Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

s/mime Certificate - Choosing the CA


  • Please log in to reply
6 replies to this topic

#1 maxknux

maxknux

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockville, MD
  • Local time:02:01 AM

Posted 30 December 2013 - 11:28 PM

Hello I started using Verisign as my Certificate Authority (CA) which is now owned by Symantec. Verisign sells Email Certificates called Verisgn Digital IDs now its called Norton Digital Ids.

 

http://www.symantec.com/verisign/digital-id

 

The troubling part for me is the change to put "persona not validated" in the Common Name (CN).

 

I was looking at other providers like Comodo which seems to be the only provider that provides free 1 year email certificates but also follow the "persona not validated."

 

http://www.comodo.com/home/email-security/free-email-certificate.php

 

 

The other providers I saw were:

 

Entrust

http://www.entrust.net/secure-email/index.htm

 

Global Sign

https://www.globalsign.com/secure-email/

 

I see that global sign has persona vaildatation but increase the price for it $70 from the others $20.

 

https://www.globalsign.com/personalsign/comparison.html

 

What CA do people recommend because I can't find a review site saying which is choose?

 

I mostly use Outlook 2013 64 bit as my s/mime client for my personal yahoo email.


Edited by maxknux, 30 December 2013 - 11:39 PM.


BC AdBot (Login to Remove)

 


#2 gilh99

gilh99

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 05 January 2015 - 10:54 AM

Interested in whether some more information is available.

In my search for getting rid of "Persona Not Validated", this post looks to have the most information.

Symantec says its "best security practice".



#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 05 January 2015 - 05:50 PM

maxknux, for what purpose exactly do you use this certificate?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 maxknux

maxknux
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockville, MD
  • Local time:02:01 AM

Posted 05 January 2015 - 07:50 PM

Hello People,

 

I posted that post like last year about what to choose for the CA. I decided to go with Comodo because it is free and the Common Name is my email instead of stupid phrase "persona not validated."

If I do need to validate my identify I would also get Global Sign Certificate.

 

I use these certificates for signing and encrypting my mail to certain people. I sometimes sign Office Documents to mark it as Final so I can keep track of the document is altered.  

 

Also I switched from yahoo mail to Outlook.com Mail because of it working nicely with Outlook Client and Windows Phone. I like that Active sync thing.


Edited by maxknux, 05 January 2015 - 09:14 PM.


#5 tairoylance112

tairoylance112

  • Banned
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 06 January 2015 - 12:44 AM

Configuring S/MIME in Office 365 is a slightly different procedure than configuring S/MIME on-premises. This blog is for people who want to move from on-premises to Exchange Online and want to continue to use S/MIME.



#6 maxknux

maxknux
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockville, MD
  • Local time:02:01 AM

Posted 06 January 2015 - 06:21 AM

Configuring S/MIME in Office 365 is a slightly different procedure than configuring S/MIME on-premises. This blog is for people who want to move from on-premises to Exchange Online and want to continue to use S/MIME.

Huh???????????????????????? - I did not mention Office 365 or talk about Exchange Online. I use my personal email from Outlook.com and using a certificate using a s/mime client like Outlook 2013 x64 bit.

This thread I started was people's suggestion on their favorite personal Certificate Authority (CA).

 

This topic should die since I started this topic like a year ago.



#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 06 January 2015 - 07:35 AM

I see it now, this old thread was bumped by a new user. Please ignore my question.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users