Hi Kin,
This looks very good! Great for personal digital signatures! This will
solve some of the personal digital signature issues! Good job!
Do you have any ideas on how to implement something similar using our
CalNetPKI system? We are able to create UC based certificates using
Don's method, but are unable to validate them since we don't have a OCSP
authentication service available on campus. We have CRL validation
available, but not OCSP.
-Bruce
Bruce Satow
Space Sciences Laboratory
University of California
Berkeley, California 94720-7450
(925) 643-2348
AST:7731^29u18e3
Si hoc legere scis nimium eruditionis habes
Kin Jung wrote:
> Hi All,
>
> Back in 2004 I looked into Digital Signatures and, while a little bit of
> a pain, here's how I did it back then
> using the browsers and mail clients available then. Of note, this was
> written for a Mac user but the concepts
> should be universal.
>
> Regards,
>
> Kin
>
>
> You need to use Mozilla to complete the certificate process. Below are
> some instructions on how to get an S/MIME certificate from Thawte.com
>
>
> *Request a certificate:*
> 1. Launch Mozilla (I kid you not, this won't work in Safari as of
> 7/2004--it might work now, 1/2007)
> 2. Go to Thawte's web site and get your FREE personal email certificate.
> http://www.thawte.com/secure-email/personal-email-certificates/index.html
> 4. Register with Thawte
> 5. Request a new "X.509 Certificate".
> 6. After filling in the request Mozilla will prompt you for a password
> for the "Software Security Device". This is the password for Mozilla's
> internal password/certificate management system. It's not your keychain
> password.
> 7. Now go to the "View Certificate Status" page on Thawte's page. You
> should see your requested certificate with a status of either "Pending"
> or "Issued". If it's pending, wait a while until it's issued. The last
> one I did took about 10 minutes to get issued.
> 8. Once the certificate has been issued view the details of it an then
> click the "Fetch" icon at the bottom of the detail page.
> 9. Bring up the prefs panel in Mozilla and select the "Certificates"
> item under Privacy & Security.
> 10. Click on the "Manage Certificates..." button. This will show a
> list of certificates that you have downloaded.
> 11. Select the certificate you just created and click the "Backup"
> button.
> 12. Enter a filename and save it somewhere.
> 13. Quit Mozilla
>
> *Add the Cert to your Keychain*
> 1. Go find the cert that you saved from step #12 in the Finder and
> double click it
> 2. You'll be prompted for the password for the item and what keychain
> to add the cert to.
>
> *Try it out in Mail*
> 1. In Mail, compose a new message from the email address that you got
> the cert for. You should see the "Sign" button in the compose window.
> 2. Verify that in the message you receive there is a Security header
> saying "Signed".
> 3. There is no step 3!
>
>
> Kin Jung
>
> Marketing & Outreach, The Scholar's Workstation, U.C. Berkeley
>
> 2200 University Avenue, Room 41, Berkeley, California 94720-3808
>
> tel. 510 643 6181 fax. 510 643 6201 email <ksjung_at_tsw.berkeley.edu
> <mailto:ksjung_at_tsw.berkeley.edu>>
>
> website <http://calcomputers.berkeley.edu>
>
> showroom hours: 9am-4pm Monday-Thursday; 9am-12noon Friday
>
>
>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Thu Jan 11 2007 - 14:09:53 PST
This archive was generated by hypermail 2.2.0 : Thu Jan 11 2007 - 14:09:53 PST