Last Thawtes

DO NOT request multiple certificates for the same email address in multiple locations. You need to take your certificate with you and load the SAME certificate in both locations. Remember that whole public/private key thing? Every certificate has a different public/private key pair. If you are using Outlook or Outlook Express go to that section to see how to export your certificate so you can load it in another location.

When you are sending a signed or encrypted email, you will be prompted for your certificate password.

When a recipient receives signed email they can read it without a password.

When a recipient receives encrypted email, they must use their own certificate password to read it.

A digital certificate allows you to GET encrypted email. If you wish to SEND encrypted mail, the person you are sending to must also have a digital certificate. This is an easily solved problem.

How to easily get someone else a digital certificate:

1 ) - Send them to Verisign and for $14.95 they can get a certificate with their name in it almost instantly.
The Verisign link is: http://www.verisign.com/products/class1/index.html
The Verisign certificate will require the charge to be paid annually and each email address owned is a separate purchase. This is a quick and easy solution, but costs long term money.

2) - Send them to Thawte via SafeCert.com. The certificates are free and good for as many email addresses as you may wish, but the signup is a bit less commercialized.
(Ironically enough, Verisign is now the parent company of Thawte.)
New Thawte signups can immediately get a certificate; it just won't have their name in it without the identity check step. (It will read "Verified Thawte Freemail Member" instead of "Your Name at yname@emaildomain.com") If they would like to do the identity step also, they can lookup a pair of Thawte Notaries near them to get verified. Thawte Notaries are all over the world.

Just for fun, send everyone encrypted (or at least signed) email for a day or two to burn your password into your brain. It is important not to forget your certificate password. If you forget it, you will have to request a new certificate as the password cannot be recovered

How to tell if you have received a signed or encrypted email in email systems that do not support encrypted email:

If an email arrives with an attachment named "smime.p7s", you have received a signed email.

You can read the email with anything, but if you go to Outlook Express and view the message, your computer will learn the sender's certificate and will then be able to send encrypted mail to that user in the future.

If an email arrives that is completely blank with an attachment named "smime.p7m", you have received an encrypted email. You will need to use Outlook Express and your secure password to read it at all.

If your Outlook Express decides that you should be signing every email you send, (this gets annoying) you can turn it off and set it back to manual mode by going to Options under the Tools Menu. Click on the Security Tab and uncheck "Digitally sign all outgoing messages".

Resist the urge to get digital certificates with lower security settings. It is important that you enter you password to send signed email or read encrypted email. A digital signature is now legal authentication that YOU have sent the email. Don't open yourself up to stupidity. (Lower security settings are like leaving your checkbook and a rubber-stamp of your signature laying on your desk while you are away at lunch.)

Now you can enjoy knowing that you can send secure email without fear of anyone snooping or your private correspondence becoming public when it shouldn't.

Here is a Link to the Main Certificate Manager for easy future access: https://www.thawte.com/cgi/personal/cert/contents.exe

Enjoy your new toy,
-Dave