Nelson B wrote:
Would someone please test these steps for me and tell me if you have any difficulties with them? I wrote this page up a couple weeks ago and need someone to test my directions for me.
= = = = = = = = = = = = = = = = = = = == = = = = = = = = = =
This page tells you, step by step, how to get a free certificate from comodo (a well known certificate authority), and use it for email and AIM.
6 major steps, lots of substeps.
1. Make up two new passwords. a) one to protect your private key, call it your "private key password". This will be known only to you, and will be stored NOWHERE on any computer (unless you put it in a file somewhere). You must not lose it. There's no way to recover it if it is lost. It must not be one anyone can find in a dictionary, or guess (even if they know all the names of all your relatives, friends, pets, mother's maiden name, city of birth, etc.). b) a comodo web site password, NOT the same as above, since it will be known to comodo, called the "revocation password". This should be as unguessable as the private key password, but different from it.
2. get your certificate from Comodo into IE a) You must use IE for this step. Comodo's web pages don't work with other browsers, as far as I know. b) go to http://www.comodogroup.com/products/certificate_services/free_email.html c) click the link "Sign up now", which takes you to https://secure.comodo.net/products/frontpage?area=SecureEmailCertificate d) click the Advanced Security Options button. This will take you to https://secure.comodo.net/products/SecureEmailCertificate_Signup (maybe you could just go here directly) e) Fill in your first name, last name, email address, country, f) choose the Microsoft Enhanced crypto service provider from the list.
The name in my IE is "Microsoft Enhanced Cryptographic Provider v1.0" The user must have enhanced security patch if it is an export version.
g) Select key size of 1024 bits (keep it small for AIM)
h) Check both "User Protected" and "Exportable" boxes.
i) Enter your "Revocation Password" twice. This password is your
password for the comodo web site.
j) Click "Agree and continue".
"Potential Scripting Violation"-window. It might scare the user ;-)
k) A Windows dialog will appear that asks you if you want to create a
new key. Click Yes. Then another new dialog will appear that says
"Creating a new Key".
l) Click the button that says "Choose Security Level"
m) Choose HIGH level security, click Next.
n) Enter your new Private Key Password, twice. Click finish.
o) Click OK. Wait for them to send email to the email address you gave
in step e above. This will take 5-10 minutes. Keep IE open.
e-mail got junked :-)
p) Read the email with the subject
"Your certificate is ready for collection!".
This email will contain a button that reads
"Collect and install Certificate", and an https link,
and a "collection password". DO NOT CLICK the button.
q) Using the open IE window, go to
https://secure.comodo.net/products/!SecureEmailCertificate_Collec2
r) Enter your email address. Copy-n-paste your "collection address"
from the email. Don't worry, you only use this password once.
s) A new Windows dialog appears, asking if you want to download the cert.
click YES.
t) It will say you have succesfully downloaded the new cert.
3. Give the certificate a "Friendly Name" and "Description". a) in IE, go to the tools menu, and select "Internet Options". b) Click on the "Content" tab. c) Click on the "Certificates" button. d) Select the cert you just downloaded. Click the View button. e) click the Details tab. f) Click the "Edit Properties" button. g) Type in a "Friendly name". I suggest using the name of the CA and the email address in the cert. So, if your email address is joe.blow.com, your friendly name would be "Comodo [EMAIL PROTECTED]" h) Type in a Description, anything you like. i) make sure that "Enable all purposes" is checked. j) Click OK to dismiss the Certificate Properties dialog. k) Click OK to dismiss the Certificate Detail dialog. l) skip to step 4d below.
4. export cert from IE into a file a) in IE, go to the tools menu, and select "Internet Options". b) Click on the "Content" tab. c) Click on the "Certificates" button. d) Select the cert you just downloaded. Click the export button. e) A new wizard dialog appears. Click Next. f) Click on "Yes, Export the private Key", click Next. g) Select "Personal Information Exchange - PKCS #12 (.PFX)" as the type of output file. Check the boxes for "Include all certificates", and "Enable Strong Protection". Click Next. h) Enter your private key password, twice. Click Next. i) Click Browse. Browse to the directory where you want to save your certificate. My documents is a good choice. Enter a name for this pfx file, such as comodo.pfx. Click "Save". j) Click Next k) Click Finish. l) A new dialog appears, asking you for your crypto API Private key. Enter your private key password. I do NOT recommend checking the box that says "Remember password". Click OK.
I don't have AIM installed so I stop here for now...
-- Emil Assarsson _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
