Step One: Creating a Digital ID - Requesting a Public Certificate
First, you need to obtain your own certificate so that others will be able to verify your signature when you send digitally signed messages, as well as to encrypt data for you when they want to send you encrypted messages. There are many publicly available companies whose root certificates come shipped with Windows and MacOS X. Below are several options you can consider. Also keep in mind that there is nothing preventing you from obtaining a certificate for the same email account from all of the choices below, in addition to other sites as well. The choices are not mutually exclusive, however to keep sane, you'll probably want to pick just one or two authorities and stick with them:
Options
- Verisign: Verisign will give you one free certificate that is good for 60 days, after which time you must pay to renew. The cost is $14.95 for one year. Click on the "Buy Now" link, and choose the free 60-day trial option.
- Thawte: Click on "Act Now" at bottom of page. Thawte was bought out by Verisign, but is still maintained under its own brand name as a separate authority. This one offers (from all signs) no-strings-attached free certificates. Instant SSL click here:
- Your own CA: If you have your own source for a personal certificate (such as through your company), you can import the private key and certificate into your personal keychain using the MS Cert Manager. As noted before, if your CA isn't a publicly recognized authority (i.e.: come shipped with Mac OS X), you and your contacts will have to import the root into the System keychain.
Pro & Cons...compare Verisign, Thawte and Instant SSL
Request Certificate
Follow the instructions on each particular web site for obtaining your personal certificate. Here are your main browser options for requesting a certificate:
Apple's Safari (recommended) - Pros: One-stop solution. You can request and receive/install your certificate all from your Mac. No need to use Windows, or to manually import/export to/from your keychain. There's a link at the end of the next section that will guide you, step-by-step, in getting a certificate from Thawte using Safari. Cons: By default, your private key is not exportable. This means you will need to make a backup copy of your private key and certificate from your keychain if you ever plan on changing machines, or wiping/reformatting your OS X drive.
Mozilla - Pros: By default, when you import your certificate and private key into the keychain, it won't be marked as non-exportable. This makes it much easier to backup your digital identity using the Microsoft Cert Manager. Cons: You need to use a third-party browser that you may not already have on your system. Also, since Mozilla doesn't rely on the OS keychain, you'll need to go through the additional step of exporting the digital identity from Mozilla's certificate store before you can import it into the OS keychain.
Windows IE - Pros: Same as for Mozilla. Cons: Same as for Mozilla. Additionally, this is on another platform, so you must have access to a Windows machine.
Obtain Thawte Certificate
Because of the pervasiveness and zero cost of Thawte certificates, it is often a popular choice. For a step-by-step example of requesting, retrieving, and exporting a digital ID obtained from Thawte using: