Introduction

This FAQ section focuses on the main prerequisites to apply and on the main technical problems a user may experience while using e-file or Finesti.

Don't hesitate to follow the link. It will drive you to the corresponding interactive vidéo.

We also invite you to consult the page referencing the main error messages. That should allow you to easily access the appropriate patch.

Finally, feel free to contact our technical team, which remains at your service to help you and answer your questions.

The encryption module

Introduction

The e-file encryption module is a Java application which is launched through JavaWebStart by clicking a web page hyperlink.
JavaWebStart can also manage the automatic update if a new module version is available on the server.

For security reasons, this module aims at encrypting documents before they are sent to authorities.
It is also used to decrypt historical documents and responses from these latter.

For more information, please consult the full documentation or access our user manuals download section

First use warnings

These two messages are security warnings which mainly popup during the first use of e-file
This comes from a lack of signature in two of our modules.
They need your authorization to run.
We strongly recommend you to check the Always trust... box to prevent these warnings to appear every time you use the encryption module.

Applying the java patch

Note : This procedure is only linked to users uning the old 3.2 version of the encryption module.
The new 3.9 version, Java7 compliant, does not need maintenance operations anymore.

E-file requires extended rights to operate (cache deportation, extension of encryption key...).
It is therefore necessary to apply a quick procedure we use to call the java patch

Note that installing a new JRE forces you to apply this procedure before you can use e-file and the encryption module again
This error message is significant of such a problem

Patch procedure:

1. Download the java patch on your workstation. (Download link)
2. Unzip the latter
3. Copy/Paste the so obtained 'lib' folder to your java installation folder (usually C:\Program Files\Java\jre6\lib)
   

In other words, copy the deployment.config file in your JRE lib folder and all three jar files found in the zip security folder in the JRE lib/security one.

Hint : If e-file was not installed in the default folder (C:\Program Files\e-file), you must also adapt the file deployment.config

Note 1: We strongly recommend if possible to disable automatic java updates

Note 2: E-file is announced compatible with all releases above java 1.5.04.
However, we did encounter problems with both releases 1.5.017 and 1.6.014.

Note 3: The encryption module uses Java Web Start which by default use to call the latest JRE installed on the client. That is to say if multiple JRE versions are installed, you have to patch the latest one.

Note 4: Only files contained in the 'security' folder needs to be copied to patch the Sending Service server.

Note 5 : Please contact the SDI team (+352 47 79 36 211) to be able to use the new encryption module (java7 compliant).

In case of failure :

If despite the application of this java patch, the encryption module is still dysfunctioning (interrupted download, errors...) please contact the SDI team following these recommendations.

How to check that the JRE is properly patched?

In the "lib\security " directory of the installed JRE , simply check file size for both jars "local_policy.jar" and "US_export_policy.jar". It must be 5Kb.
A lower file size indicates that java has not been properly patched.

Security Configuration

Overview of e-file Security

All information sent or accessed from e-file is encrypted within a PKI architecture (Public Key Infrastructure) with private and public keys.
This requires the use of a digital certificate associated with a key provided by LuxTrust.

Storage of keys

Every entity has a key pair and choose an administrator among its users to be responsible of.
Both keys with the certificate are stored in a file called keystore.
All access to this latter (to access the private encryption key) requires to enter a password chosen by the administrator.
Note: The loss of this password requires the revocation of the certificate in order to generate a new keystore. Documents previously encrypted become unreadable.

Configuration and troubleshooting

If a security problem occurs with the keystore, two types of error messages must popup to prevent the sending of an envelope from e-file.lu.
It is then necessary to reconfigure the workstation security following this little procedure:

1. Copy the *.ks file from 'C:\Program Files\e-file\cache\workdir' to 'C:\Program Files\e-file\cache'
2. Go to e-file website and log in with your usual user (not an administrator)
3. Click the 'configure my workstation security' link to the top right hand corner of the page
4. On the new page, click the 'Import' link. The encryption module will be launched and a new window will open.
5. In the first field, enter the keyStore password (encryption password).
6. In the second field, select the .ks file located in the cache folder using the browse button.
7. In the third field, select the .ks file located in the cache/workdir folder.
8. Click the import button.

Write rights

The encryption module requires write permission on e-file directory (usually C:\Program Files\e-file) in order to run properly.
These error messages use to reflect rights problems.

In such a case, if your internal security allows that action, you must adapt your user rights for all e-file sub-directories.

Right click the e-file folder > properties ... > Uncheck the Read Only option

Note: If you are not allowed to perform such an action, we invite you to contact your IT department so that they can do it for you.

Note 2: It is also possible that your internal policy prohibits access to Program Files. Under these conditions, e-file can be installed in another directory.

Configuring IE 8 - Fakepath problem

Version 8 of Internet Explorer does not include the full local directory path while uploading files to a server
In other words, an option must be selected to avoid the appearance of such a critical error message while attempting to send an envelope.

