1
2
3
4
//src - https://gist.github.com/richieforeman/3166387
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.p12
more Create Self-Signed S/MIME Certificates by John Dalesandro - mirror
refs : https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/
https://security.stackexchange.com/questions/17583/how-do-i-create-a-valid-email-certificate-for-outlook-s-mime-with-openssl
https://stackoverflow.com/a/20445432
https://www.howtoforge.com/how-to-encrypt-mails-with-ssl-certificates-s-mime
https://gist.github.com/essandess/395446556afea7334826e9df74f85edf
How to apply at COMODO for free email certification
-By any browser, apply for the certification (write down the password you set), wait to receive the COMODO mail
Then using firefox only, goto the link provided to your mail
it will ask for your email and password mailed^
Automatically will install the certificate to firefox, then goto Options > about:preferences#privacy > View Certificates
Find the certificate under Your Certificates tab
Select the certificate and click Backup button, will ask for a password, use a new one, this will generate a .p12 file.
The certificate is valid for 365 days.
Now open Thunderbird, goto Options > Account Settings > Security
Click Manage Certificates, click Import button and point the .p12 file generated from Firefox. Then click the Select
Automatically will find the certificate and ask you :
If you choose yes, you can also encrypt the message body. Now when you open a New Message window, you can choose to Digital Sign it and encrypt it if you like.
source - http://techies-world.com/install-comodo-email-certificate-in-thunderbird/
if you delete the .p12 you cant recover it, doing again the procedure, you getting :
web clients, shows the certificate as attachment :) (always smime.p7s)
Thunderbird - when you sent a signed email, this envelope appears
Outlook
gmail
gmail mobile
Thunderbird when the certificate is not proper :
**
Creating the certificate with openssl
** The openssl advise to use the precompiled from the following distributors. (proof) download MinGW compiled from https://bintray.com/vszakats/generic/openssl
run :
1
openssl genrsa -des3 -out ca.key 4096
[caption width=”775” align=”aligncenter”] ca.key will generated[/caption]
run :
1
openssl req -new -config openssl.cnf -x509 -days 9999 -key ca.key -out ca.crt
[caption width=”1057” align=”aligncenter”] we enter our email address^ this will be used to identify the certificate later on outlook. ca.crt will generated[/caption]
Double click the ca.crt
run :
1
openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.p12
[caption width=”877” align=”aligncenter”] ca.p12 will generated[/caption]
[caption width=”171” align=”aligncenter”] right click[/caption]
[caption width=”933” align=”aligncenter”] [windows + R] > certmgr.msc[/caption]
At outlook File > options > trust center > trust center settings > email security > default setting, settings button > Signing Certificate [choose] > automatically verifies the certificate (we enter before our email address) with the account we have to outlook
Will be identified as :
Now, two new buttons appear on the OPTIONS tab
when tried to sign my first mail, got
possible solution (not tried!).
non important refs :
For outlook https://support.quovadisglobal.com/kb/a416/how-do-i-install-my-digital-certificate-into-outlook-2013-to-encrypt-email-or-digitally-sign-emails.aspx https://knowledge.digicert.com/solution/SO10781.html
For word : https://support.office.com/en-us/article/add-or-remove-a-digital-signature-in-office-files-70d26dc9-be10-46f1-8efa-719c8b3f1a2d
How to sign a file with 3rd party app
https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/1001/7/how-to-verify-your-code-signing-certificate-is-installed-windows Obtaining an S/MIME Certificate to Sign Emails https://support.postbox-inc.com/hc/en-us/articles/202200540-Obtaining-an-S-MIME-Certificate-to-Sign-Emails https://www.openssl.org/docs/manmaster/man1/smime.html https://knowledge.digicert.com/solution/SO10781.html Encrypt messages by using S/MIME in Outlook Web App https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-web-app-2e57e4bd-4cc2-4531-9a39-426e7c873e26 Browser Email Certificates FAQ https://www.instantssl.com/ssl-certificate-support/server_faq/ssl-email-certificate-faq.html
PKCS#12 of .pfx or .p12
The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key into a single encryptable file. PFX files are usually found with the extensions .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. The Personal Information Exchange format (PFX, also called PKCS #12) supports secure storage of certificates, private keys, and all certificates in a certification path. The PKCS #12 format is the only file format that can be used to export a certificate and its private key.
.CRT or .CER
CRT is a file extension for a digital certificate file used with a web browser. CRT files are used to verify a secure website’s authenticity, distributed by certificate authority (CA) companies such as GlobalSign, VeriSign and Thawte. (src)
#OpenSSL #thunderbird #firefox #certificate #pfx #p12 #crt
origin - https://www.pipiscrew.com/?p=14493 issue-your-own-self-signed-smime-certs-with-openssl