EmailSharePrint

Enrollment Instructions - Medium Assurance Certificates

Print these instructions: We strongly suggest printing this page before enrolling for your ECA Certificate.

  1. a. Go to the online ECA Enrollment form.
  2. b. In the Select Enrollment Method section, you need to decide your enrollment method:
    • i. If you are able to appear before a Trusted Agent for your organization, select the Subscriber Enrollment using Trusted Agent radio button. What is a Trusted Agent?
    • ii. If not, select the Subscriber Enrollment using Notary radio button.
    • Note: If you are a U.S. citizen located outside the United States, you must use the Notary enrollment method and use the notary public services at a U.S. Consular office.
    • Note: If you are a non-U.S. citizen residing outside the United States, you must use the Trusted Agent enrollment method and use the services of a DoD employee authorized to process the ECA certificate enrollments in your country.
  3. c. In the ECA Certificate Subscriber Information section, complete all mandatory fields marked with a red asterisk.
    • Note: Enter your full legal name exactly as specified on your passport or birth certificate in the First Name and Last Name fields.
    • Note: If you have a suffix after your last name (e.g. Smith, Jr.), enter both your last name and suffix in the Last Name field.
    • Note: Only enter your company's legal business name in the Organization field.
  4. d. In the Select Certificate Validity section, select the radio button for the desired validation period of 1, 2, or 3 years.
  5. e. In the Enter Payment Type section, select the radio button for Credit Card or Pre-Paid.
    • i. If you select the Credit Card radio button, complete all mandatory fields marked with a red asterisk.
    • Note: Your credit card will not be charged until you pick up your certificates.
    • ii. If you select Pre-Paid radio button, enter your sales number order in the Sales Order Number field.
    • Note: You must add an "11" to the beginning of your 8 digit sales order when enrolling.
  6. f. In the Enter a Challenge Password section, enter a password in both Challenge Password and Re-Enter Challenge Password fields.
  7. g. In the Subscriber Agreement section, read the terms and conditions of the Subscriber Agreement.
  8. h. Click the Accept and Purchase button to submit your certificate request.
  1. VeriSign ECA Authentication team cannot approve your certificate request until you submit the ECA Subscriber Enrollment form or the Trusted Agent sends confirmation.
  2. a. Print the ECA Subscriber Enrollment form and review Section 1 to ensure your information is correct, but do not sign this form yet. You must sign the ECA Subscriber Enrollment form in the presence of a Trusted Agent or Notary.
    • Note: If you did not print your ECA Subscriber Enrollment form, follow these instructions:
    • i. Download and print the ECA Subscriber Enrollment form.
    • ii. Fill out Section 1 of the ECA Subscriber Enrollment form, but do not sign this form yet.
  3. b. If you selected the Trusted Agent enrollment method, follow these instructions:
    • i. Take the ECA Subscriber Enrollment form to your Trusted Agent. You must present your valid Passport or Birth Certificate, valid Driver's License and Work ID badge to the Trusted Agent.
    • Note: If you do not have a Work ID badge, you must download and print the Subscriber's Organizational Contact form. Then, a separate full-time employee of your company must fill out and sign the Subscriber' Organizational Contact form. The purpose of this form is to verify the ECA subscriber's employment within the same organization.
    • ii. Sign the ECA Subscriber Enrollment form in the presence of the Trusted Agent.
    • iii. The Trusted Agent must list and confirm viewing documentation, and sign Section 2 of the ECA Subscriber Enrollment form. Then, the Trusted Agent must send a signed and encrypted email to the VeriSign ECA Authentication team verifying the identity-proofing of your documentation.
  4. c. If you selected the Notary enrollment method, follow these instructions:
    • i. Take the ECA Subscriber Enrollment form to a Notary. You must present your valid Passport or Birth Certificate, valid Driver's License, and your Work ID Badge to the Notary.
    • Note: If you do not have a Work ID badge, you must download and print the Subscriber's Organizational Contact form. Then, a separate full-time employee of your company must fill out and sign the Subscriber' Organizational Contact form. The purpose of this form is to verify the ECA subscriber's employment within the same organization.
    • ii. Sign the ECA Subscriber Enrollment form in the presence of the Notary. Then, the Notary must list, confirm viewing documentation, stamp, and sign Section 2 of the ECA Subscriber Enrollment form.
    • iii. Mail the signed ECA Subscriber Enrollment form to:
    • Symantec Corporation
      Attn: VeriSign ECA Authentication Support
      350 Ellis Street
      Mountain View, California 94043
    • iv. Once the ECA Subscriber Enrollment form has been received by the VeriSign ECA Authentication team, you will receive an email confirmation within 7 to 10 business days.

  1. a. After reviewing your ECA Subscriber form, the VeriSign ECA Authentication Support team will approve your certificate request. You will then receive an email stating your ECA certificate has been issued. This email contains an approval PIN required to pick-up your ECA Identity certificate.
  2. b. Click the link in the email to access the ECA Certificate Installation website, enter your PIN, and click the Continue button to download and install the ECA Identity certificate in your web browser.
  3. Note: Make sure you use the same computer and web browser (Internet Explorer or Firefox) to pick up your certificates. Otherwise, you will receive an error message.
  4. c. After installing the ECA Identity certificate, you will immediately download and install the ECA Encryption certificate on your smart card or USB token.
  5. Note: Windows may prompt you to select a certificate to pick up the ECA Encryption certificate. If you get a pop-up window, select your ECA Identity Certificate and click the OK button.

