[Skip navigation links]

S/MIME Certificates

I am having trouble setting up two factor authentication using a S/MIME personal certificate.
See the guide the AusCERT CSM RAO Administrator Quick Start Guide (QSG), version 1.05. Guidelines about how to set up two factor authentication are particularly relevant, page 18 - 20. It is important to note that if you are setting up two factor authentication for another person via the CSM, they must send you their personal certificate first. The best way to do this is to ask them to send you a digitally signed email with their certificate. When you receive it; open the certificate and check that it has been imported into your computer's certificate store. If not, then you may need to manually import it.Top
I am using Chrome for Apple Mac and am having trouble setting up two factor authentication using a S/MIME personal certificate. Chrome won't let me select the correct certificate to use as an authentication factor to log into my CSM account.
This is a known issue to do when using Chrome for Apple Mac. This problem doesn't apply when using Chrome on Windows. There are a number of workarounds to this problem. Firstly, use another browser that doesn't have this problem such as Firefox or Safari. Or, ask the RAO/DRAO who is setting up 2FA for you to associate the certificate already associated with your Chrome browser in Apple Mac, instead of the new certificate you are trying to associate. Follow the steps described in the previous paragraph, except make sure that you select the certificate that Chrome has identified within the Apple certificate store. Top
When I send a digitally signed email with an attachment, the digital signature breaks for recipients of the email (but not the sender of the email).
This is likely to be a problem with the MS Exchange Server in your organisation. See: http://support.microsoft.com/kb/949703 . To correct this you will need to ask that the server be updated.Top
How do I send an encrypted email using my S/MIME certificate?
The public key within a person's S/MIME certificate is used to encrypt a message. The person's private key (which only they have access to) is used to decrypt the message. Hence, to send an encrypted email, all parties in the communication need to have their own personal (S/MIME certificate) so you can encrypt the message separately to each party (including yourself).
You will need to check that you have successfully imported all certificates for all recipients of the email before you attempt to send an encrypted email to them.
If you are using MS Outlook, check that the person is a saved contact. If not, create one. Then check if there is a certificate associated with this identity. If not, then you will need to manually import and associate the certificate with that identity. The easiest way to do this is to ask them to send you a digitally signed email with their S/MIME certificate; which you can then manually import and associate with the contact. Once this is done you will be able to select "encrypt" from the "option" tab before you send an email to them.Top
How do I digitally sign an email using my S/MIME certificate?
http://office.microsoft.com/en-us/outlook-help/secure-messages-with-a-digital-signature-HP001230539.aspx
Also, if you are using multiple identities from your Outlook account, make sure you select the correct identity (email address) associated with the certificate you wish to use, otherwise you won't be able to send a signed message.Top
How do I check if a digital signature is valid?
http://office.microsoft.com/en-us/visio-help/how-to-tell-if-a-digital-signature-is-trustworthy-HA010354321.aspx
http://office.microsoft.com/en-us/outlook-help/how-to-tell-if-a-digital-signature-is-trustworthy-HA001230875.aspx
http://office.microsoft.com/en-us/outlook-help/verify-the-digital-signature-on-a-signed-message-HP001230544.aspx.Top