In an earlier post I explained why there is good reason to use encryption when sending and receiving important data via email. I also showed you that it is very easy to do so. Today I want to show you that it is similarly easy to encrypt any online communication using personal certificates.
What Is a Certificate?
Asymmetric encryption or public key encryption uses a key pair to encrypt and decrypt messages. Public keys are shared and private keys are stored safely and are never shared. Your public key can be used by anyone to send you an encrypted message. You, as the receiver, use your private key to decrypt the message.
If the sender of the message wants to be able to later decrypt the message, he needs to add his own public key to the message, too. Otherwise he won’t be able to use his private key to decrypt the message.
A certificate is a proof of ownership of a public key. It can be used to sign emails, documents, or other types of data.
Certificates are issued by certificate authorities (CAs). These may be governments issuing national ID cards for their citizens. Or commercial enterprises issuing validations for web domains (the green bar in your browser next to a website’s HTTPS address). Or non-commercial entities issuing certificates mostly for personal use.
CAcert.org is a non-commercial entity that issues X.509 certificates. These certificates are based on recommendations of the International Telecommunication Union and created according to the Internet Engineering Task Force‘s relevant standards.
To have your own personal certificate issued, all that is needed is to join CAcert.org and disclose some basic personal information.
This is necessary, otherwise anyone could impersonate anyone else and personal certification would quickly become completely useless.
After completing the sign up process, you will be asked to verify your email address by clicking on a link in an email sent to it.
You will then be able to log into CAcert.org and create a personal certificate called
You can then download your certificate to your computer or directly install it into your browser and use it to sign documents or emails.
It is possible to add additional email addresses to your account and to create additional client certificates.
In case you would like to make your certificate last longer, you can meet up with other CAcert.org members called assurers and have them validate your identity. Each assurer’s validation gets you points. After gaining 100 points your client certificate will be valid for 24 months.
All certificates and services are provided by CAcert.org completely for free.
Liked this post?
Subscribe to our newsletter to receive early notification of new posts and deals: