Creating a User Account

You can browse the public content of the Registry without logging in to the Registry. However, to gain read access to private objects and write access to public objects, you must have a user account with the Registry. After you create a user account, you can perform secure operations such as publishing, modifying, and removing objects.

Creating a user account involves the following general steps:

1. Fill out a new user's details form.

2. Associate a set of credentials with the user account. You can obtain these credentials in either of two ways:

   • The Registry can generate credentials for you. This is the simpler way to obtain credentials.

   • If you have a certificate issued by a third-party certificate authority, you can use this certificate to obtain credentials. Before you can use the certificate, an administrator must install the third-party root certificates into the Application Server domain for the Registry. See To Add Root Certificates to the Trusted Certificates in the Registry Domain in Service Registry 3 2005Q4 Administration Guide for details.

To create a user account, perform the following tasks:

• Starting the User Registration Wizard

• Either Obtaining a Registry-Generated Certificate or Using a Third-Party Certificate

• Either Loading the Certificate into the Mozilla or Firefox Web Browser or Loading the Certificate into the Internet Explorer Web Browser

• Logging In to the Registry

• Authenticating to the Registry

Starting the User Registration Wizard

Steps

1. Click Create User Account in the left menu area.

2. Click the Start Registration Wizard button.

3. Read the instructions under Step 1: Requirements and click Next.

4. Fill out the New User's Details form.

   You must provide a first name and last name for the user. All other fields are optional.

   After you log in, the first and last names appear after the Current User label in the top banner area of the Web Console.

5. Click Next.

   The User Authentication Details page appears.

6. On the User Authentication Details page, select one of the following radio buttons:

   • Select Generate Key Pair and Download PKCS12 KeyStore (the default) if you want the Registry to create a certificate for you. See Obtaining a Registry-Generated Certificate for details about this task.

   • Select Upload X509 Certificate (DER) if you want to use an existing third-party certificate. See Using a Third-Party Certificate for details about this task.

Obtaining a Registry-Generated Certificate

Follow these steps if you selected the Generate Key Pair and Download PKCS12 KeyStore radio button on the User Authentication Details page.

Steps

1. On the User Authentication Details page, type a user name in the Alias text field.

2. Type a password in the Password and Password (repeat) text fields.

3. Type values in the text fields, if the fields are not already filled in.

   The text fields are as follows:

   • Organizational Unit

   • Organization

   • City

   • State or Province

   • Country

   The Name field contains the name that you specified as the Last Name in the New User's Details form. If you specified a City, State or Province, or Country in the New User's Details form, the text fields contain those values.

   All fields are required.

4. Click Next.

   A page labeled Step 4: Load Key to Web browser appears, with the message “New user successfully registered.”

5. Click Download.

6. In the dialog box, choose the option that allows you to save the generated certificate to disk. In the file chooser dialog, choose a directory and name for the file.

   The file must have the suffix .p12.

   The default action is to save the certificate in your home directory, in a file that is named generated-key.p12.

Next Steps

Next, you must import the generated certificate into your web browser. See Loading the Certificate into the Mozilla or Firefox Web Browser or Loading the Certificate into the Internet Explorer Web Browser for details.

Using a Third-Party Certificate

Follow these steps if you selected the Upload X509 Certificate (DER) radio button on the User Authentication Details page. These steps place the certificate in the server keystore for the Registry and load the certificate into the web browser.

Before You Begin

The third-party certificate must be in X.509 format. Typically, the certificate is in a file with the suffix .cer.

Steps

1. On the User Authentication Details page, click the Choose Certificate File button.

2. In the File Upload dialog box, click the Browse button to locate the file to upload, then click Upload File.

3. Click OK.

   The name of the file appears on the User Authentication Details page next to the Choose Certificate File button.

4. Click Next.

5. On the Step 4: Load Key to Web browser page, follow the instructions to import the certificate into your web browser if it is not already there.

   See Loading the Certificate into the Mozilla or Firefox Web Browser or Loading the Certificate into the Internet Explorer Web Browser for details.

Loading the Certificate into the Mozilla or Firefox Web Browser

Steps

1. Choose Preferences from the Edit menu.

2. Click the Privacy & Security category on the sidebar to expand the options.

3. Click Certificates.

4. Click the Manage Certificates button in the right main panel.

   The Your Certificates tab appears.

5. Click the Import button.

6. In the File Name to Restore file chooser dialog, select the .p12 certificate file, then click Open.

7. In the Prompt dialog, type an account password for the Master Password for the Software Security Device.

   This password is specific to your browser account and is assigned by the browser profile owner. A common convention is to use the same password as the login account on the client machine.

8. In the Password Entry dialog, type the certificate password.

   This password is used to protect the client certificate. If you are using a registry-generated certificate, type the password that you specified on the User Authentication Details page.

   An Alert dialog with the message: “Successfully restored your security certificate(s) and private key(s)” appears.

9. Click OK.

10. Close the Certificate Manager and Preferences dialogs.

Next Steps

After you import the certificate, you are ready to log in to the registry. See Logging In to the Registry for details.

Loading the Certificate into the Internet Explorer Web Browser

Steps

1. Choose Internet Options from the Tools menu.

2. Click the Content tab.

3. Click Certificates.

4. Click Import to open the Certificate Import Wizard.

5. In the Certificate Import Wizard, click Next.

6. On the File to Import page, click Browse and locate the .p12 file, then click Next.

7. On the Password page, do the following:

   1. Type the password that you specified for the certificate.

   2. Select the Mark the Key as Exportable checkbox.

   3. Do not select the Enable Strong Private Key Protection checkbox.

   4. Click Next.

8. On the Certificate Store page, choose the default, Place All Certificates in the Following Store (Personal), then click Next.

9. Click Finish.

10. Click OK in the information dialog that appears.

    The new certificate, with the first and last name you specified, appears in the Certificates window.

11. Click Close in the Certificates window.

12. Click OK in the Internet Options window.

Next Steps

After you import the certificate, you are ready to log in to the registry. See Logging In to the Registry for details.

Logging In to the Registry

After you import a certificate to the web browser, you are ready to log in.

Steps

1. On the Step 4: Load Key to Web browser page, click the Finish button.

2. In the top banner area of the Web Console, click the Login button.

3. Click OK in the dialog boxes to verify the certificate.

   After you log in, an “Authentication successful.” message appears in the top banner area.

Authenticating to the Registry

After you log in to the Registry, authentication happens transparently whenever you try to add, delete, or modify a Registry object, because any write request triggers authentication based on the client certificate loaded into your web browser.

After authentication is completed, access to the Registry is over https .

When your session expires, you are no longer authenticated by the Registry. A subsequent write request prompts the Web Console to re-authenticate you.

If authentication fails, stop and restart your web browser and try again.