Personal Certificates
Why
do I receive the error: "The message could not be sent. An error has
occurred" When sending digitally-signed mail in Microsoft Outlook Express?
When
I request a certificate for Lotus Notes, the system tells me I am not running
Lotus Notes.
Can
I use one certificate for multiple email addresses?
There
is an S/MIME .p7m attachment to my email, what is it?
After
installing the certificate I get an 'Expired Certificate' message.
How
do I send encrypted email?
When
I try to download my Digital ID I receive the message "private key not
found".
Can
I send secure E-mail to someone who does not have a Digital ID?
What
E-mail applications support Class 1 Digital ID's?
Why
should I save a backup copy of my Digital ID?
How
do I save a backup copy of my Digital ID? (Netscape)
How
do I transfer my Digital ID on a new computer? (Netscape)
How
do I save a backup copy of my Digital ID? (Microsoft Internet Explorer)
How
do I transfer my Digital ID to a new computer? (Microsoft Internet Explorer)
How
many E-mails accounts are supported by my Class 1 ID?
How
can I verify that my enrollment has been accepted? What is the status of my
order?
How
do I renew my Digital ID?
How
do I revoke my Digital ID?
How
will I know when I need to renew my Digital ID?
Why
would I need to revoke my Digital ID before it expires?
Can
somebody else revoke my Digital ID without my knowledge or permission?
I
revoked my Digital ID. Why does it still show up in the Digital ID Center's
online directory?
Upon
sending an encrypted message, I receive the following "Non-Secure
Recipients" message:"None of the recipients can process an encrypted
message. You can either proceed with an unencrypted message or cancel the
operation."
-----------------
Why
do I receive the error: "The message could not be sent. An error has
occurred" When sending digitally-signed mail in Microsoft Outlook Express?
This
behavior can occur if you click Cancel at the Windows Log On. Outlook Express
is unable to locate your personal certificate information and will therefore be
unable to send digitally-signed messages or decrypt messages received.
This
behavior can also occur if the username.pwl file is corrupt, missing, or
renamed.
RESOLUTION
To
resolve this issue, when you are prompted for user name and password, enter the
correct information and press OK.
You
should export the Personal Certificate before renaming or deleting the
username.pwl file, and then import the certificate after creating a new .pwl
file. If you are unable to export the certificate, you need to obtain another
personal certificate. Microsoft article
http://support.microsoft.com/support/kb/articles/Q190/2/96.ASP
-----------------
When
I request a certificate for Lotus Notes, the system tells me I am not running
Lotus Notes.
This
error may occur even when you think you are running Lotus Notes as your
browser. You have to make sure that you are actually running the internal Lotus
Notes browser.
To
make Notes your default web browser:
Choose
File - Preferences - User Preferences
Under
Advanced options, select "Make Notes my default browser".
Choose
File - Preferences - Location Preferences
Select
the Internet Browser tab
Choose
"Notes" from the list of Internet browser options at the down arrow
Restart
Notes
-----------------
Can
I use one certificate for multiple email addresses?
No
you cannot. At this stage, we can issue them, but they will not be recognized
by most email software. So you should request a certificate for each email
address separately. You can have multiple E-mail addresses attached to an
account, but when you request each certificate you will be asked which E-mail
address you want the certificate attached to.
-----------------
There
is an S/MIME .p7m attachment to my email, what is it?
S/MIME
is the secure email protocol, and .p7 is a digital signature file. If this is
received as an attachment, or text block, then you are using a mail client
which is not S/MIME compatible, and will not be able to use the attached
certificate.
-----------------
After
installing the certificate I get an 'Expired Certificate' message.
This
could happen because your certificate has been issued in our time zone and has
not become valid yet. All you need to do then is wait a while or turn your
clock forward. Another possible cause is that our CA root in your browser is
old and needs to be updated.
-----------------
How
do I send encrypted email?
As
soon as two people want to send encrypted mail to each other, both need a
certificate. In order to get the other persons public key, simply ask him to
send you a signed email. The public key will automatically be sent with the
E-mail and installed in your browser. When you want to send encrypted email,
select this option in your mail program, and the public key (certificate)
matching the email address, will be used to encrypt the message. When it is
received, that person must use their private key (usually protected with a
password) to decrypt it. The private key is stored locally on your machine, and
if you lose this, you will not be able to read encrypted mail.
-----------------
When
I try to download my Digital ID I receive the message "private key not
found".
