Department of Information Technology
Department of Information Technology
Uppsala UniversityInformation TechnologySecure computer systemsFAQ
Listen

Frequently Asked Questions

Add questions (and answers) to this page! Sections are separated by "level 3" headers (in ===), questions are separated by "level 4" headers (in ====). See bottom of page for instructions.
Of course you're absolutely NOT allowed to ask/answer questions about assignments whose due date hasn't passed!

The answers were correct in the fall of 2004. If details are wrong, e.g. in new versions of Firefox/Thunderbird/Outlook, please correct them!

1. Course web pages

1.1. Why can't I log in to access the results web page?

Either

  1. you are not registered on the course, and thus not in the appropriate "security group", or
  2. the university LDAP server is down, or
  3. you have a protected email address on your UpUnet-S account:
    • write your userid as student:lila4711 (with your id for lila4711, of course)

1.2. How do I edit the FAQ or links pages?

Click "Edit this page" in the footer, log in with your name and UpUnet-S password, and write stuff! Please take the Wiki tour first, to learn the basics!

2. Certificates and secure email

2.1. Can't I order a certificate for Thunderbird?

No, but if you get a certificate for a web browser (Firefox should be equivalent to Netscape, for Thawte), you can export the certificate (including your private key) and then import it in Thunderbird.

2.2. How do I sign or encrypt an email?

Once you have installed your certificate in your email program (see below),

  • for Mozilla/Thunderbird:
    • while editing your email, under the "Security" button (use the dropdown menu), select "Digitally sign this message" and/or "Encrypt this message".
  • for KMail:
    • Make sure you have KGpg installed, use it to create your certificates. While composing, select "Sign message" and/or "Encrypt message".
  • for other email programs: fill in by editing this page, or send me stuff to put here.

2.3. Why does my email program complain that the recipient doesn't support encryption?

To send an encrypted message to someone, you need the recipient's certificate (with his/her public key).

2.4. How do I get someone else's certificate?

The easiest way is to receive a signed email from someone. The certificate is normally included in the email, and automatically saved by the email program.

2.5. Why does my signed email look like the signature is forged?

If your certificate is for "foba1234@student.uu.se", and you're using "foo.bar.1234@student.uu.se" as your "From" address, the certificate doesn't match the sender. You can get a new/additional certificate from Thawte after registering another email address. NEW: as far as I understand, when using UpUnet-S, a "from" address on the form "foba1234" is automatically translated to "foo.bar.1234" - so make sure the latter is in your cert.

2.6. Why are my signatures still not valid?

Some mail servers automatically translate between different encodings of e.g. åäö. If your signature was done using the "raw" characters "åäö", and the characters are later translated to "=E5=E4=F6", the hash value will of course change.

Solution: send your email using the "quoted-printable" encoding.

  • For Thunderbird:
    • "Tools"->"Options", "Composition" tab, under "Composing Messages", check the option about using the 'quoted printable' MIME encoding.
  • For Mozilla:
    • "Edit"->"Preferences", "Mail and Newsgroups" tab, "Composition" sub-tab, check the option about using the 'quoted printable' MIME encoding.
  • For Outlook [thanks to Dan Pettersson]:
    • "Verktyg" -> "Alternativ", select "Skicka" tab, heading "Format på e-postmeddelande"
    • Click "Inställningar för HTML" or "Inställning för oformaterad text" (depending on which alternative is selected)
    • Under the heading "Koda text med", select "Quoted Printable"
    • Click OK until finished.
    • (See also Microsoft solution. This link solves the problem for some (2002 and 2003) of the versions of Outlook. [Thanks to Mats Jakobsson])
  • For Outlook 2000 choose "Tools" - "Options" "Mail format" and "Settings", where the "MIME" radiobutton should be selected with "Encode text using:" Quoted Printable and no 8 bit characters in header. [Thanks to Sverker Nilsson]
  • For others: please let me know.

2.7. How do I get more certificates for my other email addresses?

If you have more than one email address, you don't need to register again with Thawte. You just need to register another email address. Surf to http://www.thawte.com/email/, log in, click "my emails" and "new email address". After a successful registration, you can get a new cert for the new address.

2.8. What is the "Master Password" I get asked about?

The Mozilla family of web browsers/email programs, i.e. Netscape, Mozilla, Firefox and Thunderbird, use a "master password" to protect saved userid/passwords from web pages, and also for protecting private certificates. You should set a good passphrase:

  • In Mozilla:
    • "Edit" -> "Preferences", select "Privacy & Security",
      1. Select "Master passwords", use "Set password" (and "Change password", "Reset password")
      2. Select "Passwords", check "Use encryption when storing sensitive data"
  • In Firefox:
    • "Edit" -> "Preferences", select "Advanced", "Certificates", "Manage security devices";
      • Select "Software Security Device", "Set password"
  • In Thunderbird:
    • "Tools" -> "Options...", select "Advanced", "Passwords and security", "Manage security devices"
      • Select "Software Security Device", "Set password"

2.9. For what purpose do I need a fingerprint beside the PGP keys and a identifying passphrase?

2.10. How do I import the certificate in my email program?

This depends very much on your email program, of course.

  • For Mozilla/Thunderbird, you will find "Manage Certificates" very close to the "Master passwords" or "Manage security devices" items (see above). Select this, and in the "Your certificates" tab, click "Import".
  • For Outlook etc, see these instructions, which should be applicable
  • For other programs: if you know, please edit this page to inform others, or send me instructions which I can add here.

2.11. How do I export the certificate from my web browser so I can import it in my mail program?

  • For Mozilla/Firefox, see above, but in the "Your certificates" tab, select the certificate and click "Backup". Make sure you use a good "certificate backup password".

2.12. In Linux, how do I extract the public key from my Thawte certificate to be able to publish it on my web page?

  • Export your certificate to a file, say foo.p12 (always protect it with a good passphrase, since it contains your private key)
  • To convert to PEM format without the private key, including certificate chain:
    openssl pkcs12 -nokeys -in foo.p12 > foo.pem
  • To convert to PEM format without the private key and only your certificate:
    openssl pkcs12 -nokeys -clcerts -in foo.p12 > foo.pem
  • To make a .p7c "Digital ID" file (DER encoded pkcs7, which seems useful to Windows users):
    openssl crl2pkcs7 -nocrl -certfile foo.pem -outform DER -out foo.p7c

NOTE that you can edit this page! Click "View this page" or "Edit this page", and log in using your name and UpUnet-S password. Please take the Wiki tour first!

You cannot log in:

Updated  2005-09-07 16:40:07 by Björn Victor.