We want to create a certificate for Mr. John Doe with an E-Mail Address john.doe@frank4dd.com, using the webcert application at http://webcert.fm4dd.com. Then we want to show how to import this certificate in Windows for use with Microsoft Outlook Express.

Generating a S/MIME Certificate with WebCert

  1. We are filling out the Certificate Request form, setting the username and e-mail address.


  2. The Certificate Request is generated, we verify the subject information, set the E-Mail encryption usage and enter the e-mail address again. Finally, we copy the private key data (Windows: CTRL+C) and hit [Sign Request].


  3. The Certificate has been generated. We click on [Export P12] to generate a PKCS12 certificate bundle.


  4. In the PKCS12 certificate bundle generation request, we paste the private key data (Windows: CTRL+V). We also set the passphrase to protect the PKCS12 file content.


  5. The PKCS12 file has been generated and the file can be downloaded and locally saved.




Importing the S/MIME Certificate

  1. Start the certificate import by double-click on the file icon.








  2. We can verify the certificate import through Microsofts Internet Explorer.





  3. We can verify the CA certificate has been imported as well.



Enable the S/MIME Certificate in Microsoft Outlook Express

  1. In Microsoft Outlooks Account Properties, we can now select the new certificate for use with Outlook.



  2. Use the new certificate, i.e. try sending a signed message to yourself.


  3. When using certificates generated by selfsigned CA certificates, the remote recipients E-Mail client will complain that the presented sender certificate cannot be verified and is therefore untrusted. The simplest way to overcome is to send the recipient WebCerts Root CA certificate (in DER format) and ask him to import it. This will place it into his store of trusted CA certificates and enables certificate verification of WebCert generated certificates.