BT: Onsite Lite: FAQ's

Onsite Lite: FAQ's

1. What is OnSite Lite?
2. Why do I need digital certificates?
3. Who would a company issue certificates to?
4. What do I need in order to use OnSite Lite?
5. Will your service work with my existing corporate directory?
6. Do you support Key Escrow?
7. Is a Certificate Server a better deal?
8. Why is BT offering this service?
9. Where can I get Pricing Information?
10. Can I have more that one Administrator?
11. How do I purchase OnSite Lite?
12. How long will it take to process my order?
13. What are the technical requirements for using OnSite?
14. What are the technical requirements for using Onsite?
15. What Class are the Administrator and Subscriber IDs?
16. Do I need a Secure Server Certificate to use OnSite Lite?
17. How does Certificate Revocation work?
18. Why should I purchase OnSite?

1. What is OnSite Lite?

OnSite Lite allows companies to set up their own Certificate Authority (CA) quickly, easily, and inexpensively. OnSite Lite provides all of the expertise and resources required to maintain the daily operations of certificate lifecycle management, including the generation and issuance of certificates, renewal of expired certificates, revocation and cancellation of terminated certificates. OnSite enables an organisation to operate a robust business class CA at a fraction of the cost and effort of "do it yourself" offerings. It provides the customer with the ability to control certificate issuance, customise information stored in certificates, and customise web-based templates to meet specific enrolment needs.

OnSite Lite customisable features make it easy to implement and manage. End-users simply need to use Microsoft Internet Explorer version 4.01+, Netscape Navigator or Communicator versions 4.06+.

2. Why do I need digital certificates?

Digital certificates provide significantly stronger security than username/password solutions, and are also easier for administrators to manage and for end users to use. Digital certificates enable organisations to easily add high levels of security to their applications such as Internet, intranet, extranet access and e-mail.

3. Who would a company issue certificates to?

The certificates serve as unforgettable electronic credentials for employees, customers and business partners, enabling secure access to important corporate data, provide privacy and confidentiality for internal and external corporate communications by enabling users to digitally sign and encrypt e-mail messages. Employees would most likely use certificates to sign and encrypt company e-mail messages, and to access internal corporate Web pages. An organisation might also issue certificates to a set of their customers for adding security to business transactions online or controlling access to a premium Web service.

4.What do I need in order to use OnSite Lite?

Your Administrator will need a Netscape 4.06+ browser, or Microsoft IE5+, because these browsers have the integrated smart card support required. BT Ignite provides the smart card reader, which you will plug into your PC's serial port, and a smart card to store your Administrator certificate on. (Please note: Smartcard and Reader are optional extras with some variants of OnSite Lite. Customers have the option to store Administrator Certificates in their browsers).
If you intend to purchase a Smartcard and Reader for use outside of the UK you will need to complete a Customer Declaration form. This is a requirement of the UK Government. You can download the form by clicking here.

End-users need Microsoft Internet Explorer versions 4.01+, Netscape Navigator or Communicator versions 4.06+.

5. Will your service work with my existing corporate directory?

BT is committed to full support of the Lightweight Directory Access Protocol (LDAP) directory standard. While BT does not provide a directory service as part of OnSite, we do provide a full range of tools and services for integrating OnSite information into your corporate directory of choice. BT's Directory toolkit, available as an extra cost add-on for OnSite, supports full, automated integration of OnSite certificate and revocation information into any directory which supports LDAP for adding information. In addition, the basic OnSite service includes the ability to download directory information in the standard LDIF format, which can then be edited and/or uploaded to any customer directory or database which supports LDIF.

6. Do you support Key Escrow?

BT can provide Key Escrow features with Key Manager, an optional package available with Enterprise Solutions (OnSite & OnSite Single Application). This feature is not available with OnSite Lite.

