This how-to will walk you through ordering, submitting validation requirements, generating, and installing an Individual Validation (IV) S/MIME certificate from SSL.com. This affordable certificate offers S/MIME email protection, identity validation and client authentication, and is a great way to prevent phishing while also providing a secure authentication factor for company web portals and other applications.
Ordering
- Go to the product page for IV S/MIME certificate and click the Buy Now button.
- Choose a duration for your certificate and click the Add to Cart button to add the certificate to your shopping cart. Note that even though the maximum lifespan of any S/MIME certificate issued by SSL.com is two years, customers can save money by ordering bundles of up to three years. For three-year Individual Validation S/MIME Certificate orders, we issue free replacement certificates upon expiration and re-validation for the final year of the order.
- In the shopping cart, you can change the quantity of certificates, remove them from your cart, or return to shopping with the Shop More button. When your order is complete and correct, click Checkout.
- If you are not already logged into your SSL.com account or do not have an account yet, you will be prompted to login or create a new account at the Checkout screen. If you have an account, select I do and I want to log in now, enter your username and password, then click the Next >> button.
- If you do not have an SSL.com account, select I do NOT but I want to create one, fill in the requested information (username, email address, password, and billing information), then click the Next >> button.
- If your account contains existing funds, they will be applied to your purchase. If your account does not contain sufficient funds, you will be prompted to add more. Click the Next >> button when your account has sufficient funds to complete the transaction.
- If your order has been successfully placed, you will see a green alert near the top of the browser window, reading “Order successfully placed…” Click the Click here link under Show Order Transaction or the green order number beginning with “co-” in the order details.
- Enter recipient your email address for recipient information. SSL.com will use your email address to send you updates regarding your order. then Proceed to click the Next>> button.
- On the orders tab of your account, you will then be shown the details of your newly-created order. Under the Action column, the text verify identity will be displayed. Under the Subject column, the email address you placed in the previous step will appear. Once you have validated your identity, the Subject column will display your personal name.
Identity Verification
Identity verification can be done in two ways: manually uploading documents or through the Jumio AI platform.
Manual Identity Verification
Click the details link on your order followed by the CERTIFICATE DETAILS section. Next, click the upload link. For IV S/MIME certificates, please upload images of the following:
- A scan of the front of a valid, government-issued photo ID card or passport ID page. The ID number may be obscured, but we must be able to see your name, address, year of birth, and photograph.
- A scan of the back of the government-issued ID card or passport ID page.
- A photograph of of yourself holding the government-issued ID next to your face so that your face may be compared with the image on the ID. The photograph should be at least 5 megapixels (MP) – most current smartphones can provide an image of 5MP or greater.
When you are done uploading the files, click the SUBMIT DOCUMENTS button.
You will be returned to your certificate order page. There should be a green alert at the top of the screen indicating that your documents were successfully uploaded. Note that your order will have the status of pending validation until the information you submitted has been validated.
Automated Identity Validation through Jumio
- Select the Dashboard tab on the top menu. This will show your account information. Next, scroll down & click the perform identity verification (required for IV certs) link.
- You will be directed to the verification page. Click the Start button. By clicking “Start” you consent to Jumio collecting and disclosing your biometric data pursuant to its Privacy Policy.
- Specify the country where your ID is issued then select which type of government-issued ID you will use for the verification process.
- If you are not sure if your ID is acceptable, you can click this link in the page: Have you checked if your ID is supported? Upon clicking the link, Jumio will show a list of IDs that it does not accept.
- Choose if you want to proceed on desktop or mobile. If your mobile phone can capture higher-quality images than your desktop web camera, it would be better to proceed on mobile so that Jumio can accept the images of your ID and your selfie for processing.
- Place the email where you want the Jumio verification link to be sent and then click the Send button. Afterwards, keep this page open and open a new tab on your browser to check your email (for desktop users) or open the email on your mobile phone (for mobile users).
- Open the ID verification email from Jumio and click the here link to take you to the verification page.
- Prepare your ID and click the Start button.
