S/MIME Set-up Information

e-ignite:  Communicate Securely

You are able to get S/MIME certificates from several different certificate authorities.  I have only ever used Thawte and Comodo (these companies no-longer offer S/MIME certificates) so I can only provide these instructions based on my past experience.

Firstly, you need to select your Certificate Authority.  There are several available and your choice of authority is up to you to decide. 

Once you have completed your registration and email confirmation with the Certificate Authority, you will download and install the certificate. This should happen automatically on a Windows based computer, but I have no experience with S/MIME on any other platform so I will be unable to provide instruction on this. In my experience, I had to use Microsoft Internet Explorer since the installation phase did not work under Firefox.  Once this step is completed, however, you will not need to use your web browser at all so it's not a major gripe.

If you use Microsoft Outlook or Outlook Express, the certificate will automatically be imported to your certificate repository, so you won't have to import anything.  It should be a case of (re)starting your email client, and you will be able to use S/MIME straight away.  Instructions are provided here for Outlook Express and Mozilla Thunderbird, although the Thunderbird instructions are similar for Mozilla Suite and Mozilla Seamonkey.

Also read How to import S/MIME Certificates in Thunderbird.

Outlook Express:
In Outlook Express, the functionality is included and is quite prominent on the Create Mail interface. See the diagram below:

Outlook Express and S/MIME in action

Mozilla Thunderbird:
When using Mozilla Thunderbird, you may have to import the certificates. You should only have to do this once.

Open Thunderbird and go to TOOLS > ACCOUNT SETTINGS and select SECURITY for the email account you are importing the certificate for. Select VIEW CERTIFICATES.  If your certificates are there, just click OK then click SELECT in the security window and select the appropriate certificate for your email address. If the certificates are not there, complete the following steps:

To Import S/MIME Certificates in Thunderbird:
When you downloaded an S/MIME security certificate, you will normally have had to use Internet Explorer to download and install the certificate.  In order to use the S/MIME certificate, you'll need to export it via Internet Explorer, then import the file from Thunderbird.  This is quite easy but it may take you a couple of minutes.

Firstly, open Internet Explorer and select TOOLS > INTERNET OPTIONS
Select the CONTENT tab and click CERTIFICATES...
Select the appropriate certificate from the list and click EXPORT
A wizard will open.  You must export the PRIVATE KEYS also - save the pfx file and remember its location
You can now exit Internet Explorer.

Now, open Thunderbird
Select TOOLS > ACCOUNT SETTINGS
Select your chosen email account and click the SECURITY field on the left
Select VIEW CERTIFICATES
Select IMPORT
Browse to the  PKCS12 (.pfx) file you've just saved and hit OPEN
Select OK then click SELECT on the security window and choose the appropriate certificate for your email address. If you have several certificates, there will be a drop-down box - ensure you select the appropriate certificate for your email account.  Once you've hit OK and exited the Account Settings window, you're ready to use S/MIME encryption in your Thunderbird email.

Thunderbird Security Settings

Once you have done this, you may have to add a "trust" level for your certification authority. Full details on how to do this are available here.

You can then send emails signed and encrypted provided you have distributed copies of your Digital Signatures and you have the Digital Signatures of your recepients. Simply click the S/MIME button (or select the drop-down menu as shown below) and select "Digitally Sign", "Encrypt" or both.

Thunderbird S/MIME


Copyright e-ignite.co.uk | e-ignite is powered by ihws.net | About e-ignite