Secure Email using Thawte E-mail Certificate
Request Thawte Free Personal Email Certificate
- Enter https://www.thawte.com/secure-email/personal-email-certificates/index.html
- Select "Join" link on the right side
- Click "next" at the end of the "Term and Condition" Web page.
- Select ISO-8859-1 (Lation-1) for the "Charset For Text Input:
- Enter Surname, FirstName, Date of Birth, Nationality
- Click next.
- Enter Email Address/Thawte Username: <youlogin>@uccs.edu
- Select English as Language Preference
- Select ISO-8859-1 (Lation-1) for Charset Preference
- Click next
- Enter Personal Password and Confirm it. Click next.
- Enter 5 password questions
- It will print out enrollment info for confirmaton. Click next
- An Email will be sent to your specified email address for the rest of enrollment.
- In the email it contains Probe and Ping string to be enter in https://www.thawte.com/cgi/enroll/personal/step8.exe
- A Personal E-mail Certificate web page indicating "Thawte Username Successfully Created!"
- Click next. You will be asked to enter our user name <login>@UCCS.EDU (all upper case). and password.
- In Certificate Available For Rquest web page, click request for X.509 Format Certificates.
- Choose your browser and mail program. In this case, choose the one with IE, Outlook and Outlook Express. Click request.
- It indicates the Common Name field in the certificate will be Freemail Member. Click next
- Check <login>@uccs.edu and click next.
- Click next. We do not have String Extranet Identifies.
- Click accept to "Accept Default Extension"
- On top of the next web page, It requests that we accept to run "Microsoft Certificate Enrollment Control" from Microsoft Corp. This control will generate private key and public key pair
- Accept the default "Microsoft Enhanced Cryptographic Provider v1.0" as Cryptogarphic Service Provider (CSP). Click next.
- You will be asked to set security level for accessing the private key.
- Choose High, you will ask to enter the password that protect the private key in your local machine, every time the prviate key is accessed. This password can be different from that we used in Thawte site.
- Choose Media, you will be prompt to give permission to access but no need to enter password.
- Generate and confirm certificate request. It will be sent to Thawte for signing.
-
- click finish.
- Visit Thawte Certificate mangement Web page. https://www.thawte.com/cgi/personal/cert/status.exe
- You will see your certificate request is of tyep MSIE and will be in pending status. In 4-5 minutes, you may see it changed to issued. and you will receive an email indicated the request is issued.
- https://www.thawte.com/cgi/personal/cert/status.exe
- Click on MSIE under type column. We will see the certificate Summary
- Click Fetch to retrieve the certificate from Thawte.
- Click "Install Your Certificate".
- Click "yes" to confirm the program to add certificate in the Potential Scripting Violation dialog page.
- We get the following dialog page:
- Select Tools | Internet Option and then select the Content tab.
- Click Certificates
-
- Click View button and then select "detail" tab
-
- The certificate is now installed on your IE/outlook system for secure email communication.
- If you are interested in trying set up secure email on thunderbird/firefox, you can visit https://www.thawte.com/cgi/personal/cert/enroll.exe and select thunderbird/firefox type.
Send Secure Email with Thawte Certificate
- On outlook 2003, select Tools | Options then select security tab.
- check "Add digital signature to outgoing msgs". The "send clear etxt signed msg when sending signed msgs" should already being set.
- Click OK. We are ready to send signed email.
- Send an email to me at chow@eas.uccs.edu with subject field as "CS591 my signed email".
- After click the send button, you will be prompted to allow the access of your private key to sign the outgoing email.
-
- If you see the sent item, you will see email with "signed by <login>@uccs.edu" right under to: section and on the right side there is a certificate ribbon.
- Validate a certificate.
- When receive an signed email. We can validate its detail by clicking on the ribbon symbol.
-
- Click on "Details..." button.
-
- click the signe. then the "View Details..." button. Signature appears.
- Trust a certificate
- On the messge security properties window, select Edit Trust.
-
- Click on the "Edit Trust" and select "Explicitly Trust this certificate" and it will be added to trusted "other certificate" store.
-
- You will receive an encrypted signed email from me. Please reply if you can read the content.
- If you choose to use outlook using IMAP protocol, when double click on the incoming msg, you will prompt to mark it for downlaod. Click yes.
-
- Click on Send/Receive to retrieve the body of the msg. IMAP protocol only retreive header first (for efficiency reason), and then when asked to download the msg, it will retreieve the msg body.
- If the return msg is signed and encrypted, after download the msg, if you click the header again. the reading panel will indicate "This encrypted e-mail cannot be displayed in the reading pane. Open the msg to read it." Double click on the header to open another window to read it.
-
- Reply encrypted email.
- If you have the signed email or certificates of others, you can send encrypted email to then by using the public key in their certificate to encrypt your msg content. Only they have the private key to decrypt it.
- Click the Reply button.
Send encrypted email.
- Assume you the recipient's certificate (through their email or download their certificate from CA or other web site.
- Go to the main outlook window. Select Tools | Options and security tab
- Check "Encrypt contents and attachments for outgoing msg" option.
-
- Construct the msg and click Send.
- Make sure you unchecked the above option for normal non-encryption sending..
- Note the we can put our own email address in cc section when sending encrypted email. You will get the following error msg:
-
- One would think we have our own certificate why we can cc the encrypted email to ourselves.
- Explain why is that.
Secure Mail (S/MIME) using UCCS CommunicGatePro Webmail