When
you retrieve your Digital ID, we automatically check to make sure that the
private key created in your hard drive during enrollment matches the public key
in your Digital ID. In order for these to match, you must be using the same web
browser, in the same directory, on the same computer as you were when you
requested the Digital ID.
-----------------
Can
I send secure E-mail to someone who does not have a Digital ID?
No,
you cannot encrypt a message, however, unless you have the recipient's Digital
ID. You can, however,digitally sign any E-mail as long as the recipient has an
E-mail application which supports S/MIME.
-----------------
What
E-mail applications support Class 1 Digital ID's?
The
following E-mail programs support Verisign Class 1 ID's:
Outlook
Express
Outlook
98
Outlook
2000
Netscape
Messenger
Deming
Frontier
PrE-mail
Opensoft
Connectsoft
and Lotus Notes version R5.
Outlook
98, Outlook 2000 and Outlook Express will work when the IE browser is installed
on a PC. IE browsers need to be version 4.0 or greater.
Netscape
Messenger works when Netscape browsers are installed on a PC or MAC.
Netscape
browsers need to be version 4.06 or greater.
Note:
Eudora is no longer supported due to Tumbleweed discontinuing their "World
Secure" plug-in, which was needed to work with the Verisign ID's. Outlook
97and any web based E-mail programs will not work as they do not support S/MIME
protocol.
Web-based
email programs do not support S/MIME protocol and will not work with our IDs
-----------------
Why
should I save a backup copy of my Digital ID?
In
case your hard drive crashes or your Digital ID files are accidentally deleted.
If you store a backup copy of your Digital ID on a floppy disk in a secure
place, then you will always be able to re-install your Digital ID. If you lose
your Digital ID and it is not backed-up, then you will lose any messages that
have been encrypted for you.
-----------------
How
do I save a backup copy of my Digital ID? (Netscape)
Click
on the security icon (the one that looks like a padlock) from the main toolbar.
Click
on "Yours" under "Certificates" from the menu on the left.
Highlight
the Digital ID you want to save, then click the Export button.
Choose
a transport password, which you will be required to present when importing
(re-opening) your Digital ID, then click OK.
Select
a location (such as your floppy disk) and file name in which to save your
Digital ID, then click Save.
Save
your floppy disk and your transport password in a safe location.
-----------------
How
do I transfer my Digital ID on a new computer? (Netscape)
The
first step for transporting your Digital ID is to save ("export") it
from the hard drive of the computer where it is currently held onto a floppy
disk or other transport medium. When your Digital ID has been successfully
exported, you can then import it into the new location.
To
import your Digital ID into Netscape:
Click
on the security icon (the one that looks like a padlock) from the main toolbar.
Click
on "Yours" under "Certificates" from the menu on the left.
Click
the Import Certificate button located near the bottom of the page.
If
prompted, enter the password used to protect your Digital ID (this is NOT the
transport password, but the security password you use each time you present
your Digital ID). You may be prompted to enter this password multiple times
before it takes.
Locate
your Digital ID from the disk and folder in which it is saved (it should have a
.pfx or .p12 extension). Once you have found it, highlight it and click Open.
Enter
your transport password and click OK. (If your Digital ID shows up as a long
series or numbers or letters, it should still work correctly.)
-----------------
How
do I save a backup copy of my Digital ID? (Microsoft Internet Explorer)
From
the View menu of Explorer, choose "Internet Options..."
Select
the Content tab.
Select
Personal from the Certificates list.
Highlight
the Digital ID you wish to save, then click the Export button.
Choose
a password and a file name for your Digital ID. This new password protects this
specific copy of your Digital ID--you will be required to present it when you
want to import or open this copy of your digital certificate. Be sure to
include a disk and folder location in the file name, such as a: if you want to
save to a floppy disk. Click OK.
If
prompted, enter the security password you have always used to protect your
Digital ID. You may be prompted to enter this password multiple times (possibly
as many as 20) before it takes. Save your floppy disk and your transport
password in a safe location.
-----------------
How
do I transfer my Digital ID to a new computer? (Microsoft Internet Explorer)
The
first step for transporting your Digital ID is to save ("export") it
from the hard drive of the computer where it is currently held onto a floppy
disk or other transport medium. When your Digital ID has been successfully
exported, you can then import it into the new location.
To
import your Digital ID into Internet Explorer:
From
the View menu of Explorer, choose "Internet Options..."
Select
the Content tab.
