Procurement Integrated Enterprise Environment - FAQ Certificate Modernization
 

1. As a PIEE User with a Smart Card, where can I find additional certificate support and troubleshooting information?

Answer: Additional information may be found on the PIEE Homepage by clicking the link for ‘Get help with CAC / PIV Login’.

Page reflects

  1. Authentication Certificate, if present, will be used for login. If not present, ID Certificate will be used instead.
  2. Email or ID certificates will be used for document signing.
  3. Certificate trouble shooting section will be updated to reflect updated certificates.

Link may be found here: Get help with CAC / PIV Login

This image displays a Smart Card Support Page Link 'Get help with CAC / PIV Login'.


This image displays the Get help with CAC / PIV Login page.



2. While I am registering as a new user that requires the use of a Smart Card which certificate should I select?

Answer: The System will display a single cert that will be available for registration. If the Authentication Certificate is available that will be displayed otherwise the ID Certificate will be displayed during Smart Card registration.

  1. The Authentication Certificate must contain key usage of "digital signature" and enhanced key usage of "client-authentication".
  2. ID Certificate must have key usage of “digital signature."

This image displays the Certificate Modal for Smart Card Registration.



3. While I am signing a document with a Smart Card which certificate should I select?

Answer: The system will choose a certificate that contains the key usage of "digital signature" and "non-repudiation", during document signing. When a user is signing a document, the certificate common name must match the common name of the certificate the user is logged in with. The PIEE signature requirements has changed to allow support for all major browsers and no longer requires the user to select the certificate, the system will automatically select the appropriate certificate.

This image displays the Certificate Modal for Smart Card Document Signing.



4. While I am changing authentication type to Smart Card which certificate should I select?

Answer: The user will need to export their Authentication Certificate if present or their ID Certificate otherwise from their Smart Card. This will allow them to upload the Certificate to PIEE while changing their Authentication Type to CAC/PIV.

Internet Explorer: The user may export their certificates from the Smart Card by following these steps:

  1. Navigate to Internet Options in the browser and select the Content tab.
  2. Select the Certificates button and locate the correct Certificate. The preferred Certificate is Authentication, alternatively the ID Certificate can be used. Highlight the appropriate certificate from the list and click the Export button.
  3. Follow the Certificate Export Wizard instructions and save the certificate locally.
  4. Once the export is successfully completed navigate to My Account on the PIEE Homepage. Select Change Authentication Type and click the Choose File button. Browse for the Authentication Certificate which was saved locally, select the Certificate and click the Upload Certificate button.
  1. The Authentication Certificate must contain key usage of "digital signature" and enhanced key usage of "client-authentication".
  2. ID Certificate must have key usage of "digital signature."

This image displays the Certificate Modal for Smart Card while changing the account Authentication type.



5. While I am logging into PIEE with a Smart Card what certificate do I select?

Answer: The System will display the Authentication Certificate if present during Smart Card Logon. When Authentication certificate is not present, user must select ID Certificate during Smart Card Logon.

  1. The Authentication Certificate must contain key usage of "digital signature" and enhanced key usage of "client-authentication".
  2. ID Certificate must have key usage of "digital signature."

This image displays the Certificate Modal for Smart Card while logging into PIEE.



6. I am an existing Smart Card User in PIEE that registered with the ID Certificate, but Authentication certificate is also present on my Smart Card, which one will I select to logon to PIEE?

Answer: The System will only display the Authentication Certificate if present during Smart Card Logon. The System will automatically update the account with the new Authentication certificate and replace the ID certificate on the account during initial Smart Card Logon.

  1. The Authentication Certificate must contain key usage of "digital signature" and enhanced key usage of "client-authentication".

This image displays the Certificate Modal for Smart Card while an exsiting user is logging into PIEE.



7. As a user with an expired Smart Card that was originally registered with the ID certificate and my newly issued Smart Card has Authentication certificate, I would like to logon with the replacement Smart Card so that I may access PIEE. Will I be able to use the new replacement Smart Card to Logon to PIEE?

Answer: The System will only display the Authentication certificate during Smart Card Logon. The System will automatically update the account with the new Authentication certificate and replace the ID certificate on the account during initial Smart Card Logon.

  1. The Authentication Certificate must contain key usage of "digital signature" and enhanced key usage of "client-authentication".
  2. After logon the system will automatically send the user an email with information about the account certificate update.

This image displays the Certificate Modal for Smart Card while an expired CAC for an exsiting user is logging into PIEE.


This image displays the Certificate Modal for Smart Card while email sent for CAC update on account while logging in with a new certificate.



 Previous  Close