Why Can Only Certain Browsers Generate Automatic Keypairs?

In the world of PKI and SSL some certificate authorities use browsers such as Internet Explorer or Firefox to automatically generate keypairs to be used with Email-S/MIME Code Signing or Client Authentication Certificates. Not all Browsers have the capability to generate these keypairs due to licensing restrictions of the <keygen> and ActiveX controls that perform keypair creation in conjunction with operating systems restrictions.  <keygen> The HTML <keygen> is a licensed element used to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. Firefox is able to utilize the <keygen> and generate automatic keypairs because Firefox uses its own Keystores that do […]

Read More

Authentication/Orders Support: Domain Pre-Validation – Email Validation

Instructions for authorizing a domain using Email Validation: Before a Certificate Authority (CA) such as Digicert, Entrust, etc..  can issue a certificate, you must prove control over the domains and any SANs (Subject Alternative Names) on the order. We refer to this process as the Domain Control Validation (DCV) process, and it is the most common method of validation. How to Use Email as the DCV Method for a Domain? This will vary between the certificate authorities, but for the most part. The certificate authority will send an authorization email to the registered owners of the domains listed. They can also send the authorization email to the admin, administrator, webmaster, hostmaster, and postmaster accounts for each public domain. You must […]

Read More

Troubleshooting: Exchange – Unable to open OWA, ECP, or EMS after a self-signed certificate is removed from the Exchange Back End Website

Consider the following scenario when you are using Microsoft Exchange Server 2013 or Microsoft Exchange Server 2016: You remove the Microsoft Exchange Self-Signed certificate from the Exchange Back End Website by using Certificates MMC, Remove-Exchangecertificate, IIS Manager or another method. You clear the IIS cache by restart or IISReset. You are installing a new SSL Certificate to your Exchange system. In this scenario, several client protocols such as ECP, OWA, ActiveSync and Exchange Management Shell cannot connect. The following issues may occur: OWA and ECP display a blank page. ActiveSync users cannot receive emails. Exchange Management Shell will cannot connect and displays the following Error: New-PSSession : [dc.local.mcrlegal.com] Processing data from remote server dc.local.mcrlegal.com failed with the following error message: […]

Read More

How To Import A Digital ID, Email, or Code Signing Certificate Into A Windows System?

Digital signatures identify/authenticate you as the document signer and allow document recipients to verify that no one has modified the contents of the document since you signed it. Signing, Encrypting and reading will vary depending on the applications that are involved. A Digital ID certificate is required to create a digital signature. The most secure Digital ID are issued by a trusted Certificate Authority. Some of these Digital ID’s are on tokens and other are files that are imported into trust stores on your system or application. On Windows operating systems the majority of these applications refer to the User trust stores. Note: Majority of the time Firefox is used to generate Digital ID Certificates Firefox, but Firefox does not […]

Read More

Digitally Signing and Encrypting Email Messages – Mozilla Thunderbird.

Digital signatures identify/authenticate you as the document signer and allow document recipients to verify that no one has modified the contents of the document since you signed it. Signing, Encrypting and reading will vary depending on the applications that are involved. Mozilla Thunderbird works differently than other email applications. Keep in mind the following.. In order to encrypt a message in you must also have a copy of that recipients email certificate. You will not be able to encrypt a message sent to your recipient until they send you a signed email with one of their own first. Thunderbird will automatically store the certificates it receives from Digitally Signed/Encrypted Emails. You will need to have your Email certificate imported into […]

Read More

How To Import Email (S/MIME) Certificate – Mozilla Thunderbird?

Before following these instructions, please make sure that you have a copy of your Client (S/MIME) Email Certificate in a PFX/P12 (PKCS#12) format. Typically this file will have a .p12 or .pfx extension consisting of both your public and private keys. When exporting your Client/Email Certificate from wherever it resides there may be a option to export the private key. This option will give you your pfx file. Some applications by default will automatically include the private key  thus giving you a pfx file. Note: These instructions are based on a Windows Operating System. Locations of the options presented below may vary in other operating systems. Step 1: Importing your Email Certificate into Thunderbird: Open Thunderbird. Click on the menu […]

Read More

How To Export A Certificate From Firefox.

Depending on the circumstance you may need to export a certificate that has been installed in your browser. Code Signing and Mail Signing certificates purchased from a Certificate Authority (CA) usually use browsers to generate the keypair and install the certificate on the browser. After which you can then export the certificate, and distribute it to whoever or apply it to your signing application that requires it. We will assume that you have successful installed/picked-up or already have a certificate in your Firefox browser. To export/backup your certificate from your Firefox browser perform the following. Step 1:  Exporting your certificate from Firefox: In the upper right of your Firefox browser click  Click Options. In the left pain click Advanced. Under Advanced click […]

Read More