Info Symbol Nau mai ki Toitū Te Whenua!

You might have noticed we have a new look. Learn more about the website upgrade

You are viewing guidance that refers to, or is for Legacy Landonline.

Migration to two-year Digital Certificates

Information for IT Support who will be accessing and storing DC Loader 3.1 and Digisign 3.1 software within their firm’s IT environment.

On the 3rd October 2022 LINZ will commence issuing two-year certificates by default, for both new and re-issued certificates.  For more information see Upcoming migration to new Digital Certificate software in Landonline

Information sheets

For Trusted Contacts  – outlines about how we'll work with you and your IT support team to migrate your Landonline users.

For IT support – outlines how to access, store, test and migrate the software within your firm’s IT environment.

Before you begin:

  • You may need to update the firewall rules to ensure the DC Loader can call Entrust to retrieve the DC. The following addresses and ports should be opened
    • enrolllinzlol.managed.entrust.com 829
    • linzlolldap.managed.entrust.com 389
    • 144.66.99.25 443
    • 144.66.99.25 80
    • 144.66.99.9
  • You will need to ensure that TLS 1.2 is enabled (Windows has this is ‘on’ by default but it may have been disabled for some reason)
  • DC Loader 3.1 and Digisign 3.1 are compatible with Windows 8.1; Windows 10 and Windows 11 and most Windows Server versions
  • The DC Loader installation software comes packaged with a Java installer.  If you have anything in place that could prevent Java from installing, the installation may fail or be incomplete.
  • If installing DC Loader to a controlled environment, you’ll need to pre-create a ‘C:\LINZ Certificates folder’ and provide Authenticated Users with Read/Write permissions.
  • Please familiarise yourself with the Landonline Terms and Conditions re Digital Certificate user obligations:
    Landonline terms and conditions

Software downloads

For software downloads please refer to Download or renew your two-year Digital Certificate.

Hints and tips

  • Once the DC Loader is installed in your IT environment - behind the firewall - you can create a shortcut to it, and share this shortcut with your Landonline users. This will avoid having multiple copies of the installer on your system.
  • The DC Loader defaults to the C drive. If your firm chooses another pathway, you will need to ensure users have full read/write permissions to that folder for two reasons:
    1. Future DC installations will overwrite existing DCs
    2. Inadequate permissions may cause issues when a DC is used to sign

Note: Using a different location to the default C:\, may result in users needing to browse and select the new file path each time they need to enter their passphrase when signing.