Whole document tree
| SSL Certificates HOWTO | ||
|---|---|---|
| Prev | Chapter 2. Certificate Management | |
2.7. Securing E-mails.
2.7.1. Generate and use an s/mime certificate
Simply generate and sign a certificate request but with the Common Name (CN) being your e-mail address.
Now sign your message test.txt (output test.msg) using your certificate newcert.pem and your key newreq.pem:
openssl smime -sign -in test.tx -text -out test.msg -signer newcert.pem -inkey newreq.pem |
2.7.2. To use this certificate with MS Outlook
You need to import it in Outlook as a pkcs12 file. To generate the pkcs12 file from your newcert.pem and newreq.pem:
CA.pl -pkcs12 "Franck Martin" (openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out newcert.p12 -name "Franck Martin") |
Beware this certificate contains your public and private key and is only secured by the passphrase. This is a file not to let into everybody's hand.
In MS Outlook go to Tools, Options and Security, Click on the import/export button select to import the newcert.p12 file, enter the export password and the Digital ID "Franck Martin" (That's my name so use your name in the above examples). And Click on Ok.
Now click on the Settings button, MS Outlook should have selected the default setting so just click on New. And finally click on Ok, except if you want to change the default settings. You are ready to send signed e-mails. When you send a signed e-mail the user at the other end will receive your public key, and will therefore be able to send you encrypted e-mails.
As you have issued this certificate from a self-signed certificate (root CA Certificate), the trust path won't be valid because the application does not know the root CA Certificate. The root CA certificate has to be downloaded and installed. Refer to the chapter "Install the CA root certificate as a Trusted Root Certificate in Internet Explorer"