Setting UP S/MIME Email
NOTE: Transferred from a page formerly accessible at http://www-DOT-grid.iu.edu/osg-ra/radocs/SettingUpSMIME.php
Using Microsoft Outlook
- Click Options inside the message window.
- Click Security Settings.
- Select Add digital signature to this message.
- To select a specific certificate or change to another certificate, click Change Settings.
- Click OK.
- Compose and send your message.
Using Mozilla Mail
Open the Tasks menu and choose Mail & Newsgroups
- Open the Edit ment and choose Mail & Newesgroups Account Settings
- Find the account you would like to configure in the left panel and click Security under that account.
- In the Signing box select Select Certificate
- A dialog box will appear, select the certificate you would like to use and click OK.
- In the Signing box select Digitally sign messages
Mac OS X Mail
These instructions are based on Sam Finn's original instructions provided as is, without warranty implied or explicit with one minor change to allow the Mail.app to access the users private key.
This works only with Mac OS 10.3 and above. You must have already obtained your certificate using, e.g., Netscape: you can't request and retrieve a cert using either Safari or Internet Explorer on the Mac. The following only works if the e-mail address that you send e-mail with is the same as the e-mail address associated with your cert. Capitalization is important.
Save your cert to disk
- From Netscape preferences, go to Privacy & Security
- Select Certificates
- Click on Manage Certificates
- Highlight your Certificate
- Click on Backup, follow prompts and save to the desktop
- Quit netscape: you won't need it anymore
Add your cert to your keychain by double-clicking on the cert you just saved to disk. Keychain should open and you will be asked Do you want to add certificate(s) from the file .... If offered a drop-down menu, select the Keychain whose name is your (mac) username or select login. You will need to enter the password you used to encode the certificates when you saved them to disk in the last step.
Allow the Mail.app access to your private key. Click on the private key you just added in Keychain and select the Access Control tab. Under Always allow access by these applications click Add and the browse to the Mail application. Add it to the list.
Get the DOEGrids CA and ESNet CA certs. Using Safari go to http://www.doegrids.org/pages/Fingerprints.htm and download the PEM encoded ESnet Root CA 1 Certificate by option-clicking on the link. You should get a file named d1b603c3.0. Move it to the desktop if it is not already there. Download the PEM encoded DOEGrids Root CA 1 Certificate by option-clicking on the link. You should get a file named 1c3f2ca8.0. Move it to the desktop if it is not already there.
Modify your system X509Anchors?. In this step you will inform your system that it should trust the CA that signed your certs. Make a copy of your system X509Anchors?:
sudo cp /System/Library/Keychains/X509Anchors /System/Library/Keychains/X509Anchors.orig
Add the ESNet cert to X509Anchors?:
sudo certtool i ~/Desktop/d1b603c3.0 v k=/System/Library/Keychains/X509Anchors
sudo certtool i ~/Desktop/1c3f2ca8.0 v k=/System/Library/Keychains/X509Anchors
You should get, in both cases, the message ...certificate successfully imported.
You're done! (Re)Start mail. Open a compose window. You should see, in thearea on the far right just below the subject text box, an icon that looks like a 10 pointed star. It is clickable. If depressed then your message will besigned with your cert; if not, it will not be signed.
When you receive a signed e-mail, the mac mail app should recognize the signature as valid because it knows to trust the DOEGrids CA.
When you are sending mail to someone whose cert is in your keychain, you will have a second clickable box next to the signature star. That box will looklike a padlock. If you click on it, then the message you send will be encrypted to them.
- 25 Dec 2009
Topic revision: r1 - 25 Dec 2009 - 17:25:26 - ArvindGopu?