Problem receive email cert

Digital Certificates Email Certificate
#1

I have problem retrieve email cert. I’ve got the email, after click the button it brings to IE and has the warning. After click yes the page shows that it already been installed, however, I cannot see my certificate listed in IE personal certificate tab.

I’m planning to use this certificate with Thunderbird. Below is my system
WinXP SP2, IE7, Thunderbird, NOD32

Regards,
Kanok

#2

One more addition. I request the certificate using office PC but I try to retrieve it at home PC. Is that going to be a problem? If in this case, how can I revoke the previous and request a new certificate?

Regards,
Kanok

#3

Hi,

You must apply and collect the certificate using the same PC.

Once you have collected it using the same PC you can then export/import it to other PCs.

Please visit the knowledgebase at http://support.comodo.com for details.

Garry

#4

Garry,

Forgive me for elaborating, but I found the KB a bit tough to swallow at times, and I’m no chicken!

Here’s the scoop:
(I’m documenting this on an XP, Service Pack-2 system running IE 6.n)

  1. Launch IE. (you don’t care where it ends up)

  2. Go to the tool-bar, and select “Tools”, then “Internet Options”

  3. On the “Internet Options” property dialog that appears, select the “Content” tab.

  4. About half-way down is a series of three buttons, the center one is labeled “Certificates” - Select “Certificates”

  5. A new window will open, showing several tabs, the “Personal” tab should be open, and should show one certificate (unless you have more than one!)

  6. The certificate should be issued to the name you entered when you requested the certificate, and (at least in my case), the “Issued By” will read something like “UTN-USERFirst-Client…”

  7. Select this certificate by clicking on it. Note that the “export” button below becomes active.

  8. Click “Export”

  9. This will bring you to the “Certificate Export Wizard” where you can begin the export process.

  10. Selecting “Next” brings you to a screen that asks if you want to export the “private” key - the “default” is “no”, change it to “yes”.
    (If you ever want to receive an encrypted e-mail from someone - a process outside the scope of this posting - you will need your private key.)

Note that when you ask to export the private key, it will inform you that you must protect it with a password. Choose a reasonably strong password that you can remember easily, and that no one else can guess. (again, a topic outside the scope of this post)

  1. The next page asks what format you want to export into. On my machine, it defaults to PKCS #12 (pfx) format. If it defaults to PKCS #12 for you, fine. If not, change it to PKCS #12.
    (PKCS #12 is a format that is readable by just about every mail client on the planet - and maybe off the planet too… ;D )

You should also select the top check-box - export all certificates in the path, if possible.

WARNING: Do NOT select "delete private key if export is successful!

  1. Proceed through the succeeding pages, where it will ask you for a password to protect the private key with, and then a name and place to put it.
    (I named mine “Comodo e-mail certificate.pfx”, and placed it in the root of my C: drive.)

  2. Once you complete these steps, you should see a dialog “Export successful!”

After all this is done, if you go to your C:\ drive, (or wherever you put it), you should see a file with an icon that looks like a (you guessed it!) certificate! That’s the exported cert.

With this certificate exported like this, you can now import it into whatever mail client you want to use it with. After doing that, you must go to your mail client’s “security settings” and tell it to digitally sign e-mails.

Note: The whys and wherefores of importing a certificate and selecting the appropriate security options, are also outside the scope of this post - and the process can vary over wide limits depending on the client(s) used.

EXTREMELY IMPORTANT

After exporting the certificate, PLEASE copy it to someplace safe - preferably somewhere off your hard drive! This is important, because if you loose the certificate, there may not be an easy way to replace it before it expires. With the certificate stored elsewhere - even if your machine dies in a blaze of flaming glory - or you just accidentally delete it - you can always recover it.

Also, you will need the exported certificate file if you ever decide to change e-mail clients.
(i.e. You get disgusted with Outlook Express, and decide to go to Thunderbird!)

Sorry for the long and rambling post.

Jim

#5

Below (after the “***”) is the copy of my last e-mail to support@comodo.com regaring a free e-mail certificate.

It’s a DNS MX problem from comodogroup.com’s SMTP server’s side, but no matter how deep my explanations go, it’s definitely unresolved.

I KNOW that it’s a free service, I KNOW that I’ve found in COMODO the best-in-class goodwilled free stuff around (like COMODO Firewall 2.4), and I KNOW comodo offers well-above-average support.

But the support for digital certificates simply doesn’t cut, and maybe this extends to the paid part of the business. I’ve seen some people complain like hell here about getting their certificates, so mine isn’t an isolated problem. The difference is that my approach is taken towards counseling, instead that one of flaming.

I’ve been in the IT business for 25 years, with focus in telecommunications and networking, and I’ve only seen that kind of support (well-timed response but useless) I got from COMODO’s free-certificate services in SYMANTEC and other poorly driven but status-quo companies, which is a sorrow realization. Still, thank God it’s not like LOGITECH.

IT support is going down to wreckage in 3 years, worldwide. The “cheapest-possible approach” in IT support, that hire people worldwide for the faintest available fees is the main culprit. IT staff from India, China and wherever else are like anyone else: they are struggling to do their best and to keep their families, their customers, etc, EVERYONE ELSE satisfied, but themselves.

The difference between this 42-old guy and those 23-year-olders (in average) is that I had the chance to get very good training and freedom of action when it was my time. Not anymore.

God save ourselves in 2010.

Unfortunately, incapacity/unwilling to read previously sent information and re-stating ruled-out stuff (like my ISP blocking messages, which is completely unjustified, the problem is that comodogroup.com’s SMTP can’t find UNINET.COM.BR’s DNS MX entry and therefore can’t send me e-mail - while comodo.com CAN) has closed this case, which remains unresolved.

So much for globalization.

----- Original Message -----
De: “Comodo Support” support@comodo.com
Para: cfjs1966@uninet.com.br
Assunto: [SUPPORT #RPE-251862]: Free E-mail certificate not sent
Data: Mon, 02 Jul 2007 22:24:58 +0100

Hi Carlos,

The issuance email is an automated process.I suspect that
you isp is blocking automated messages.Status of your
email certificate is revoked.I kindly request you to apply
a new email cert in the following link.
http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

Note: Please use IE 5.5 or above to apply and collect the
certificate, and use the same system to apply and collect
the certificate.

If still the problem persist, please let us know so that
we can escalate this issue and get it resolved. Regards
Stewart
Technical Support

Ticket Details

Ticket ID: RPE-251862
Department: Certificates
Priority: Default

#6

Hi,

I have checked this with our sysadmin.
He has checked out the MX records, DNS etc for comodo.com and comodogroup.com and there are no differences.
The outgoing email goes from the same machine for both comodo.com and comodogroup.com when it comes to sending you details of collecting the email certificate, or sending replies to support requests.

We send out thousands of emails each day, worldwide, and do not have anyone else seeing this issue, except Verizon customers where Verizon are blocking email from any origin that is not USA.

So, from what our sysadmin has investigated, there is no issue on the Comodo side.

Garry

FYI, the original email we received on this stated:
‘It looks like my ISP was filtering *@comodogroup.com without my knowledge’.
BTW, thanks for your responsiveness (at 3:00AM!), especially when considering it’s a service I’m not paying for.

#7

Hi!
I not get e-mail, and not possible get new sertificate from http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

error>

A Secure Email Certificate has already been issued for this Email Address!

How to resolve this problem?

#8

Hi,

You will need to contact support to get the original certificate application revoked.

Garry