How to Configure Windows Live Mail to Use a digital email Certificate

This article explains the process for configuring your Windows Live Mail client to use your Digital email certificate to digitally sign outgoing emails.

In order for this to work, the email address that you want to digitally sign with must match exactly with the email address that has been included in the email. If these email addresses do not match, the system will allow the certificate to be installed.

To help you out with this document, all of the steps you will need to follow have been outlined with a red box.

1. To begin, you must open the Properties menu on the account or email address that you want to digitally sign. You can do this by right-clicking on your email account. In the example below, we will configure our "Bluewin (dominic.dreyer)" account.

2.After you right-click on the account, a drop down menu will appear. Select the Properties option at the bottom of this menu as seen below.

3.The account Properties window will appear. Select the Security tab at the top.

4.In the Signing certificate section of the Security tab, click on the Select button next to the Certificate field.

5. A small Windows Security window will appear. Select your digital ID (Authentication) certificate in that window. Once the certificate has been highlighted, click on the OK button.

Note: If no certificates appear in the window, there may be something either wrong with the connection to your smartcard/usb token, or the email in the digital Id does not match the account email address that you are trying to configure.

6. You should see that the name of the certificate in the previous step has been applied to the Certificate field. After you have verified this, click on the Apply button and then exit the account Properties with the OK button.


You have successfully applied the certificate to Windows Live Mail.

Signing the file using Signtool

Signing the file using Signtool
Note: To sign your sign your code there are lot of GUI mode and text mode tools are available, let us sign our file by using the text mode tool "Signtool" which is distributed freely by Microsoft.

You can download and install the Microsoft SDK which contains the Signtool.exe utility from Here.

Click Here for information on using Microsoft Signtool.exe.

• Install the Microsoft SDK and Open the “CMD Shell”.

• Change to the “bin” directory where the “Signtool.exe” file is located.

• Let us take an example of unsigned file “putty.exe”for our signing purpose, the unsigned “putty.exe” file will appear as below.

• We need the “PFX” file and corresponding password to sign the file, if you are not mentioning the “/p” option that takes the PFX File Password as an argument then the Signtool will return an error as below.
  
  Note: The “/f” option takes the PFX file/path as an argument.

• The “/p” option with a PFX file password and successful signing will appear as below.

• The “putty.exe” file after successful signing will appear as below.

• We signed the “putty.exe” file in the above example without the “Timestamp” option, so the properties window of the signed file which is not timestamped will appear as below.
  
  Right click on the “putty.exe” file-->Select “Properties”--> Select “Digital Signature” tab.

• Click on “Details” button for more details.

• Let us sign the file with the timestamp option “/t” which takes the URL of the timestamping server as as argument. Our timestamping server URL is “http://timestamp.comodoca.com/authenticode”.
  
  The successful signing with timestamp option will appear as below.

Note : If you use signcode, you can use this command:

"C:\Program Files\X2Net SignCode\x2netsigncode.exe" -spc "codesigntest.spc" -v "codesigntest.pvk" -pw "comodo" -i www.domainname.com -n "Company Name" -t http://timestamp.comodoca.com/authenticode "putty.exe"

• The resulting properties window of the signed file which is timestamped will appear as below.

• Click on “Details” button for more details.

Convert your .PFX (p12) certificate to a .pvk + .spc combination.

Install OpenSSL.

1) Extract your private key from the PFX file.

->openssl pkcs12 -in (pfx-file) -nocerts -nodes -out (pem-key-file)

The PFX password will be asked.



Download the PVK transform utility.

-> pvk -in(pem-key-file) -topvk -out (pvk-file)



2)Extract your certificates from the PFX file.

-> openssl pkcs12 -in (pfx-file) -nokeys -out (pem-certs-file).

The PFX password will be asked.



Transform your PEM file to a SPC file.

-> openssl crl2pkcs7 -nocrl -certfile (pem-certs-file) -outform DER -out (spc-file)



Below is the screenshot of all the files involved in the above process.