You must install both VeriSign ECA CA and DoD Root CA certificates to create a chain of trust. Web browsers (e.g. Internet Explorer) and email software (e.g. Microsoft Outlook) validate your ECA Identity and Encryption certificates by verifying this chain of trust.

  • Internet Explorer
  • Firefox
  • Secure Email

Install CAs Using Internet Explorer 6, 7, 8

Download the VeriSign ECA root certificates to your Windows Desktop:

  1. 1. Go to https://eca2048.verisign.com/CA/ECARootCA2048.cer
  2. 2. Select Save
  3. 3. In the “Save As” window, select Save
  4. 4. Go to https://eca2048.verisign.com/CA/VeriSignECA2048-G2.cer
  5. 5. Select Save
  6. 6. In the “Save As” window, click Save

Download the DoD root certificates to your Desktop:

  1. 1. Download Root CA 2 Certificate (filename: Rel3_dodroot_2048.p7b)
  2. 2. Download External Certification Authority (ECA) Root CA. (filename: dodeca.p7b)
  3. 3. Download External Certification Authority (ECA) Root CA 2 Certificate. (filename: dodeca2.p7b)

Use the following procedures to individually install all of them:

  1. 1. From Windows, in the lower left hand menu, select Start > All Programs > Accessories > Command Prompt (the Command Prompt may be located in a different location on your computer)
  2. 2. From the command prompt window, type mmc
  3. 3. Hit Enter.
  4. 4. If you see: “Do you want the following program to make changes to your computer?” Click Yes
  5. 5. From the Console Root, select File > Add/Remove Snap-in
  6. 6. From the list, select Certificates
  7. 7. Select the Add button > My user account > Finish > OK
    NOTE: It may automatically add the snap-in without prompting you to select an account
  8. 8. From the left Console Root tree, select on the small triangle to the left of the certificates icon then do the same for Console Root > Certificates (Current User) > Trusted Root Certification Authorities > Certificates
  9. 9. Right-click Certificates > All Tasks > Import
  10. 10. A certificate import wizard will appear; select Next
  11. 11. Select “Browse” and search for your certificates on your Desktop. If you don’t see them, click on the button above the Open and Cancel buttons and change the file type to All Files (*).
  12. 12. Select the file to import and select “Next” in the next screen.
  13. 13. Place the certificate in the Trusted Root Certification Authorities store and select Next.
  14. 14. Select Finish
  15. 15. You should see “The import was successful”.
  16. 16. Go back to step 9 above and repeat all steps for all root certificates.

NOTES:

  • You may be required to click “Yes” several times when importing DoD Certs. The rel3_dodroot_2048.p7b may require multiple clicks.
  • When all certs have been installed, you may exit all windows.
  • Click No when asked to save Console 1 settings




Install CAs Using Firefox

You need to install both the ECA Root CA certificate and the VeriSign ECA CA certificate to use your digital certificates.

Open the browser on the computer where you need to install the certificates. You will download two certificates and they will automatically install in your system.

Install the ECA Root CA Certificate

  1. 1. Download ECA Root CA Certificate.
    To download 2048 bit CA certificate, click Download 2048 bit ECA Root CA Certificate.
  2. 2. You will see a window entitled "Downloading Certificate". Check all the boxes entitled "Trust this CA ..."
  3. 3. Select OK at the bottom of this window.

Install the VeriSign ECA CA Certificate

  1. 1. Download VeriSign ECA Root CA Certificate.
    To download 2048 bit CA certificate, click Download 2048 bit ECA Root CA Certificate.
  2. 2. You will see a window entitled "Downloading Certificate". Check all the boxes entitled "Trust this CA ..."
  3. 3. Select OK at the bottom of this window.

Secure Email Installation

You will see a series of windows entitled "New Certificate Authority":

  1. 1. In the first window, click on "View" and compare the displayed "fingerprint" with the one on your Certificate Registration Instructions.
    If they are not the same, stop and notify your Local Registration Authority.
    If they are the same, click on "OK". Then click on "Next >".
  2. 2. In the next window: Click on the first two check boxes and click on "Finished".
    If you see a window stating "The certificate cannot be imported. This certificate is already in your database," click "OK".

After reading the above instructions, click on Download Root CA 2 Certificate.

Then, using the same instructions, click on Download External Certification Authority (ECA) Root CA Certificate.

Then, using the same instructions, click on Download External Certification Authority (ECA) Root CA 2 Certificate.

If you need to trust certificates from any of the retired Root Certification or Intermediate Certification Authorities for any reason click here.

Learn More
Need More Info?
Please see the ECA Certificates Knowledge Center for more help and service advisories. Contact Us
Technical Support Phone:
1-866-202-5570 (option 2) or 650-426-3996

For sales support of 10 or more certificates:
650-426-3614 or
eca_sales@symantec.com

For order status and enrollment questions:
eca-authentication@symantec.com

For installation questions:
eca_support@symantec.com
ECA Certificates Support