Client (Personal) Digital Certificates (S/MIME)
In the physical world, you protect your written correspondence by putting it in an envelope before mailing. In the online world, sending an email message is like sending a postcard: it is easily read as it travels across the Internet. One option for protecting your email messages is using a digital certificate. Most popular email clients allow you to sign and encrypt email messages with the click of a button. The University of Arizona now offers a digital certificate service for students, faculty, and staff who wish to digitally protect their email and documents.
What makes up a digital certificate?
The electronic information that comprises the digital certificate includes:
- A person's name
- An email address
- A serial number
- A public key
- An expiration date (certificates are valid for five years)
- A digital signature for documents
When you download a digital certificate, you will receive both public and private keys. The public keys are what you will use to sign and encrypt documents. The private keys will be stored on your computer. You should never share the private keys.
UA students, faculty, and staff
There is no cost for this service.
Why Use a Digital Certificate?
- Send signed email messages. This ensures the recipients that the message came from you and not someone pretending to be you. This is particularly important when sending out official university messages.
- Encrypt the contents of email messages and attachments, protecting them from being read by online intruders. Only your intended recipient can decrypt them.
- Encrypt files and folders on your computer. This is helpful for lost or stolen mobile devices and laptops as thieves would be unable to access any of the encrypted files or folders without your password.
- Streamline business processes by allowing people to use digital certificates to electronically sign documents or provide approvals.
About Using Digital Certificates
- You can only use your certificate with the email address used when the certificate was created. If your email address changes, you will need to get a new certificate.
- Encrypted email cannot be read with email clients that are not configured to use digital certificates.
- Decrypting and reading email encrypted with an older certificate requires that you have that older certificate on your email client.
- Digital certificates include both a public certificate and a private key.
- Sending encrypted mail requires that you have both the recipient's public certificate and your own private key.
- Decrypting and reading encrypted mail requires that you have both your own private key and the sender's public certificate.
- You should keep backups of your certificates.
If you lose your certificate/key pair, you will not be able to read email that was encrypted using your certificate. If you have lost your certificate/key and need to recover it, you may re-download it from Stache. If your private key has been compromised, you may revoke the certificate/key pair.
- Visit the Certificates site and log in with your UA NetID.
- Read the introductory text for any additional instructions, system messages regarding the service, etc.
- Click the Home link.
- Click the Request a new certificate button.
- Follow the directions on the page regarding entering your email address and requesting the certificate.
- When the certificate generation is complete, you will receive a link to take you to the Stache service (you will have to log in to Stache using your UA NetID again).
- Once in Stache, search for certificate from the search field to view your certificates. There you will see a listing of all digital certificates that you have requested.
- Click Download P12 and save the file to an easy to find location, such as your desktop or downloads folder. This P12 file contains your public and private keys.
- When importing the P12 file into your applications, Keychain, or Certificate Store, use the password that Stache generated for the P12 (available in the Password field). Instructions are available for importing your certificates for Firefox, Mac OS X, and Windows Certificate Store.
- After importing the P12 file into your system or application, we recommend deleting the P12 file. If you ever lose your certificates and need to recover them, they are always available in Stache.
Contact the 24/7 IT Support Center at (520) 626-TECH (8324)