Monday, December 27, 2004

s/mime certificates


A while ago, I setup s/mime certificates for my email accounts. I just noticed that the certificates are about to expire. So I created some new certificates, and these are the steps that I followed. These certificates will work with Apple's Mail as well as Mozilla.


There are several reasons that I do this:


  1. Whenever I send emails, I always sign the messages. Many email programs (Apple Mail, Mozilla, Outlook) will automatically notify the recipient that the sender has been verified, and that the message has not been modified. So when someone receives an email from me, they can be certain that I sent the email.

  2. Signed messages get marked with a lower score from spam filters, so there is less of a chance of false positives

  3. When sending email to a recipient that also has a s/mime certificate, most email programs will give you the option to encrypt the message.


I originally got these instructions from this page at macosxhnts.




  1. Log into Thawte's personal e-mail certificate page

  2. Request a certificate for your email address

  3. Once the the certificate has been granted, log back onto the page, and download the cert

  4. The certificate will be downloaded into your browser's certificate manager (Keychain for Safari, or the internal one for Mozilla/Firefox)

  5. Since I am using Firefox, I selected the certificate in the "Certificate Manager" and pressed the backup button.

  6. I then double clicked on the resulting file, to add it to my keychain.

  7. Now when I send mail from that account, I can sign or encrypt the messages