- Jumio will require you to take a picture of your ID. If the type of ID you selected has a front and back side, Jumio will require pictures of both. Click Start. Center your ID, make sure all details are clear and click the button for capturing the image. Afterwards, click the Confirm button. Jumio will inform you if the image is blurry or unacceptable in which case, click the Try again button to recapture the image.
- After requiring photo/s of your ID, Jumio will then prompt you to take a picture of your face. Make sure that the contours of your face are captured in the frame.
- Once the scan is completed, Jumio will analyze the biometric data and check the image quality.
- If it is acceptable for processing, the verification result will be sent to your desktop, on the browser page where you first opened Jumio.
- Go back to the verification page on your desktop browser. There, Jumio will provide a notification if the page can now be closed.
- Upon completion of the Jumio identity verification, SSL.com will then analyze the data. The approval of the Jumio verification includes an approval from SSL.com followed by a cross-approval from the user/subject. When SSL.com issues the approval, an email will be sent to the user with a link that allows him/her to finalize the first and last name that will be associated with the SSL.com account.
- Upon completion of the cross-approval by the user, SSL.com will send an email confirming the successful identity verification.
Generating your IV S/MIME Certificate
- When the documents you uploaded have been validated by our staff, the recipient address (specified in step 8 above) will receive an email with a link to collect the certificate. Click the link.
- Click the Generate Certificate button to generate a new certificate signing request (CSR), certificate, and private key.
Note: If you want to specify the algorithm, you can choose between RSA and ECDSA with the Algorithm drop-down menu. You can also click the Show Advanced Options button, which will reveal a drop-down menu for choosing the key size. Finally, checking I have my own CSR will let you use your own certificate signing request and private key rather than generating a new CSR and key. - Text fields containing the new CSR, certificate, and private key will appear.
- To download a PFX file containing your new certificate and private key to your computer, create a password of 6 characters or more, then click the Download button. Remember this password. You will need it when you install the certificate and key on your computer. Also, it is very important that you keep your private key secure and do not lose it. SSL.com does not ever see or handle your private keys and cannot help you recover a lost key (it will be generated in your browser, on your own computer). Without your private key you will not be able to digitally sign email or read email that has been encrypted with your public key. Even worse, anyone with your private key will be able to assume your identity for signing email messages and client authentication.
Installation
For most applications supporting S/MIME or Client Authentication, you can simply follow the instructions below to install your downloaded PFX file in the OS certificate store and your email client or web browser will be able to access the certificate. However, Mozilla Thunderbird and Firefox require additional configuration steps:
- Configure Mozilla Thunderbird for S/MIME (Windows)
- Configure Mozilla Firefox for Client Authentication
Windows
These procedures were documented on Windows 10 Enterprise version 1809.
- Double-click the PFX file you downloaded to open it. The filename will end with
.p12
- The Certificate Import Wizard will open. Select Current User, then click the Next button.
- The next window will ask you to specify a file to import. The file you double-clicked in step 1 should already be selected, so click the Next button to continue.
- Enter the password you created when you downloaded the PFX file from SSL.com. Under Import Options, make sure that Include all extended properties is checked. If you want to be prompted for your PFX password every time the private key is used (e.g. for signing), check Enable strong private key protection. If you would like to be able to export a PFX containing the private key at a later date, check Mark this key as exportable. When you are done selecting options, click the Next button.
- Make sure that Automatically select the certificate store based on the type of certificate is checked, then click the Next button.
- Click the Finish button.
- If you selected Enable Strong Private Key Protection in step 4, then the Importing a new private exchange key dialog box will appear. Click the OK button to continue.
- You’re all finished! Click the OK button to exit the wizard.
macOS
These procedures were documented on macOS 10.14.6 (Mojave).
- Open Keychain Access.app, located in Applications > Utilities.
- Select the login keychain.
- Select File > Import Items from the menu.
- Navigate to the PFX file you downloaded from SSL.com, then click the Open button. Note that the filename will end with
.p12
.
- Enter the password you created when downloading the PFX file and click the OK button.
- If prompted, enter your login password and click the OK button to unlock the Login keychain.
- The certificate and private key are now installed on the computer.
Video: Validation Requirements for OV, IV, and EV Certificates