Placing and collecting code signing certificate

Procedure for applying and collecting Code Signing certificate
आवेदन कोड और प्रमाण पत्र पर हस्ताक्षर एकत्र करने के लिए प्रक्रिया

NOTE:1.Use the same system/browser/user profile to apply and collect the certificate.
2.Make sure browser your are using is set as default browser.
3.Turn off Pop up blocker
4. And also Activex should be enable
(Open IE --> Tools menu --> Internet Options --> Security tab --> Custom Level --> Scroll down to the Scripting section --> click "Enable" under "Active scripting and Scripting of Java applets" --> OK--> OK)

STEP 1

• Click here to make an IE as a default browser.
  

STEP 2

• Go to the Code Signing order page, select the year and "BUY NOW".

STEP 3

• If you are an existing customer,then please enter your Username and Password at the top right corner of the page before continuing the order.

• After login the resulting page will appear as below.

STEP 4

• Under "Advanced Private Key Options" please select the below options
  
  CSP : Microsoft Enhanced Cryptographic Provider v.1.0
  Key File name : In the CSP
  Key Size : 2048
  Exportable? : Check
  USer Protected? : UnCheck

Note:

If you select "In the CSP" option, then the certificate will be stored in the browser's Certificate Store.
You will get an option of where the certificate will be installed only in IE.
In Firefox the certificate will be automatically installed in the Firefox certificate Store.
If you select "In the File" option, then the .spc and .pvk files are stored in a C: drive.
The selection of "In the CSP" or "In the File" will depend on the need of signing software.

STEP 5

• Click Agree

STEP 6

• Next page is the Payment page contains your Order Number at the top then Fill all the required details and Make Payment.

STEP 7

• You will receive a mail from COMODO as below.

Your Code Signing Certificate is ready!
Dear Prabhakaran A,
Thank you for placing your order. The necessary background checks have been successfully completed and we are pleased to announce that your Code Signing Certificate has been issued.
To collect your Code Signing Certificate, please click here
Your Collection Code is: P6gvWo0kX7620uRY
Should you have any questions or issues you would like to discuss, please do not hesitate to contact us.

Kind Regards,

Comodo Security Services
Support Telephone: +1.703.581.6361
Support Website: http://support.comodo.com
Validation Docs Fax: US and Canada +1.866.831.5837 / Worldwide +1.801.303.9291

We now operate a registration-based system for support.
Please submit your ticket at the support website.
Please do not reply to this email as this email address is not monitored.

Comodo CA Limited - US Office
525 Washington Blvd.
Jersey City, NJ 07310-1600

Comodo CA Limited - European Office
26 Office Village,
Exchange Quay, Trafford Road,
Salford, Manchester M5 3EQ,
United Kingdom
Comodo offers essential infrastructure to enable e-merchants, and other Internet-connected companies, software providers, and individual consumers to interact and conduct business via the Internet safely and securely. Our PKI solutions, including SSL Certificates, EV SSL Certificates, Code Signing Certificates as well as Secure E-Mail Certificates, increase consumer trust in transacting business online, secure information through strong SSL encryption, and satisfy many industry best practices or security compliance requirements.

STEP 8

• Collect your Code signing certificate from the same machine where you applied using IE browser.
  
  Note: You will not be able to install the Code Signing Certificate to different machine, unless the private key has been backed up successfully.

• When collecting your certificate a Popup alert "Potential Scripting Violation" occurs, Please Click "Yes" and proceed further.

STEP 9

• Now your Code Signing certificate is successfully collected in your browser's Certificate Store.

STEP 10

• To view the certificate in Certificate Store;
  Open IE => Tools=> Internet Options=>Content => Certificates =>Personal.

STEP 11

• To export the certificate as a .pfx file:
  
  On the Personal Certificates tab, select the certificate to export and Select Export

• When requested, select "Yes, export the private key".
  NOTE: the default is set to No, so will need changing.

• Uncheck all the check boxes.

• Protect your private key by giving a password.
  Note: Please remember this password, you need to give this password when you import your certificate.

• Then select the location to save the file and give the file name with an extension of ".pfx (Personal Information Exchange)".

• Click "Next".Once finished the file and associated private key is saved as a PFX file.