Task 7.7: Installing and Using a Digital Certificate
The Internet makes it possible to do business with people from around the world, but this brings up the issue of trust. How do you establish trust with someone you have never seen? The answer is digital certificates. Certificates give users the ability to have confidence in the identity of whom they deal with and can also aid in protecting the confidentiality of information.
Scenario
Management has become worried about spoofing and the lack of ability to determine true identity during electronic transactions. They have asked for your advice.
Scope of Task
Duration
This task should take about 20 minutes.
Setup
For this task, you’ll need a Windows computer, access to the Administrator account, and an Internet connection.
Caveat
While digital certificates are very secure, they can be compromised if private key information is not guarded or if an attacker can get someone to accept a fake certificate.
Procedure
In this task, you will learn how to install and use a digital certificate.
Equipment Used
For this task, you must have:
- A Windows computer
- Access to the Administrator account
- Microsoft Outlook
- An Internet connection
Details
This task will show you how to get a certificate, install it into Microsoft Outlook, and use it to add digital signatures to emails.
Installing a Digital Certificate
1. The first step in this task is to obtain a digital certificate. They can be obtained from many different vendors, including VeriSign, Comodo, and GeoTrust. In this task, you will be downloading the certificate from Comodo. They provide certificates for free as long as they are for noncommercial use.
2. Go to www.comodo.com/home/email-security/free-email-certificate.php to get your free digital certificate. You will need to fill out a short form. Details on how to download the certificate will be sent to your email address.
3. Open your email from Comodo and follow the link to the certificate download to install the certificate in your computer.
4. To use the certificate, first open Outlook.
5. Select Tools ⇒ Options.
6. In the Options dialog box, choose the Security tab. Then click the Settings button to open the Change Security Settings dialog box.
7. In the Change Security Settings dialog box, enter a name for your security setting in the Security Settings Name field.
8. Ensure S/MIME is selected from the Cryptography Format drop-down.
9. Check Default Security Setting For This Cryptographic Message Format.
10. In the Certificates And Algorithms section, click the Choose button for the Signing Certificate field.
11. In the Select Certificate dialog box, select your secure email certificate.
12. View your certificate by clicking the View Certificate button. The Certificate dialog box displays four tabs, which provide more detail about your certificate. Click on each tab to learn more about the certificate. After examining the options, click OK to return to the Select Certificate dialog box and click OK again to select the certificate and return to the Change Security Settings dialog box.
13. While in the Change Security Settings dialog box, make sure Send These Certificates With Signed Messages is selected.
14. Click OK to return to the Options dialog box and then click OK to return to Outlook.
Using a Digital Certificate
1. With Outlook open, create a new message to send to an associate. You are free to fill out this message as you see fit. You may simply want to tell a friend you are now using a digital certificate for email so that your friend will be certain that the mail is really from you.
2. After creating the message, click the Options button at the top of the Message window.
3. In the Options dialog box, click the Security Settings button. This will open the Security Properties dialog box. Select Add Digital Signature To This Message and click Ok.
4. Close the Message Options dialog box. Then send your signed email.
Remember, the task has demonstrated the process to sign emails to verify proof of identity. To encrypt emails, you will need to have someone sign her email and send you her public key.
Criteria for Completion
You have completed this task when you have created and installed a digital certificate.