Enabling Signer Utility: Why and How to Install PKI Component for ICEGATE?
The dawn of digitalization is driving businesses to create seamless online operations but are most often overwhelmed by digital documentation management. The most impacted by such hassles are exporters and importers as they need to file multiple shipping documents when they are moving goods between countries. They deal with an assorted set of documents, create and maintain bills of lading, generate bills of entry, get proof of ownership of goods, and obtain transfer documents.
To help such businesses the Indian government has started the initiative – the ICEGATE (Indian Customs and Central Excise Electronic Data Interchange) also called the Electronic Commerce Gateway. The portal helps millions of importers, exporters, and cargo service providers maintain their databases on a unified system, using a unique ICEGATE ID. It eases their record management process, payment of taxes, application for receiving licenses from government agencies, and more. It has primarily changed the way over 7 lakh members run their businesses by ensuring streamlined data availability.
The portal utilizes several secure systems to ensure the security of communications and online transactions made by businesses. One such service is PKI.
What is PKI?
PKI stands for Public Key Infrastructure. It is a system that allows users to encrypt and digitally sign files or documents. PKI certificates can authenticate the identity of users, devices, or services by using a combination of programming, hardware, security policies, and procedures. PKI identifies a public key along with its purpose. It usually consists of the following components:
- A digital certificate also called a Public key Certificate
- Private Key Tokens
- Registration Authority
- Certification Authority
- CMS or Certification Management System
Each certification authority (CA) has its certificate. Thus, trust is built hierarchically where one CA issues certificates to other CAs. Moreover, there is a root certificate that is self-signed. For a root CA, the issuer and the subject are not two separate parties but a single party.
Security of Root CA
As you saw above, the ultimate authority is the root CA. Hence, the security of root CA is of huge importance. If the private key of a root CA is not taken care of, then it might turn into a catastrophe. This is because anyone disguised as the root CA can then issue certificates. To meet security standards, a root CA should be offline 99.9% of the time. However, it does need to come online to create public and private keys and to issue new certificates. Ideally, these activities should be performed 2-4 times a year.
Why Install PKI for ICEGATE?
A PKI is an essential component for secure online communication and transactions. It is a client-side utility that helps in file verification and document signing. It allows users to use digital certificates for authentication. The new signing utility requires the PKI component to be installed on the user’s machine.
ICEGATE allows its members to avail of its online services using a class 3 digital signature. Businesses should purchase these digital signatures from agencies such as eMudhra as they are registered certifying authorities in India.
Using PKI, your business can use digital signatures securely to access ICEGATE services and ensure worry-free operations.
Prerequisites for Installing PKI
PKI is now a pre-existing feature on modern web browsers. The prerequisites for installing PKI for ICEGATE are:
- Java: Java 1.8x or higher version
- 32-bit Java
- Local system: Administrative rights
- Internet access
- Windows: Windows Server 2008 R2 or later for server, Windows 7 or later for desktop
Download PKI for ICEGATE
You will need to download PKIComponent.zip from ICEGATE.gov.in to begin the process of installing PKI for ICEGATE.
The ICEGATE website offers instructions to enable PKI components. It recommends downloading and installing the DSC, the ICEGATE PKI Client, and other components.
If you face issues with this download type you can also try the latest version of DigiCert PKI Client from your PKI Manager console:
- Open Internet Explorer
- Enter https://www.java.com/en/download/ in the address bar
- Download the setup and run
- Click on “Verify Java Version”
- Allow Java to run
- The browser will display a successful page
For Chrome you will need to:
- Go to the Customize button
- Select options
- Go to advanced options
- Under HTTPS/SSL, select the certificates button
If issues persist, you should reach ICEGATE Support at 1800-3010-1000. The service is available from 10:00 AM to 6:00 PM on working days.
Installing PKI for ICEGATE in Desktop/Laptop: Step-by-Step Process
Wondering how to install PKI for ICEGATE on your desktop or laptop? Follow these steps:
- Add the ICEGATE website to the Java security setting’s exception site
- Go to the control panel
- Select Java
- Click the Security tab
- Click Edit Site List
- In the new window, add https://www.icegate.gov.in
- Click Add
However, your PC configuration will also impact the installation process. If you find it difficult to execute PKI Component functions, you can try these steps:
- Click Advanced
- Untick USE SSL 2.0 compatible ClientHello format
- Click Apply and OK
- Restart your browser
- Try signing on to ICEGATE
Troubleshooting for Error Connecting to PKI
If you run into errors connecting to PKI, you will need to conduct some checks to locate the error and resolve it. You need to look into the following:
- Status of the certificate: Many times the validity of the certificate may have expired. In such cases, an error occurs and you are not able to connect to PKI.
- Outdated Java version: This is another critical problem faced by businesses when trying to install PKIs. It is better to uninstall older Java versions, as several Java versions may be installed on your system.
- You may need to check your Chrome settings and enable them. Restart the browser to allow smooth installation
- Adding ‘ncode’ is another solution that solves the installation of PKI issues. When you add ncode.in to your compatibility view settings, it enables smooth installation.
- You can also set the value for security.mixed_content.block_display_content** to true, if issues persist.
However, if there are further installation issues, it is best to use the services of PKIs or managed service providers.
PKI is used to secure data transfers, protect confidential data, provide unique identities to users and systems, and secure end-to-end communications. By installing PKI for ICEGATE your business becomes enabled for signer utility. This facility helps businesses to transform their operations, documentation, and databases to electronic format on a secure platform. Members can handle online tax payments, IGST reimbursement, and all types of e-payments directly from the portal, easing the management of records. More importantly, ICEGATE partners with businesses to track their records, check their status, and reside online payment 24/7.
ICEGATE’s Common Signer Utility is a tool that is platform-free and can verify DSC validity and online checks seamlessly. Businesses can use this facility to sign PDF files to ease business transactions. Exporters and importers use it to digitally sign customs documents. The latest feature is the (n)Code Signer Utility for ICEGATE running on Java runtime environment 1.7/1.8.
One of the most commonly used PKI security is SSL certificates on websites. The icon on the web browser indicates the website is secure and they are sending information to the recipient. PKI is also used to handle digital signatures and authenticate Internet of Things devices.
One of the most commonly used forms of Public Key Infrastructure in software development and production is code signing. By incorporating the PKI code, developers ensure the website is safe for the exchange of information as encryption, authentication, and integration are routinely handled by PKI.
PKI uses passwordless authentication to optimize security. It is a private key related to a certificate and is very difficult to crack using brute force attacks.