In IE > Tools > Internet Options > Security > Internet > Custom Level

Firefox and Safari compatibility

As for IE8, version 3 of Firefox and the Safari browser do not include the full local directory path while uploading files to a server.
Unlike Microsoft's browser, Firefox and Safari do not let the user modify the security settings to solve this problem.
We did therefore adapt our website for this particular case by replacing the 'browse' button by a single text field.

In order to attach a document to an envelope, the user now needs to copy/paste the full path to the document in this text field

Example for PC : C:\Documents and Settings\xxx\Desktop\[myFile].[myExtension]
Example for MAC : /users/[myUser]/Desktop/[myFile].[myExtension]

Installing e-file in another directory

E-file use to be installed under C:\Program Files\e-file and all its subdirectories must be writable.
If it is not possible to give these rights, you must install e-file in another directory such as C:\Documents and Settings\xxx\Application Data (where xxx consists of the user login).
In such a case, you must:

1. Copy the e-file directory in C:\Documents and Settings\xxx\Application Data
2. Modify the application properties in file C:\Documents and Settings\xxx\Application Data\e-file\deployment.properties
   
       deployment.user.cachedir=C\:\\Documents and Settings\\xxx\\Application Data\\e-file\\cache
       deployment.user.cachedir.javaws=C\:\\Documents and Settings\\xxx\\Application Data\\e-file\\cache\\javaws
       deployment.user.certificatedir=C\:\\Documents and Settings\\xxx\\Application Data\\e-file\\cache\\certificate
       deployment.user.workdir=C\:\\Documents and Settings\\xxx\\Application Data\\e-file\\cache\\workdir
       deployment.system.security.trusted.jssecerts=C\:\\Documents and Settings\\xxx\\Application Data\\e-file\\trusted.jssecerts
       deployment.system.security.trusted.certs=C\:\\Documents and Settings\\xxx\\Application Data\\e-file\\trusted.certs
   
   
3. Patch the latest JRE.
4. Modify file deployment.config located in the JRE lib folder (for instance: C:\Program Files\Java\jre1.5.0_04\lib) by entering the right path to e-file.
   
5. Configure the workstation security to import the keystore

How to display the java console

When a java error message appears, we strongly invite you to activate the console to get as much information as possible.
This will help us analyze the request and will allow us to come back to you with better delays.

In the Windows Control Panel > Java, select Show Console from the Advanced tab.

The console will be launched with the first java call and will display all the application logs.

Note: We invite you to send us these logs as plain text copied and pasted in an email.

---

Finesti PDF

FINESTI certificate registration

All our PDF contain a 'security certificate' issued by Finesti.
During the first use (or after reinstalling Adobe Reader), users must accept/validate this signature in order to allow reports to behave as expected.

'How to identify such a signature problem

A blue banner located above the PDF displays the validity of the certification.
For instance, the below message is the sign of a signature problem.
In such a situation, several error messages appear on each action that requires specific extended rights (communication with our server - access to the local file system to export XML...)

Resolution procedure

• Download / view any PDF from finesti.com
• In the left margin, click the icon representing a pen : "Signatures"
• Right click "Certified by Finesti" and select "Show Signature...".

A new window appears as below

• Click the "Show certificate ..." button in the "Summary" tab.

The certificate viewer window appears

• Select the "trust" tab

• Click the "Add to Trusted Identities..." button
• Select all checkboxes exhaustively
• Validate clicking the OK button and return to the Signature properties window (first one)
• Click the "Validate signature" button and "Close" the window

Note : If the "Add to Trusted Identities" button is grayed out and unselectable, please follow the bellow procedure descibing how to check the certificate directly with Adobe Reader

The blue banner above the PDF should now reflect a trusted signature, sign that the PDF is fully functional.

If you still cannot send your PDF after applying this procedure, please contact us by following these recommendations.

Certificate check with Adobe Reader

This manipulation may be very useful when the 'Add to trusted identities' button is grayed out and unselectable.
In that case, options to change are accessible if directly accessed with Adobe Reader.

• Start Adobe Reader
• Select Manage Trusted Identities in the 'Document' tab.

• Select the Finesti certificate then click the Détails... button.
• Click the Finesti line then the Edit Trust... button.

All four options (or five depending on the Reader version) of the new popup window have to be checked.

Various help

Empty cache

Emptying your internet browser cache will help you resolving refresh issues.

Internet Explorer

First open the settings box:

In IE > Tools > Internet Options

1. Choose the general tab

2. Click on the settings button

3. Only select Temporary internet file

4. Delete the files

Firefox

First open the clear history box:

Firefox > Tools > Clear recent history

1. Change the time to clear field

2. and select Everything

3. Show the details

4. Only select cache in the list

5. Clear the files

Google Chrome

First open the option page:

1. In the key menu

2. Click on the Options item

On this new page select the Under the Hood tab and that click on Clear browsing history:

1. In the combo Obliterate the following items from

2. select the beginning of time

3. Only check the Empty the cache option

4. Clear the files