Tuesday, January 18, 2011

Email Digital Certificate.

I haven't had much to do with digital certificates. A 3rd part company is requesting that we setup a secure email link using a digital certificate. I have narrowed it down to using a 'Digital ID for Secure Email' from VeriSign. The 3rd party company has a digital certificate that I can download, but I don't know what it's for.

In the 'instructions' that they have sent me, the 2nd step is to "Apply for a personal S/MIME certificate from a trust center and assign is to your e-mail account in the corresponding options of the e-mail software you use."

We are running Windows Server 2003 with Exchange 2003 as well. Any help with this would be greatly appreciated.

  • There are several S/MIME personal certificate providers. Unfortunately the largest free certificate issue also trusted by most clients shuts down that service effective today.

    S/MIME certificates are not something that installed on the server side, but on the client side. They're generally not compatible with webmail (although OWA Premium on IE has a ActiveX module, but it still runs on the client). You'll want to install the certificate in Outlook or whichever email program being used.

    CAcert (free certificates but not yet trusted by default in most email clients) provides some basic instructions for installing certificates in many clients at http://wiki.cacert.org/EmailCertificates and also a FAQ on Email Certificates linked from that page.

    From Jeremy M
  • From this line "Apply for a personal S/MIME certificate " it sounds like they want to be able to encrypt the email they are sending you and for you to encrypt the email you send to them.

    So read up on PKI on wikipedia. From there when you get your certificate, you'll get the public key and the private key. You digitally sign your first email to them, this will send them your public key. They now have your public key. With this they can now use that to encrypt email they send to you. When you get the email from them, Outlook will use your private key to decrpyt the email that was encrypted by them with your public key. When you send them an email it works in reverse, you will use their public key to encrypt the email and they can then decrypt it with their private key. Remember this, the public key will encrypt the email. The private key will decrypt the email.

    I'd suggest getting 2 of these (maybe for a co-worker as well) and send emails some back and forth between yourselves first to see how it all comes together.

    From

0 comments:

Post a Comment