Signing your email

I recently obtained a “free personal email certificate” from Thawte. These certificates are valid for one year from the time you request them. My request was filled automatically in a matter of minutes. The tricky part with these things is not requesting them, but getting them installed in your email client. I thought I would share the procedure I went through to accomplish this.

Roughly, one your cert has been issues, Thawte will send you an email containing a link, which you must visit in the same brower on the same machine logged in as the same user as when you made the request. This link causes your browser to automatically add the certificate (at least that was the case for me with both Mozilla and Firefox).

This is all well and good, but I want the certificate in my emailclient! I accomplished this by backing up the certificate from Firefox to a .p12 file (PKCS12). Once backed up (which you should probably do anyways in case you change browsers or mail clients during the year, which you almost certainly will), the cert can be imported into your email client (in my case, Thunderbird).

To export a cert in FireFox:

Edit : Preferences : Advanced : Manage Certificates : Your Certificates tab : “Thawte Freemail Member” : Backup.
Now choose a place to put the .p12 file.

To import a cert in Thunderbird:

Tools : Options : Advanced : Manage Certificates : Your Certificates tab : Import
Now select the .p12 file you made above.

There are various options for the default behavior with this certificate. In my opinion, you should set the default to always sign the message.