Getting an SMIME certificate: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
No edit summary
Line 17: Line 17:
==Self-signed certificates==
==Self-signed certificates==
You may use a personally self-signed certificate in Thunderbird. However, since these certificates are not signed by an approved certificate authority, the certificate will not be trusted by other computers or people unless they add the self-signed certificate to their list of certificate authorities. Personally self-signed certificates are generally only useful for exchanging information with people you already know and trust.
You may use a personally self-signed certificate in Thunderbird. However, since these certificates are not signed by an approved certificate authority, the certificate will not be trusted by other computers or people unless they add the self-signed certificate to their list of certificate authorities. Personally self-signed certificates are generally only useful for exchanging information with people you already know and trust.
It's possible to generate self-signed certificates using the Firefox Add-on [https://addons.mozilla.org/en-US/firefox/addon/4471 Key Manager]:
Tools - Key Manager Toolbox - Key Manager - Your Keys - Generate SelfSign Cert and insert you data. On tab Advanced - Standard X.509 Extensions check "Is CA?".<br>
Another option is using the command line [http://www.openssl.org/ OpenSSL].


Special considerations for installing personally self-signed certificates can be found in the [[Installing an SMIME certificate]] article.
Special considerations for installing personally self-signed certificates can be found in the [[Installing an SMIME certificate]] article.

Revision as of 17:24, 6 July 2007


You can get a free S/MIME certificate that is trusted by the built-in authorities in Firefox and Thunderbird from Thawte via their personal e-mail certificate program. Initially, the certificate will not have your name, but only your e-mail address. After you have received 50 trust points, you can have your name on your certificate. You earn trust points for verifying your identity to notaries in the Thawte Web of Trust.

For more details and to sign up and get your free personal S/MIME email certificates, click here.

As of April 2007 the Thawte site does not officially offer Thunderbird in its list of what software you might be using when you sign up for a personal certificate there but those pages aren't updated. It does offer Mozilla Firefox/Thunderbird, Netscape Communicator/Messenger as possibilities when requesting a X.509 certificate. If you use Firefox to get your certificate and take the Mozilla Firefox/Thunderbird, Netscape Communicator/Messenger option, you are notified by an alert that a certificate has been installed into Firefox. To find that certificate and get a file that you can import into Thunderbird using the directions above, go, in Firefox, into "Tools -> Options -> Advanced -> Encryption". Push "View Certificates". Highlight the certificate and click "Backup." Follow the prompts to produce the necessary file. You'll be asked to set a password for the certificate because the certificate contains your private key that must remain secret to ensure security.

Alternatively you can get a similar free certificate from VeriSign at here - just click the buy button and choose the free option. Note that the free certificate is good for 60 days while the pay-for one lasts a year. VeriSign runs a free LDAP service that is compatible with Netscape, Mozilla, Thunderbird, Outlook, and Outlook Express so your friends can look-up your certificate automatically while composing email to send you encrypted email.

Other free options:

Self-signed certificates

You may use a personally self-signed certificate in Thunderbird. However, since these certificates are not signed by an approved certificate authority, the certificate will not be trusted by other computers or people unless they add the self-signed certificate to their list of certificate authorities. Personally self-signed certificates are generally only useful for exchanging information with people you already know and trust.

It's possible to generate self-signed certificates using the Firefox Add-on Key Manager: Tools - Key Manager Toolbox - Key Manager - Your Keys - Generate SelfSign Cert and insert you data. On tab Advanced - Standard X.509 Extensions check "Is CA?".
Another option is using the command line OpenSSL.

Special considerations for installing personally self-signed certificates can be found in the Installing an SMIME certificate article.

Self-signed certificates in Mac OS X 10.4

You can create your own self-signed certificate using the Keychain Access application's Certificate Assistant. To export your certificate as a PCKS12 file for import into Thunderbird, click "My Certificates" in the Keychain Access window. Select your self-signed certificate. Then from the menu bar select "File -> Export". You will be asked for a password to protect this file. This is the password you will require when importing the certificate into the "Your Certificates" tab of Thunderbird after entering your master password.

To export your certificate as a ".cer" file for use as a certificate authority, select "Certificates" in the Keychain Access window. Select your self-signed certificate. Then from the menu bar select "File -> Export". Be sure ".cer" is selected as the appropriate file type in the save dialog.

See also

External links