Steps for Requesting, producing and Installing a S/MIME certificate for Personal Email. These steps are meant as a detailed example, and supplement to the FirstClass on line help which covers sending S/MIME email.
[Link]1. Requesting a certificate from a provider.
[Link]2. Producing a certificate file to be used in FirstClass.
[Link]3. Installing the certificate file in FirstClass.
1. Requesting a certificate from a provider.
The certificate file can be requested from many options, but this example out lines the current process on the Thawte website.
- From the main page choose "Free Personal E-mail certificates" from the Products menu as shown below.
- Click on "Click Here"
- Click "Next"
- Fill in the form and click "Next"
- Fill in the email that the certificate is to be used with, and click "Next"
- Choose your language and click "Next"
- Enter a password and click "Next"
- Fill in 5 security Questions and click "Next"
- Click "Next"
- Thawte then sends an email to the address you gave. You must open it and click on the link provided with in the email.
-Once you click on the link in the email you will need to fill in the "Probe" and "Ping" fields with the info in the email, then click "Next"
- Click "Next"
Log into Thawte using the email address and password you provided.
- Then request the X.509 Format Certificates.
- The default of IE, Outlook is fine, then click "Request"
- Click "Next"
- Choose the email address, and click "Next"
- Click "Next"
- Click "accept"
- Choose the default of "Microsoft Enhanced Cryptographic Provider v1.0", and click "Next"
- Click "OK"
- Click "Finish", and the certificate will be sent to your email address.
- You can also access the "Certificate Manager Page" if you need to create certificates for other email addresses also.
- Request confirmation email.
- View of the "Certificate Manager Page".
- Email to obtain certificate.
- Web page that opens upon clicking the link in the email. Click on "Install Your Cert".
- Your certificate is now installed on your computer.
2. Producing a certificate file to be used in FirstClass.
There are various ways to produce the certificate file for use with in FirstClass, but this example shows using OutLook Express 6 on Win XP.
- With in Outlook, goto the "Tools" menu and choose "Options..."
- In the options window, choose the "Security" tab and click on "Digital ID's..."
In the "Certificates" window that opens, set "Intended Purpose" to "Secure Email" and under the "Personal" tab, select the certificate you have just installed on the computer, and then click "Export".
Excerpt from FirstClass help document on Installing the S/MIME certificate
6 Follow the prompts.
When asked:
• export the private key
• include all certificates in the certification path
• enable strong protection.
You will also be asked to provide a password for the private key. This is actually optional, and you must be aware of the implications if you password protect your private key.
- Click "Next"
- Important to change the default of "No..." to "Yes, export the private key", then click "Next".
Note: If you do not choose Yes at this point you will end up with a certificate that always claims the password is incorrect when you try to send an S/MIME message within FirstClass.
- Add the option "Include all certificates in the certificationpath if possible", and click on "Next"
- If you do not wish to protect the key with a password, leave the password fields blank and click "Next".
NOTE: At this time is best to not supply a password for use with FirstClass.
- Select a path of where you want to save the certificate. The name you choose is not important at this stage. Click "Next".
- Click "Finish"
- Click "OK"
You now have a certificate file you can use with FirstClass.
3. Installing the certificate file in FirstClass.
Each user who wishes to be able to send S/MIME messages is required to have the administrator install their unique certificate in the "Internet Services / SSL Certificates" folder. Once the certificate file is uploaded to that directory, the names needs to be changed to match the out going email address for that particular user. You then need to use the "Internet Monitor" Control tab to "reload the configuration".
The user should then goto to the "Message / New Message special" menu option to create a S/MIME message. It should be sent to the person you wish to send secure messages to. The first email you send must be sent as just "Signed", and leave the password field blank if you chose not to password protect the certificate. This will send your certificate to the other user. They must then have that certificate installed on their email server. When they reply with a message containing their S/MIME certificate, that certificate must be given to the FirstClass administrator to also be installed in the "Internet Services / SSL Certificates" folder. The certificate's name must match that of the senders email address.
These two users should then be able to send S/MIME encrypted messages back and forth.
| 