Select
Personal from the Certificates list.
Click
the Import button.
Locate
your Digital ID from the disk and folder in which it is saved (it should have a
.pfx or .p12 extension). Once you have found it, highlight it and click Open.
If
prompted, enter the security password used to protect your Digital ID (this is
NOT the transport password, but the security password you use each time you
present your Digital ID). You may be prompted to enter this password multiple
times (possibly as many as 20) before it takes.
Enter
your transport password and click OK.
-----------------
How
many E-mails accounts are supported by my Class 1 ID?
Your
Class 1 Digital ID applies to the E-mail address that you indicate during the
enrollment process. If you have multiple E-mail addresses you will need
multiple Class 1 ID's. A Digital ID applies to only one E-mail address
-----------------
How
can I verify that my enrollment has been accepted? What is the status of my
order?
You
can lookup order status of your Class 1 Digital ID by going to:
https://digitalid.verisign.com/services/client/index.html
You
will be able to do a search for your ID by entering your E-mail address for
which you ordered your ID.
-----------------
How
do I renew my Digital ID?
Go
to the Digital ID Center and click on the Renew button. You will need your
challenge phrase, which you entered during enrollment. The renewed Digital ID
will contain the exact same information as your old Digital ID. If you do not
remember the challenge phrase you will have to enroll for a new Digital ID.
Note:
Be aware that the challenge phrase is case-sensitive and must be entered
exactly the way you created it during initial enrollment. For your protection,
VeriSign does not have access to your password.
Renewals
for Class 1 Digital IDs cost $14.95. Trial IDs cannot be renewed.
Follow
the steps below to renew the Digital ID:
Find
your Digital ID (click on the Renew link above)
Verify
it is the correct Digital ID, click the renew button
Enter
the challenge phrase
Verify
the information in the enrollment form, and click submit
Follow
the instructions for picking up and installing the Digital ID
-----------------
How
do I revoke my Digital ID?
Go
to the Digital ID Center and click on the Revoke button. You will need your
challenge phrase, which you entered during enrollment.
Note:
Be aware that the challenge phrase is case-sensitive and must be entered
exactly the way you created it during initial enrollment. For your protection,
VeriSign does not have access to your password.
We
do not issue refunds for revoked IDs, but Class 1 Digital IDs cane be replaced
for free. Trial IDs cannot be revoked.
Follow
the steps below to revoke the Digital ID:
Find
you Digital ID (click on the Revoke link above)
Verify
it is the correct Digital ID, click the revoke button
Enter
the challenge phrase
-----------------
How
will I know when I need to renew my Digital ID?
Digital
IDs are valid for one year from the time you install it. To check the exact
date that yours expires, go to the Digital ID Center and click on Find Cert.
This will allow you to search the online directory of Digital IDs
-----------------
Why
would I need to revoke my Digital ID before it expires?
You
would need to revoke your Digital ID if its security became compromised or if
you lost the ability to use it and wanted a replacement. For example, if
somebody stole your computer with your private key file and you had not
protected this file with a password, that person could read your encrypted
messages and impersonate you on the Internet. You would want to revoke (cancel)
your Digital ID so that we would no longer vouch for the holder of that Digital
ID. Alternatively, if your hard drive crashed and you lost your private key
file, you would be unable to use your digital certificate. In this case you
would want to revoke the Digital ID so that you could get a new key pair and a
replacement Digital ID.
-----------------
Can
somebody else revoke my Digital ID without my knowledge or permission?
No.
When you enrolled for your Digital ID you chose a "challenge phrase"
which only you should know. To change the status of your Digital ID in any way
you have to present this phrase.
-----------------
I
revoked my Digital ID. Why does it still show up in the Digital ID Center's
online directory?
As
a Certification Authority, we must maintain records on the current status of
all Digital IDs issued in the past five years, and we must make this
information available to the public. This protects you, and any party trusting
your digital certificate, against misuse of a compromised or expired Digital
ID. Your Digital ID should now appear in the directory as "status:
revoked," allowing anyone who might have used your Digital ID to see that
your identity can no longer be verified.
-----------------
Upon
sending an encrypted message, I receive the following "Non-Secure
Recipients" message:
"None
of the recipients can process an encrypted message. You can either proceed with
an unencrypted message or cancel the operation."
This
message is displayed because the recipient email address entered, originated
from the Global Address List or other non-contact address source. You must use
the contact record that contains the recipient's digital ID to address the
message.
-----------------