Installing, Renewing and Backing Up Secure Email Certs in Thunderbird 2.x
- Save attachment (username.P12) from the e-mail message to desktop or folder.
- Open Thunderbird and go to Tools Menu-->Options. (In Mac OS X, go to Thunderbird-->Preferences)
- Click on the "Advanced" icon and the "Certificates" Tab.
- Click on "View Certificates"
- In the Certificate Manager window click on "Your Certificates" Tab.
- Select the "Import" button at the bottom and browse to your security certificate you saved in step 1.
Skip 7 IF RENEWING. Instead Thunderbird will ask for the Certificate DB password the user set previously.
- You will be prompted to set a password. This password will be used by the database stored on your PC. If your PC crashes, the certificate database will be lost and you will have to reconfigured. Enter a “LOCAL CERTIFICATE DATABASE” password that only you will know. Due to legal reasons, NEVER hand this password out. Password will need to be typed twice. Provide the location of the file (username.P12). Press the OPEN button.
- Provide the password supplied by firstname.lastname@example.org.
- It will display a message saying it was successfully imported. Click the OK button.
Skip 10-14 IF RENEWING.
- In Internet Explorer (for Mac OS X use Safari) go to http://www.siumed.edu/som.cacert and save this file (som.cer) to your desktop.
- Again in Thunderbird go to Tools Menu-->Options-->Advanced icon-->Certificates tab and click on "View Certificates"
- In the Certificate Manager window click on "Authorities" Tab.
- Click on "Import" button and browse to the "som.cer" file you downloaded to your desktop in step 10.
- Check the following three options:
- Accept this Certificate Authority for Certifying Network sites.
- Accept this Certificate Authority for Certifying e-mail users.
- Accept this Certificate Authority for Certifying software.’
- In Thunderbird, go to Tools-->Account Settings-->Security
- Optionally check the following line “Digitally Sign Messages (by default).” It is NOT recommended to check “Required” for Default Encryption Settings.
Press the OK button to get out.
Delete the file you saved (username.P12) and shred the paper which has your password.
- Double check the security certificate that is selected for signing and encrypting messages by clicking the "Select" button next to the certificate name. Make sure it has the latest expiration date. Sometimes when installing a new cert the older cert is still set as the default certificate to sign/encrypt messages.
- If you want e-mail signatures and/or encryption on every piece of e-mail you send, you will need to load the “certificate database” on every PC you use to send e-mail.
- If you do not have a “certificate database” loaded on your PC and you want to “trust” a certificate (someone is sending you an e-mail with a signature), you can follow steps #10-14.
- The certificates will expire in a year. Each year, you will be awarded a new certificate. In order to get the new certificate to work, you will redo the steps mentioned above.
- To change the “certificate database” password in Thunderbird go to Tools Menu-->Options (in Mac OS X go to Thunderbird-->Preferences) and click on the "Privacy" button and "Passwords" Tab. Select "Change Master Password" and enter old password once and new password twice.
Backing Up Secure Certificates
- Again in Thunderbird to to Tools Menu-->Options-->Advanced icon-->Certificates tab and click on "View Certificates"
- Select "Your Certificates" Tab.
- Select "Backup All" button.
- Enter your "Master Password" (this is your LOCAL CERTIFICATE DATABASE password that you created).
- Browse to where you want to save your backup certificate to and give it a filename (for example: cert_backup). You should save this file to a secure location such as a CD that can be locked up in a filing cabinet or drawer. You should not keep your back up copy on a local drive (like C:\) that is accessible to other users.
- You will then be given the option to create a certificate backup password that protects the backup file you are about to create. It is recommended that you do protect this backup file with a password. IMPORTANT: If you forget your certificate backup password, you will not be able to restore this backup later. Please record it in a safe location.