Personal E-Mail Certificates (SSL)

With changes to Oracle Collab Suite, Outlook (2003 and 2007, even on Vista!) are now working mail clients using standard IMAP with no Oracle connector software.

GnuPG is still a great way to validate email when using Thunderbird with the Enigmail plug-in, but there isn’t a good-n–free PGP for Outlook, much less for Windows Mobile devices (PDA phones like my Motorola Q9c).

Which brings us back to S/MIME using an SSL cert.

I had tried last year to setup a Thawte free Personal E-mail certificate but never dedicated the time to make it work (darn interruptions with real work).  Yesterday I successfully created a cert for Outlook (requires you to be in Internet Explorer, and that seems to mean IE7 or older on x86/32 bit – – no luck with IE7 on Vista x64 (Vbscript error), no luck with IE8 on Vista x86 (Thawte web page error that browser not compliant — perhaps compatibility mode would’ve worked…).  This cert (for my non-UNI email account) worked with Outlook 2003 on XP, Outlook 2007 on Vista (either flavor), and my Windows Mobile 6.1 smart phone. 

I also created a certificate for Thunderbird for my UNI email account — this was a bit messier: you must use a Mozilla/Netscape-based browser, but the process is very automated – actually all the sausage-making is obscured.  That’s the problem: in Vista, security "messes with" the crypto generation and saving of your private key.  So you will need to launch your browser (Firefox 3.0.10 for me) under WinXP or by setting the compatibility to WinXP if in Vista.  Otherwise, Thawte will generate you your public SSL cert and you’ll wonder "where the heck is my private key to make this work!"  External link that helped me over the Firefox/Vista issue, but also is a good description of getting your Thawte cert and installing it.

Now, who is a notary with Thawte that wants to approve me :-) Thawte Web of Trust

Oh, and my keys (including PGP) are now on the web: http://www.uni.edu/conklinc/keys.html

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply