Hi Bruce,
I'm not certain how to do this using the CalNetPKI system.
I checked out the IST page on CalNetPKI dated 12/9/2003 <http://
calnetad.berkeley.edu/documentation/calnetpki/calnetpki.html>
and read that:
> At this time, CalNetPKI does not meet the California Digital
> Signature Regulations requirements for legally recognized digital
> signatures.
California Digital Signature Regulations: http://www.ss.ca.gov/digsig/
regulations.htm
I'm not certain what has changed, if anything, in the last 3 years.
You might try contacting the Technical Account Management team within
IST. They may be able to better help you and the campus sort this out.
http://tam.berkeley.edu
Sit vis vobiscum,
Kin
On Jan 11, 2007, at 2:05 PM, Bruce Satow wrote:
> Hi Kin,
>
> This looks very good! Great for personal digital signatures! This
> will solve some of the personal digital signature issues! Good job!
>
> Do you have any ideas on how to implement something similar using
> our CalNetPKI system? We are able to create UC based certificates
> using Don's method, but are unable to validate them since we don't
> have a OCSP authentication service available on campus. We have CRL
> validation available, but not OCSP.
>
> -Bruce
>
>
> Bruce Satow
> Space Sciences Laboratory
> University of California
> Berkeley, California 94720-7450
> (925) 643-2348
>
> AST:7731^29u18e3
>
> Si hoc legere scis nimium eruditionis habes
>
> Kin Jung wrote:
>> Hi All,
>> Back in 2004 I looked into Digital Signatures and, while a little
>> bit of a pain, here's how I did it back then
>> using the browsers and mail clients available then. Of note, this
>> was written for a Mac user but the concepts
>> should be universal.
>> Regards,
>> Kin
>> You need to use Mozilla to complete the certificate process. Below
>> are
>> some instructions on how to get an S/MIME certificate from Thawte.com
>> *Request a certificate:*
>> 1. Launch Mozilla (I kid you not, this won't work in Safari as of
>> 7/2004--it might work now, 1/2007)
>> 2. Go to Thawte's web site and get your FREE personal email
>> certificate.
>> http://www.thawte.com/secure-email/personal-email-certificates/
>> index.html
>> 4. Register with Thawte
>> 5. Request a new "X.509 Certificate".
>> 6. After filling in the request Mozilla will prompt you for a
>> password
>> for the "Software Security Device". This is the password for
>> Mozilla's
>> internal password/certificate management system. It's not your
>> keychain
>> password.
>> 7. Now go to the "View Certificate Status" page on Thawte's page.
>> You
>> should see your requested certificate with a status of either
>> "Pending"
>> or "Issued". If it's pending, wait a while until it's issued. The
>> last
>> one I did took about 10 minutes to get issued.
>> 8. Once the certificate has been issued view the details of it an
>> then
>> click the "Fetch" icon at the bottom of the detail page.
>> 9. Bring up the prefs panel in Mozilla and select the "Certificates"
>> item under Privacy & Security.
>> 10. Click on the "Manage Certificates..." button. This will show a
>> list of certificates that you have downloaded.
>> 11. Select the certificate you just created and click the "Backup"
>> button.
>> 12. Enter a filename and save it somewhere.
>> 13. Quit Mozilla
>> *Add the Cert to your Keychain*
>> 1. Go find the cert that you saved from step #12 in the Finder and
>> double click it
>> 2. You'll be prompted for the password for the item and what
>> keychain
>> to add the cert to. *Try it out in Mail*
>> 1. In Mail, compose a new message from the email address that you
>> got
>> the cert for. You should see the "Sign" button in the compose window.
>> 2. Verify that in the message you receive there is a Security header
>> saying "Signed".
>> 3. There is no step 3!
>> Kin Jung
>> Marketing & Outreach, The Scholar's Workstation, U.C. Berkeley
>> 2200 University Avenue, Room 41, Berkeley, California 94720-3808
>> tel. 510 643 6181 fax. 510 643 6201 email
>> <ksjung_at_tsw.berkeley.edu <mailto:ksjung_at_tsw.berkeley.edu>>
>> website <http://calcomputers.berkeley.edu>
>> showroom hours: 9am-4pm Monday-Thursday; 9am-12noon Friday
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Thu Jan 11 2007 - 16:46:06 PST
This archive was generated by hypermail 2.2.0 : Thu Jan 11 2007 - 16:46:07 PST