A bit of background knowledge If Alice wants to send Bob an encrypted mail she needs the public key of Bob. So to do encrypted communication Alice first has to get an email certificate for herself and send Bob a signed message.

Bob's mailer usually automatically extracts the certificate from the signature and stores it in its certificate database.

Now Bob has the option to send Alice an encrypted mail, even if he has no certificate for his mailer!

But usually Bob should also get his own certificate, otherwise encryption can only be used for one direction of message transfer.

Getting a personal email client cert Simple way: Use a browser Using this method, your private and public keys will automatically be generated by your browser and the public key will be sent to CAcert for signing.

Your private key is never transmitted over the network it stays in your browser's secure storage but can be exported from there afterwards. Make sure you get 50 or more assurer points, so that you can generate a certificate with your name in it.

Login to the CAcert. Click on New to generate a new client certificate. Check the box for the e-mail address es that you want to use the certificate with, and make choose the Display.

Name that suits you best. In the next page you get a form where you can choose two different certificate strengths. Certificate and wait until you see the page Installing your certificate.

You'll now have a certificate under the tab Your certificates. Internet Explorer The way to generate a key and certificate is almost the same with Internet Explorer, it just looks a bit different. Have a look at If asked about the security level usually medium security is advisable, otherwise you'll have to enter a password every time your certificate is used.

After the procedure is complete the certificate and private key is in window's certificate storage and can be used by some other programms like Outlook. Start the command prompt or open the "Run The result is a PKCS12 file, fit for import in every program that supports a minimum standard.

Give it a try, it's easy!

Create key locally using OpenSSL and get certificate with CSR The steps are similiar to the procedure described above, where your browser generates the key pair for you. However, if your browser doesn't support automatic key generation or you don't trust your browseryou can always create the key pair manually.

Before logging in to CAcert. These are the needed steps in order: Assemble the certificate in PKCS12 format.

One possible way to accomplish this is the following: Using as the length of your key in bitsissue the following command: After that the private key is in file private. Log into the CAcert. Check Show advanced options: Paste the complete contents of the file my.

Works on Mac OS X or later. Compatible with Linux distributions such as Debian, Ubuntu, Fedora, etc. Use Standard Flowchart Symbols. FAQ. For more details and a client cert FAQ see the ClientCerts page.. A bit of background knowledge. If Alice wants to send Bob an encrypted mail she needs the public key of Bob.

