.2.4 - 1 - certificats
It is valid for 2 years from generation date of the smart card. The " Certification Path " tab allows checking the validity of your certificate.

The " Certificate status " and the complete visualization of the certification path indicate that your certificate has been correctly installed.
As well as the trust chain (Root CA + Client CA or Historical CA), which confirms that everything has been configured correctly.
The tab " Details " allows you to view the full name of the holder and the email address to which are attached the certificate.
1.2.2.4 - 1 - certificats


1.2.2.4 - 1 - certificats

Using your certificate

Authentication and encryption

Warning

To be able to authenticate yourself on a website with your smart card, the site URL must be part of the browser’s list of trusted sites
Steps to follow:
  • Insert your smart card,
  • Launch Internet Explorer,
  • Enter the URL to RTE’s application or to " RTE’s customer service portal ":
    https://portail.iservices.rte-france.com
  • during the authentication, the browser will ask you to select the certificate to use for authentication then (if it has been defined) the certificate store protection password, or the PIN code of your smart card,
  • if multiple certificates are presented, choose the one supplied for the application you want (use the button " Display certificate " to visualize its content)
Once authentication is completed, all data you send or receive will be encrypted.


Example of access to an RTE web application

Insert your smart card in the reader.

Enter the URL of the application (starting with " https ") in the Internet Explorer address bar then press Return.

Then, Internet Explorer asks you to select a certificate enabling you to authenticate to the requested site.
1.4.2 - 1
The ligne " Click here to view certificate properties… " lets you view the content of the selected certificate.

Click the " OK " button to access the application.

If necessary, this window will ask for the pin code of your smart card. Enter the code, then click the " OK " button.
1.4.2 - 2
The home page is then securely displayed (appearance of the closed padlock to the right of the URL entry field):
1.4.2 - 3