Hello Again folks,
Almost everyone today has an email account. Be it for business or personal correspondence, security can be an issue. Email itself, inherently, is insecure. Although you can connect to your email provider over TLS or SSL, that does not mean your email is encrypted, it just means your connection to the server is.
Now going full encryption can be a bit of overkill. Especially since that in order for it to be read by whoever you are sending the email to, that person would need your private key to decrypt the email. Now this is not so bad if you are only sending email to one person, but if you have several people, it can get a bit complicated keeping track of who does and who does not have your public key, and them trying to instruct those users on how to install the key… I get a headache just thinking about it.
So for this particular post, I will be dealing mostly with getting, installing, and using the certificate to digitally sign your emails. This way people know the email actually came from you and wasn’t modified during transport.
Step 1 – Get your free Certificate
- Go to Comodo’s Free Email Certificate page and click “Sign up now”
- Fill out the form with your First and Last name, the email address you with to have digitally signed, your country, they key size for your Private Key (high grade recommended), your Revocation Password, and if you wish to opt in for the Newsletter.
- Scroll down tot he bottom of the page and select “I Accept” and then click next.
You should see a pop up stating that the key is being generated. Then you will be forwarded to a page that will tell you that you will receive an email with instructions.
Step 2 – Installing your Certificate
If you have FireFox set up as your default web browser, when you receive the email from Comodo, you can click the “Click & Install Comodo Email Certificate” button in the email. If like me, you use another browser (I use Chrome) you will want to use the link provided with the password (also provided) to manually open the site in FireFox. For the username, use your email address.
If successful, FireFox should have a popup that says your Certificate has been installed Click OK.
Note: If you used Chrome, you will see it downloaded a user.cer file… If you did, this file is useless, go back and use Firefox like I told you… I spent 2 hours with the darn user.cer file and it is useless…
Step 3 – Export the Certificate to .p12
The 3rd step is to export the certificate. to do this,
- Click on the 3 horizontal lines at the top right of your FireFox browser
- Click the cog wheel for Options.
- Click Advanced
- Click Certificates in the top menu
- Click View Certificates. You should see an entry, I am not sure if it will be the same as mine, which is ” ‘s Comodo CA Limited ID”. I believe the ” ‘s ” should be “Matthew Koster’s” but it doesn’t show up for me.
- Select the certificate and click “Backup”
- Select the folder to save it (I used my desktop) and name it something (as this is my second for the day, I am using mkoster2.p12) and Click OK
- Put in a password to protect your file and click OK
- You should see a Popup saying your security certificate has been backed up successfully.
Step 4 – Import security key into Email Client
This is the hardest step of it all. There are so many clients out there I cannot explain how to import them all. I will cover those I do not, and at least try and guide you in the right directed.
EM Client (Free) – EMClient.com
- Click Menu >> Tools >> Settings from the top left of the client
- Select Mail >> Certificates from the left-hand menu
- Click Import Certificate
- Locate your file and hit import, enter backup password
- Once installed, click Security Profiles
- Click “Select” under “Sign By” you should see your certificate there
- Check “Digitally Sign messages (by default)” and “Include these certificates with outgoing messages”
- Click ok then ok again.
PostBox (Free Demo) – Postbox-inc.com
- Click Tools > Options
- Click Security
- Click “View Certificates”
- Click Import
- Locate your file and import, enter backup password
- Click “Select” beside Digital Signing
- Select your certificate from the drop down and click OK
- Click OK to the message about using the same certificate to encrypt
- Check “Digitally sign messages (by default)
- Click Ok
- Click File >> Options
- Click Trust Center
- Click Trust Center Settings
- Click Email Security
- Click Import/Export
- Select your file and enter your backup password
- Click OK
- Select Setting under Encrypted Email
- Select your certificate and click OK
- Check Add Digital Signature to our going messages
- Click Ok
Now you should be able to send out signed emails that prove you are the signed sender and that the email has been unmodified on its journey between servers.
From what I have been able to tell, you need to have an email client to enable this feature, free mail providers like Gmail do not have a setting for encryption in their webmail browser.