1. Home
2. E-mail
3. Smime

S/MIME: digitaal handtekenen of encrypteren van e-mail

Description for Outlook and Mozilla Thunderbird.

Obtaining a certificate

In the first instance you need a certificate. You can obtain this through an external company or you can create the certificate yourself.

It is important that you keep the certificate in a safe place and keep it in mind
means that you may need it later, eg when buying a new PC.

• Obtained a (free) certificate from an external company
  • Thawte
  • Comodo
  • GlobalTrust
• Create your own certificate
  • http://kb.mozillazine.org/Getting_an_SMIME_certificate
  The addressees must manually add the certificate to the 'Certificate Authorities' to be accepted.

As an example, we choose a free certificate from Comodo. Your certificate will be sent to you after +/- 15 minutes. You have to get it through Internet Explorer, because that is where the certificate will be installed.

With Outlook, the certificate will normally be automatically installed after this procedure.

For Mozilla Thunderbird you still need to export the certificate from the internet explorer to a safe location on your computer. After that you can import it into Thunderbird and it is ready for use.

• Exporting in Internet Explorer is done via 'Tools' - 'Internet Options' - 'Content' - 'Certificates'. Then click on the certificate that you need to export in the Personal tab (normally it is issued by: UTN-USERFirst-Client Authentication and Email . In the wizard you choose the option ' Yes, export the private key', then just leave 'heavy security' checked and follow the wizard, you will also be asked for a password. save the certificate and normally it should be a pfx file)
• Importing into Thunderbird is done via 'Tools' - 'Account settings' - 'Security' - 'View certificates' - 'Import'. Then go to the pfx file and click 'ok'. Then click on 'Select' at 'Use this certificate to digitally sign messages you send' and choose your own certificate, the same at 'encrypt'. The certificate is for both the digital signature and the encryption.

Exchanging your certificate

In order to send encrypted e-mails, you must first have the certificate of the correspondent with whom you wish to use encryption. And vice versa, this person must have your certificate to be able to send you encrypted emails. Both parties simply send each other a message with their digital signature.

• In Outlook for a new message, choose 'View' - 'Options' - 'Security Settings'.
• In Mozilla Thunderbird for a new message, select 'Message Digital Signing' via 'Options' - 'Security'. You send that message and the recipient can then send you already encrypted messages (provided of course that he uses S/MIME and has created a certificate.

Sending encrypted mail

To actually send an encrypted message, open a new message in Outlook and choose the addressee (not from the LDAP because no certificates are kept there, but from your personal address book) and then go to 'View' - 'Options '-' Security settings' and there you can then digitally sign and/or encrypt your message.

To do the same in Mozilla Thunderbird open a new message, choose the addressee (from your personal address book, it will not work from LDAP, because no certificates are kept there) and click on 'Options' - 'Security' - 'Encrypt message'.