Follow

Obtaining a SMIME Certificate to Sign or Encrypt Emails

Free Certificates from Comodo

Comodo has perhaps one of the easiest procedures for requesting an email certificate. They are free, good for a year, can be picked up using most browsers, and can be either 512, 1024 or 2048 bits long. 

 

Instructions for macOS

Fill out the Application for Secure Email Certificate and you will be emailed the instructions. On the Mac you will download a CollectCCC.p7s file to your computer.

Getting the Key Ready on macOS

  • Double-click the downloaded CollectCCC.p7s file and Keychain Access will ask you to import it. The default keychain is Login, and this is OK. Click the Add button.
  • In Keychain Access, click on login and then Certificates below.
  • On the right you should see:

1) a certificate titled: "COMODO SHA-256 Client Authentication and Secure Email CA" and

2) a personal certificate with your email address (expandable by clicking on a triangle to the left in order to see the email address).

  • In Keychain select "COMODO SHA-256 Client Authentication and Secure Email CA" and from the File menu select Export Items... from the File menu. The file format should be Certificate (.cer).
  • Save the file to the Desktop.
  • In Keychain, expand the personal certificate with your email address using the triangle so that underneath you see it's key.
  • Select the certificate (not the key) and select Export Items... from the File menu. The file format should be Personal Information Exchange (.p12).
  • Save the file to the Desktop.
  • Enter a password to protect the key.

Importing the Certificate into Postbox

To import a certificate into Postbox:

  • Postbox > Preferences (Mac) or Options (Windows) > Advanced > Certificates > View Certificates > Your Certificates > Import...
  • Select the .p12 file for import. You will be prompted for the password you used when you exported (or backed up) the file.
  • Next go to: Postbox > Preferences (Mac) or Options (Windows) > Advanced > Certificates > View Certificates > Authorities > Import... 
  • Select the .cer file for import. In the pop-up dialog please select all of the checkboxes and click OK.

Setting up an Identity to Sign or Encrypt

Once you have imported your certificate into Postbox, it will be available for pairing with one or more accounts in Postbox.

  • Go to Postbox > Preferences (Mac) or Options (Windows) > Accounts > <your account> > Security
  • Click the Select button under Digital Signing and/or Encryption. You'll be given an option to also use this certificate when people send you encrypted messages, and we recommend that you select OK.

Sending a Signed Message

Compose a message, and from the Options menu select Security > Digitally Sign This Message.

 

Instructions for Windows

Fill out the Application for Secure Email Certificate and you will be emailed the instructions. On the Mac you will download a CollectCCC.p7s file to your computer. On Windows, you will install the certificates using a browser by loading a URL.

Be sure to use the correct browser for key generation, we highly recommend using Firefox.

1) In the confirmation email that you receive cut and paste the URL into Firefox, then enter the password given.
2) You will see a message stating that your certificate is being installed. Do not close window!
3) A message will be displayed that your certificate was installed successfully.

Export the Certificate from Firefox

1) Inside Firefox go to Tools -> Options (Windows), Edit -> Options 
2) Then go to Advanced -> General -> Encryption and click on "View Certificates".
3) Select the tab that says "Personal" or "Your Certificates".
4) Highlight the certificate that expires on 1 year from when you applied for your certificate.
5) Once highlighted select the button that says "Backup".
6) Next one should be prompted to save the file.
Recommended:
* Save location: Desktop
* File Name: email address; Ex: support@comodo.com would become support_comodo_com
* File type: PKCS12 Files (*.p12)
7) Provide a password for your .p12 file.
8) Click 'Save'

Import the Certificate into Postbox

1) Inside Postbox go to "Tools -> Account Settings" and select "Security" under the e-mail account you applied with.
2) Click on "View Certificates" to load the Postbox Certificate Manager.
3) Click "Import" and supply the password you created above.
4) Close the Certificate Manager.
5) Click "Select".
6) Select your certificate from the drop-down menu and click "OK" when finished.
7) Perform the above step for both the Digital Signing and Encryption.
*** If you wish to digitally sign every message, please select the option "Digitally Sign Messages (by default)"
8) Click "OK" to exit the "Account Settings" window.
9) Go to Postbox > Preferences (Mac) or Options (Windows) > Advanced > Certificates > View Certificates > Authorities. Select Comodo RSA Certification Authority and then click the Edit Trust... button.

cert.png

Select the following checkboxes:

Postbox Certificate Trust

Click okay.

Repeat this process for the COMODO RSA Client Authentication and Secure Email CA.

Setting up an Identity to Sign or Encrypt

Once you have imported your certificate into Postbox, it will be available for pairing with one or more accounts in Postbox.

  • Go to Postbox > Preferences (Mac) or Options (Windows) > Accounts > <your account> > Security
  • Click the Select button under Digital Signing and/or Encryption. You'll be given an option to also use this certificate when people send you encrypted messages, and we recommend that you select OK.

Sending a Signed Message

Compose a message, and from the Options menu select Security > Digitally Sign This Message.

 

 

This article includes content contributed by the MozillaZine Knowledge Base. Thank you to all of the contributors who created this content and to MozillaZine for sharing this information.