Search This Blog

Thursday, July 03, 2008

Thawte Free Email Certificate vs Vista IE7

For a long long time, Thawte hsa not came out with a solution to allow easy installation of their free email cerifitcations on Vista / IE7. Vista has already launched SP1 and Thawte is still there...

Well for those who did not know what a email certificate is... Imagine SSL.. Ok, even more plain, the padlock you will see on the browser when you do you internet banking... Well, thats encryption. SSL is basically encryption. But you need a SSL certificate to do the encryption. Email certificate is somethign very similar. But on top of being able to do encryption, email certificate also allow you to identify yourself. This mean when you friend / client receive a email signed by your email certificate, they can be sure its you. If the email ash been tampered, changed, edited, forwards etc.. the signing will fail and you will see a X on your email client. What? You are still using Lotus Notes? Man, get a real email client, FCS!

Anyway, back to this issue of using Thawte Email Certificates. Its FREE. Thats one plus point. And so far I tried many, like komodo etc.. And evne one which I will not name, who issue email cert, but their own SSL cert is kinda expired or blacklist... This is the type of CA you should avoid. In any case, Thawte has the advantage.

Sometime back in Dec 2007, thawte posted a "solution" to the Vista IE7 problem.
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=S:SO5558&actp=search&searchid=1215093218617
Well if you do not know whats the problem, it can only means you are not using Vista or are using IE7 or below on XP. anyway, the problem is there is no support for creating the private key to make the certificate.

Anyway, if you follow the instruction above, you will hit the Error: "424 Object required" error.
Thawte suggest your try :
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO5657
OK, stop right here. This is the step I strong advice you DO NOT do. Whats is the point of using a certificate when you have to cripple your security on your browser to get the certificate in the first place?

This is my approach :
Grab a machine with Win XP. Yes, a VM is good. Always keep Win XP VM around.
Go through the process and request the cert, then complete it by installing the cert.
Now, you will have to export the cert.
Ok, this is the tricky part. Listen carefully, or you will find that you cant import your cert properly later...
YOU NEED TO EXPORT YOUR PRIVATE KEY.
Choose that... then the rest you can play around with... use a good password. But I strongly suggest after importing sucessfully onto your Vista that you delete the exported keys away.

Put all your *.PFX together and bring it to your Vista machine. Open IE options and then import them. Just let IE decide where to put the certs. It should end up in the Personnel folder. Otherwise, you done it wrongly. See the CAPITAL above. Once all yoru cert if done, go ahead and sign some email with your Outlook and smile.

I try to be brief here cos I figure most of us knows what we are doing. If you have problem wit hthis instruction, please post a comment and I will try to help you out. For Firefox, the procedure is different, so lets just worry about IE / Vista here.

I wonder why I searched and cannot find this solution on Google...

3 comments:

Anonymous said...

Thank You. Your work around worked as you said it would. I appreciate the work some do for the greater good!

Anonymous said...

hey, thanks alot for the hint.

stupid me didn't think of it .)

SSL247.co.uk said...

I never thought of this work around and i have wasted lots of time on this! thanks for pointing me in the right direction! works a treat.

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.