7. Is a Certificate Server a better deal?

Purchasing a certificate server software is only the beginning of a very involved process. Administrators need to: purchase hardware to run the software on; learn how to set-up and use the software; learn how to administer and backup the certificate database; and maintain the system over time. This can easily cost more than OnSite Lite during the first year when the hardware and software costs are added to the value of the time spent on the required tasks. With OnSite Lite, all you do is sign up, and we take care of the rest. You decide who you want to issue certificates to, while we manage the database, administer the server, backup the system daily, and perform all the other overhead work that comes with operating a high availability certificate service.

8. Why is BT offering this service?

Many companies want the benefits of issuing and controlling certificates for their employees, partners, or customers, without assuming the headaches and responsibilities of operating their own certificate server internally. With OnSite Lite, organisations get the same level of control as with a certificate server, while avoiding overhead and infrastructure work they don't need or want. OnSite Lite customers also benefit from BT's expertise in the areas of public key cryptography and certificate usage, as well as BT's unmatched support for both existing and new applications. OnSite Lite also allows customers to issue either private certificates that can be customised for specific use within the organisation, or public certificates that can be used for secure internal communications and to secure e-mail messages sent outside the organisation and enable secure access to other publicly accessible Web sites requesting digital certificates.

9. Where can I get Pricing Information?

For the latest pricing, click here.

10. Can I have more that one Administrator?

You may create additional administrators once your initial application has been accepted. For the latest pricing, click here.

11. How do I purchase OnSite Lite?

OnSite Lite can be purchased on-line, you will be asked to select from the Public or Private certificate options.

12. How long will it take to process my order?

Public OnSite

Public OnSite should not take more than 5-7 days. Factors which may delay you order are the authentication of your company and the time it takes to receive the signed OnSite Contract.

Private OnSite

Private OnSite may take up to 10-14 days to process. Due to BT's Private CA creation schedule, customers are activated once a week. Timely submission of your signed contract will greatly help in keeping delivery on schedule.

13. How do I use OnSite to approve, reject, or revoke subscriber certificates?

OnSite Administrators are granted access to a special set of web pages to administer certificates. From this location, Administrators control the authentication, approval, revocation, and reporting functions.

14. What are the technical requirements for using OnSite?

A Netscape Communicator 4.06+ or Microsoft IE5+ to obtain and operate your Administrator's certificate.

Window 95, 98 or NT. The runtime environment for earlier versions of Windows 95 may not provide the necessary components for OnSite Smart Card. If the OnSite Smart Card installation program displays errors such as "The required file MFC42.DLL not found," you will need to upgrade your Windows 95 to include this .dll. This file may be downloaded free at: http://msdn.microsoft.com/visualc or from the Microsoft Developer Studio (a.k.a. Visual C++) v4.2 or later.

15. What Class are the Administrator and Subscriber Certificates?

OnSite Administrator Certificate's come with BT Ignite's Class 3 high level assurance. Administrators issue to subscribers BT Ignite's Class 2 certificates or their own private certificates, depending on the type of OnSite chosen (public or private). These classes are differentiated by their assurance level - the level of confidence that can be placed in the Digital Certificate based on knowledge of the process used to verify the owner's identity. The identification requirements are greater for higher numbered classes.

16. Do I need a Secure Server Certificate to use OnSite Lite?

You do not need a Secure Server Certificate to use and administer the OnSite Lite Service. All functions performed at the OnSite Administrative pages are automatically secured for you by BT Ignite. You will only need a Secure Server Certificate if you intend to use the end user certificates issued from your OnSite service to access information via the web and SSL (this is known as client authentication/Access Control).

17. How does Certificate Revocation work?

When a certificate is revoked, it's operational period is considered terminated immediately. When an administrator revokes a certificate, the BT repository is updated to reflect this status.

18. Why should I purchase OnSite?

OnSite Lite is for companies that want to use corporate digital certificates, on either their Intranet or the Internet. Using certificates requires both properly issuing the certificates to end users, as well as managing the certificate's lifecycle while they're being used. This includes revoking, renewing and managing other certificate lifecycle services. OnSite Lite provides all the functions necessary to use digital certificates in your corporate Intranet or Extranet, without requiring you to purchase or manage any additional hardware or software.