CA Technical Service Process

Changing jobs is also a matter of changing mood. If there is too much difference in jobs, the mood will also change to the ground. Wrong, it should be from one ground to another. Programming work is naturally more like, check the information, ask others to confuse the past, and there is no direct customer's life-saving ringtones, time can be controlled by themselves, work will be easy ......

Of course, no one is easy. New projects have been fully involved. Bad start, and then keep getting worse. Every time you encounter any problems, I will ask the Shanghai Company for advice. Although there is no technical skill, I am familiar with phone calls.

The following is a summary of the notes. The notes have always been simple and have poor memory. If there are omissions, they will be completed in the future.

 

I took over the CA Service. Although I don't need to sell and drink, I have to work hard to do a good job after-sales. Service provision is divided into media procurement technology docking certificate production on-site debugging customer training

 

Media procurement

After the CA system is built, some USB keys will be provided, which will be less expensive. After use, you must purchase the product by yourself. Generally, USB key brands include Apsara, Haitai, hengbao, and so on. They all use 32-bit ZTE chips, and the prices for non-drive devices are about 30 yuan. Regardless of the price, the best appearance is considered as the best of Huada, followed by hengbao, the most ugly Feitian, one side of the knot. In terms of functions, Apsara and Haitai, which are the most widely used, are the most closely related to the system of Apsara and Ge (recommended by GE) and have the least problems, supported by win7 is more perfect (available in lite versions ). The use of Haitai is poor, and the pop-up input pin code dialog box and Certificate Manager UI design are not flattering. The support for win7 is also luck (we have never used a genuine win7 system ), many flagship lite versions cannot find the key (Customer Service says they are okay with the genuine flagship version, and they are depressed ). My professional edition is not completely installed, and the uninstallation program is not installed. Because it is pirated, it is hard to say anything ...... As for after-sales services, they are very enthusiastic. Some of them have no business contact and will help me solve the problem enthusiastically. They are very professional. Haitai has many customer service contacts (because they are new contacts, so there are a lot of communication). It seems like a girl in the north, and she is very emotional and has done some remedial work for my mistakes ...... In the middle of Apsara's key, Ge is responsible for protection, test-driven, and so on. You don't have to worry about it. You can use it with your hands, but you don't have to worry about it ......

After determining which key to purchase, we will discuss the details with the customer service of the other party's project. Here we should note that we should first give it to the other Party:

1. Root Certificate. You can import the driver to your browser when installing the driver.

2. Requirement List (whether the exterior and Driver Installation interfaces are available, etc. We hope to customize them)

3. Distribution Method. Each key has a packing box. We recommend that you separate the key from the packing box.

 

What you need to ask:

Driver user admin tool (sometimes there is a separate formatting tool), ISO burning tool (the so-called non-drive is separated by a key driver identified by a CD, the tools provided by the manufacturer can write a large number of image files)

 

The manufacturer needs to test the key immediately after sending the test key. The recommended test environment is:

Win2k + ie5, WINXP + IE6, Vista + IE7, win7 + IE8

Testing, especially WINXP, is still the mainstream. There are many win7 versions and more lite versions, so you can test the original version.

Conditions for passing the test:

1. Whether the root certificate is imported to IE.

2. Create a test dual certificate.

3. Check whether the PIN code input is displayed through HTTPS and the connection is normal.

There are always omissions in the test, so we hope that more people will do it.

 

After the test is passed, the manufacturer can deliver the goods, which is usually formatted by the other party, saving time in the key burning process in the future.

 

The general packaging price is very cheap, but the quality is also required, such as the size of the box, what style (recommended matchbox, not only convenient storage, but also neat and beautiful ).

 

Technical connection

After the project is filed, contact the application company immediately, and try to provide relevant information as much as possible, and then set up a test gateway. Email a text certificate. You can start the test. There won't be many problems in local testing. First, it is not very difficult. It is a well-debugged security network and server. Second, the requirements are not very clear (when the site arrives, the requirements will be clear, especially those of temporary leaders). For experienced programmers, soon.

 

Certificate creation

This is about batch production. When the customer submits the list, they need to create it immediately.

The personal certificate list must be

Organization Name

Name

ID card

Email

It would be better to provide more detailed information such as positions, office addresses, and phone numbers.

Organization certificate must have

Organization Name

No. (Organization Code)

Other such as the business registration number, the more the better.

Follow the batch import tables given by GE to import tables and import the tables into the system (each 50 tables are divided into one table and imported multiple times to prevent errors ).

Persons with problems (incorrect ID cards) should return the information to the information provider as soon as possible. If the problem persists, a problem personnel table will be created.

 

Labels must be attached to the box of each key, usually to the side of the box, so that it is convenient to search. Take out the import table and create a label table for the label printer. The list includes the name and key serial number.

A printed table is created because the key is assigned to different users. The printed table contains the username, code, key serial number, and whether there are errors. 50 people and one table, so that it is easy to give you a piece of evidence.

 

There is a long way to go, and there are always a few wrong steps. There will always be more than 10 Wrong keys in large batches. There are still problems with keys themselves, most of which are caused by network disconnection. Only one pair of certificates is burned in. This status can only cancel the original re-burn key.

 

After completing the configuration, you need to provide a list, username + ID + unique ID code (here you can use the certificate serial number to obtain it directly from LDAP)

Import table, label table, print table, submit table, error table.

 

On-site debugging

On-site debugging is a part of luck. I don't know what will happen on-site debugging. But certainly, the work will never be smooth sailing.

Currently, two gateways are used:

Security Gateway

Signature Gateway

The advantage of security gateway is that you can directly establish an HTTPS channel to ensure communication security. You can use cookies to obtain certificate content for programming convenience. Disadvantage: 1. Separate VPN gateway, so it cannot be nested with HTTPS again. 2. Establish a tunnel, which has a great impact on the speed. 3. If the gateway is configured to generate a loop, the problem may be slow.

The advantage of the signature gateway is that it can sign data. No tunnel, pure HTTP, easy to use. The disadvantage is that the client needs to install controls (controls are inherently a tough thing), which is difficult to program.

Because more and more people are using their own ssl vpn, you need to be very careful when using the security gateway. The extensive use of mobile phones has also led to the increasingly declining use of controls.

Most configuration gateways are the same. Be sure to connect them to the LDAP in the revocation list.

 

After-sales service

The after-sales service platform is the most important link. After all, our enterprise services are all delivered in vain and sold in services. The service includes training, problem records, code set modification, and help documentation.

 

 

As my eyes are sleepy and I haven't written an article for a long time, I feel sorry for the decline in the level of my composition and daily occupation.