Migration to two-year Digital Certificates

Information for IT Support who will be accessing and storing DC Loader 3.1 and Digisign 3.1 software within their firm’s IT environment.

On 3 October 2022 Toitū Te Whenua started issuing two-year certificates by default, for both new and re-issued certificates. For more information see Upcoming migration to new Digital Certificate software in Landonline

Information sheets

For Trusted Contacts – outlines about how we'll work with you and your IT support team to migrate your Landonline users.

Trusted Contacts: Migrating your people to updated Landonline software Digisign and Digital Certificate Loader
PDF
183 KB

For IT support – outlines how to access, store, test and migrate the software within your firm’s IT environment.

IT Support: Migrating your people to updated Landonline software Digisign and Digital Certificate Loader
PDF
179.05 KB

Before you begin

  • You may need to update the firewall rules to ensure the DC Loader can call Entrust to retrieve the DC. The following addresses and ports should be opened
    • enrolllinzlol.managed.entrust.com 829
    • linzlolldap.managed.entrust.com 389
    • 144.66.99.25 443
    • 144.66.99.25 80
    • 144.66.99.9
  • You will need to ensure that TLS 1.2 is enabled (Windows has this is ‘on’ by default but it may have been disabled for some reason).
  • DC Loader 3.1 and Digisign 3.1 are compatible with Windows 8.1, Windows 10 and Windows 11 and most Windows Server versions, however please be aware that DC Loader does not work on 32 bit operating systems. If you have a user with a 32 bit version of Windows installed you will need to upgrade their device to 64 bit or alternatively install DC Loader on a different device. Any user wishing to download their DC will need to use that installed version of DC Loader and then transfer their downloaded DC to their 32 bit environment.
  • The DC Loader installation software comes packaged with a Java installer. If you have anything in place that could prevent Java from installing, the installation may fail or be incomplete.
  • If installing DC Loader to a controlled environment, you’ll need to pre-create a ‘C:\LINZ Certificates folder’ and provide Authenticated Users with Read/Write permissions.
  • Please familiarise yourself with the Landonline Terms and Conditions re Digital Certificate user obligations: Landonline terms and conditions

Software downloads

For software downloads please refer to Download or renew your two-year Digital Certificate.

Hints and tips

  • Once the DC Loader is installed in your IT environment - behind the firewall - you can create a shortcut to it, and share this shortcut with your Landonline users. This will avoid having multiple copies of the installer on your system.
  • The DC Loader defaults to the C drive. If your firm chooses another pathway, you will need to ensure users have full read/write permissions to that folder for two reasons:
    1. Future DC installations will overwrite existing DCs.
    2. Inadequate permissions may cause issues when a DC is used to sign.

Note: Using a different location to the default C:\ may result in users needing to browse and select the new file path each time they need to enter their passphrase when signing.

Related content Purongo

Related links Purongo

Top