Print this page for reference.
|
If you think that your Identity Certificate is not "functioning properly", you may follow this procedure to see if your Identity Certificate and the associated "Trust Chain" certificates are installed properly. If this procedure results in a positive result (a web page that reads "You possess a valid certificate") then your certificate and the necessary "Trust Chain" certificates are installed properly. This procedure will not help determine if your Encryption Certificate is installed properly; the only way to do that is to try to send and receive Encrypted email. The Certificate "Trust Chain" consists of all the Certificate Server Certificates that are involved in the authority under which your certificate was issued. Your certificate request was digitally signed by an Intermediate Certificate Authority Certificate Server. The ORC ECA Certificate Server digitally signed your certificate with its Intermediate Certificate Authority Certificate. That Certificate was itself signed by the DoD's ECA Root Authority Certificate. So the "Trust Chain" is a heirarchy of certificates: ECA Root CA then to ORC ECA CA then to your ECA certificate. Please be aware that your certificate (and all certificates) are NOT executable files. Meaning that your certificate does not perform any actions itself, but is acted upon by other applications and programs. Like a 'program' your certifcate (and the supporting "Trust Chain" certificates) can be properly or improperly installed. But unlike a 'program' the certificate does not perform any funtions. Your certificate does not authenticate you to a web site; your web browser (Internet Explorer) authenticates you to a web site by using your certificate. Your Certificate does not sign an email; your mail client (Outlook) signs the email with your certificate. |
| 1. Go to http://eca.orc.com |
 |
| 2. From the menu on the left hand side of the web page, select Certificate Tools and then Certificate Test. Click Certificate Test. |
 |
| 3. The "Client Authentication" dialogue box appears. Highlight your name and click the OK button. |
 |
| 4. The "Signing data with your private exchange key!" dialogue box appears. Enter the password assigned to the certificate Private Key and click the OK button. |
 |
| 5. If you receive a web page that reads "You possess a valid Certificate" then your Identity Certificate is installed properly. If you get some other result, or if any step in this process did not occur as shown, then see below. |
 |
| The "Client Authentication" dialogue box is empty. |
 |
| This means that you do not have an ECA Identity Certificate installed. If you have received your Certificate Issuance Notification email, go read it and follow the directions. If you have a backup copy of an ECA Identity Certificate and are trying to intall it on a new computer, read the instructions on importing your certificate from a backup file. If that does not solve the problem, contact the ECA Help Desk. |
| The "Client Authentication" dialogue box shows my name several times. |
 |
| This means that you have two (or more) ECA Identity Certificate installed.
You can only have one valid ECA Identity Certificate at a time. More than likely, one (or more)
of the other certificates is expired (or perhaps revoked).
Go to the instructions for importing you certificate from a backup file. In those instructions; after Step 2, stop look at your certificates. 
One by one, select and then Remove Identity Certificates that have passed their expiration date. (WARNING: Do NOT remove an expired Encryption Certificate until you are SURE that you have made a successful backup copy of the certificate.) If that does not solve the problem, contact the ECA Help Desk. |
| You receive a "The page cannot be displayed" result. This is a certificate test failure. |
There are several things that can cause a failure result. Some of them are easily correctable.
|
