Would someone please test these steps for me and tell me if you have any difficulties with them? I wrote this page up a couple weeks ago and need someone to test my directions for me.
= = = = = = = = = = = = = = = = = = = == = = = = = = = = = =
This page tells you, step by step, how to get a free certificate from comodo (a well known certificate authority), and use it for email and AIM.
6 major steps, lots of substeps.
1. Make up two new passwords.
a) one to protect your private key, call it your "private key password".
This will be known only to you, and will be stored NOWHERE on any
computer (unless you put it in a file somewhere). You must not lose
it. There's no way to recover it if it is lost. It must not be
one anyone can find in a dictionary, or guess (even if they know all
the names of all your relatives, friends, pets, mother's maiden name,
city of birth, etc.).
b) a comodo web site password, NOT the same as above, since it
will be known to comodo, called the "revocation password".
This should be as unguessable as the private key password, but
different from it.2. get your certificate from Comodo into IE
a) You must use IE for this step. Comodo's web pages don't work with
other browsers, as far as I know.
b) go to
http://www.comodogroup.com/products/certificate_services/free_email.html
c) click the link "Sign up now", which takes you to
https://secure.comodo.net/products/frontpage?area=SecureEmailCertificate
d) click the Advanced Security Options button. This will take you to
https://secure.comodo.net/products/SecureEmailCertificate_Signup
(maybe you could just go here directly)
e) Fill in your first name, last name, email address, country,
f) choose the Microsoft Enhanced crypto service provider from the list.
g) Select key size of 1024 bits (keep it small for AIM)
h) Check both "User Protected" and "Exportable" boxes.
i) Enter your "Revocation Password" twice. This password is your
password for the comodo web site.
j) Click "Agree and continue".
k) A Windows dialog will appear that asks you if you want to create a
new key. Click Yes. Then another new dialog will appear that says
"Creating a new Key".
l) Click the button that says "Choose Security Level"
m) Choose HIGH level security, click Next.
n) Enter your new Private Key Password, twice. Click finish.
o) Click OK. Wait for them to send email to the email address you gave
in step e above. This will take 5-10 minutes. Keep IE open.
p) Read the email with the subject
"Your certificate is ready for collection!".
This email will contain a button that reads
"Collect and install Certificate", and an https link,
and a "collection password". DO NOT CLICK the button.
q) Using the open IE window, go to
https://secure.comodo.net/products/!SecureEmailCertificate_Collec2
r) Enter your email address. Copy-n-paste your "collection address"
from the email. Don't worry, you only use this password once.
s) A new Windows dialog appears, asking if you want to download the cert.
click YES.
t) It will say you have succesfully downloaded the new cert.3. Give the certificate a "Friendly Name" and "Description".
a) in IE, go to the tools menu, and select "Internet Options".
b) Click on the "Content" tab.
c) Click on the "Certificates" button.
d) Select the cert you just downloaded. Click the View button.
e) click the Details tab.
f) Click the "Edit Properties" button.
g) Type in a "Friendly name". I suggest using the name of the
CA and the email address in the cert. So, if your email address
is joe.blow.com, your friendly name would be "Comodo [EMAIL PROTECTED]"
h) Type in a Description, anything you like.
i) make sure that "Enable all purposes" is checked.
j) Click OK to dismiss the Certificate Properties dialog.
k) Click OK to dismiss the Certificate Detail dialog.
l) skip to step 4d below.4. export cert from IE into a file
a) in IE, go to the tools menu, and select "Internet Options".
b) Click on the "Content" tab.
c) Click on the "Certificates" button.
d) Select the cert you just downloaded. Click the export button.
e) A new wizard dialog appears. Click Next.
f) Click on "Yes, Export the private Key", click Next.
g) Select "Personal Information Exchange - PKCS #12 (.PFX)" as the
type of output file. Check the boxes for
"Include all certificates", and "Enable Strong Protection".
Click Next.
h) Enter your private key password, twice. Click Next.
i) Click Browse. Browse to the directory where you want to save
your certificate. My documents is a good choice. Enter a name
for this pfx file, such as comodo.pfx. Click "Save".
j) Click Next
k) Click Finish.
l) A new dialog appears, asking you for your crypto API Private key.
Enter your private key password. I do NOT recommend checking the
box that says "Remember password". Click OK.5. import file into AIM for encrypted instant messaging
a) Fire up AIM and login. Must be AIM 5.2 or later.
b) Edit Preferences (F3 button is a keyboard shortcut).
c) Select Security at the bottom of the list of preference categories.
d) Click the "Advanced" button.
e) Click the Import button.
f) Change the "Files of Type" to indicate PFX type files. Browse to
the same directory in which you saved your PFX file above.
g) Select the PFX file that you exported from IE above. Click Open.
h) If you see a dialog asking you to enter a Master Password twice,
enter your private key password twice, and click OK.
i) Enter your private key password to unlock the PFX file.
j) Click Close
k) Click OK. l) If you have not already done so, add your own screen name into your
buddy list. You will see the lock icon by your screen name in the list.
(This is also useful to see if you get any "warnings".)
m) Any new IM conversations you start with buddies who also have the lock
icon will be signed and encrypted.The next time you login into AIM, you will need to enter both your AIM password AND your private key password.
6. import file into mozilla for email
a) file up mozilla 1.3 or later.
b) In the Edit menu, select preferences.
c) In the list of Preference categories, click Privacy & Security, to
expand it.
d) Click "Master Passwords" under Privacy & Security.
e) click the "Change Password..." button. The "Change Master Password"
dialog appears.
f) If the current password box is grey and says "none", then enter your
private key password twice in "New Password" and "New password (again)"
and click OK. Your private key password will be your master password.
If you already have a master password, and wish to keep it, just click
cancel.
g) In the list of Preference categories, click Certificates under
Private & Security.
h) Click the "Manage Certificates" button.
i) Click the Import Button.
j) in the File Open dialog, go to the directory where you exported your
PFX file above, and select it. Click Open.
k) If it asks you for your master password, enter your master password.
When it asks you for the password for your PKCS12 or PFX file, enter
your private key password.
l) click OK until the Certificate Manager is gone and the Preferences
dialog is closed. Close the Certificate Manager window, if needed.
m) Back in the mozilla browser window, in the edit menu, click on
"Mail and Newsgroup account settings".
n) Find the account for the email address in your certificate, and
select "Security" under that email account.
o) Click the first "Select" button in the "Digital Signing" area.
a "Select Certificate" dialog appears. Choose the cert with the
friendly name you entered above. Click OK.
p) a dialog will ask if you also want to use the same certificate for
encryption. Answer Yes.
q) click OK to dismiss the "Mail & Newsgroup Account Settings" window.After that, to sign or encrypt an outoing email, use the security icon/button near the top of mozilla's email composer window and check the options to sign and/or encrypt. You may be prompted for your private key password to do the signing.
-- Nelson B
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
