Issue Your Own Self-Signed S/MIME Certs with OpenSSL

1
2
3
4

//src - https://gist.github.com/richieforeman/3166387
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.p12

more Create Self-Signed S/MIME Certificates by John Dalesandro - mirror

refs : https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

https://security.stackexchange.com/questions/17583/how-do-i-create-a-valid-email-certificate-for-outlook-s-mime-with-openssl

https://stackoverflow.com/a/20445432

https://www.howtoforge.com/how-to-encrypt-mails-with-ssl-certificates-s-mime

https://gist.github.com/essandess/395446556afea7334826e9df74f85edf

How to apply at COMODO for free email certification

-By any browser, apply for the certification (write down the password you set), wait to receive the COMODO mail

Then using firefox only, goto the link provided to your mail

it will ask for your email and password mailed^

Automatically will install the certificate to firefox, then goto Options > about:preferences#privacy > View Certificates

Find the certificate under Your Certificates tab

Select the certificate and click Backup button, will ask for a password, use a new one, this will generate a .p12 file.

The certificate is valid for 365 days.

Now open Thunderbird, goto Options > Account Settings > Security

Click Manage Certificates, click Import button and point the .p12 file generated from Firefox. Then click the Select

Automatically will find the certificate and ask you :

If you choose yes, you can also encrypt the message body. Now when you open a New Message window, you can choose to Digital Sign it and encrypt it if you like.

source - http://techies-world.com/install-comodo-email-certificate-in-thunderbird/

if you delete the .p12 you cant recover it, doing again the procedure, you getting :

web clients, shows the certificate as attachment :) (always smime.p7s)

Thunderbird - when you sent a signed email, this envelope appears

Outlook

gmail

gmail mobile

Thunderbird when the certificate is not proper :

**

Creating the certificate with openssl

** The openssl advise to use the precompiled from the following distributors. (proof) download MinGW compiled from https://bintray.com/vszakats/generic/openssl

run :

1

openssl genrsa -des3 -out ca.key 4096

[caption width=”775” align=”aligncenter”] ca.key will generated[/caption]

run :

1

openssl req -new -config openssl.cnf -x509 -days 9999 -key ca.key -out ca.crt

[caption width=”1057” align=”aligncenter”] we enter our email address^ this will be used to identify the certificate later on outlook. ca.crt will generated[/caption]

Double click the ca.crt

run :

1

openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.p12

[caption width=”877” align=”aligncenter”] ca.p12 will generated[/caption]

[caption width=”171” align=”aligncenter”] right click[/caption]

[caption width=”933” align=”aligncenter”] [windows + R] > certmgr.msc[/caption]

At outlook File > options > trust center > trust center settings > email security > default setting, settings button > Signing Certificate [choose] > automatically verifies the certificate (we enter before our email address) with the account we have to outlook

Will be identified as :

Now, two new buttons appear on the OPTIONS tab

when tried to sign my first mail, got

possible solution (not tried!).

non important refs :

For outlook https://support.quovadisglobal.com/kb/a416/how-do-i-install-my-digital-certificate-into-outlook-2013-to-encrypt-email-or-digitally-sign-emails.aspx https://knowledge.digicert.com/solution/SO10781.html

For word : https://support.office.com/en-us/article/add-or-remove-a-digital-signature-in-office-files-70d26dc9-be10-46f1-8efa-719c8b3f1a2d

How to sign a file with 3rd party app

https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/1001/7/how-to-verify-your-code-signing-certificate-is-installed-windows Obtaining an S/MIME Certificate to Sign Emails https://support.postbox-inc.com/hc/en-us/articles/202200540-Obtaining-an-S-MIME-Certificate-to-Sign-Emails https://www.openssl.org/docs/manmaster/man1/smime.html https://knowledge.digicert.com/solution/SO10781.html Encrypt messages by using S/MIME in Outlook Web App https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-web-app-2e57e4bd-4cc2-4531-9a39-426e7c873e26 Browser Email Certificates FAQ https://www.instantssl.com/ssl-certificate-support/server_faq/ssl-email-certificate-faq.html

PKCS#12 of .pfx or .p12

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key into a single encryptable file. PFX files are usually found with the extensions .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. The Personal Information Exchange format (PFX, also called PKCS #12) supports secure storage of certificates, private keys, and all certificates in a certification path. The PKCS #12 format is the only file format that can be used to export a certificate and its private key.

.CRT or .CER

CRT is a file extension for a digital certificate file used with a web browser. CRT files are used to verify a secure website’s authenticity, distributed by certificate authority (CA) companies such as GlobalSign, VeriSign and Thawte. (src)

#OpenSSL #thunderbird #firefox #certificate #pfx #p12 #crt

origin - https://www.pipiscrew.com/?p=14493 issue-your-own-self-signed-smime-certs-with-openssl