ISC Certificates for Use with PGP
If you are using PGP and wish to communicate with a SecretAgent user in a secure manner, you may convert your legacy RSA key into a renewable X.509v3 certificate with a one year validity period for $10.00 USD per year.
To obtain your certificate using PGP 6 or 7 (see below for PGP 8):
- Start PGPkeys
- Download the "ISC Silver CA" root certificate
using the following link:
ISC Silver CA root certificate
Save the certificate file to your desktop making sure to change the '.p7c' filename extension to '.pem' when you see the Save As dialog. Then import the certificate into PGPkeys using the Keys | Import menu item. (You'll need to change the file selection filter to 'PEM Encoded Files (*.pem)' to select the file.)
- Configure PGPkeys to summit PKCS#10 certificate requests to
an ISC CGI script that bounces those requests back to you via
e-mail: select Edit
| Options and
change the CA tab settings to:
URL: http://www.infoseccorp.com/cgi-bin/pgp.pl?to=<your e-mail address>
Revocation URL: http://www.infoseccorp.com/
Type: Net Tools PKIAlso select the "ISC Silver CA" root certificate obtained in step 2.
- Now right click on your legacy RSA key and select Add
| Certificate... (or left click on the key and use the
Keys | Add | Certificate... menu item).
- Click Add, enter your e-mail address, and
click OK leaving 'CRS' selected as the request
type.
- Enter a password for your private key and click OK.
- Wait for a 'Certificate Request' message to be returned to
you via e-mail.
- Copy the body of the e-mail message to the clipboard.
IMPORTANT: Just copy the text between the certificate request boundary lines:
-----BEGIN NEW CERTIFICATE REQUEST-----
<copy this stuff to the clipboard>
-----END NEW CERTIFICATE REQUEST-----
- Click the following link: Enrollment
(using an existing PKCS#10 PDU)
- On the CertAgent enrollment page, select the second radio button,
paste your PKCS#10 PDU into the text box, and click Upload.
- You will be transferred to a payment page on this website.
Click the "Buy Now" button to make a $10 payment
via PayPal, or make a note of your certificate request
ID and contact us to make a direct credit card payment.
We accept Visa, MasterCard, and American Express. Checks
and purchase orders are not accepted.
- Wait for a pickup
notification to arrive via e-mail.
- Click on the link in the e-mail, retrieve your certificate, and provide it to your SecretAgent correspondents. These SecretAgent 5.7users will then be able to create encrypted OpenPGP archives that only you can decrypt. (Using PGPKeys to import your certificate into your own local keyring is optional: PGP will essentially ignore it.)
If you are using PGP 8, the above process works but can be made a little easier. Select 'PKCS-10' instead of 'CRS' before clicking OK in step 5 and skip steps 7 & 8: PGP 8 will place the certificate request on your clipboard so you can just paste it into our enrollment page. Bouncing the request off our website (as in steps 7 & 8) is only necessary if you're using PGP 6 or 7.
ISC certificate services are offered AS IS, and without warranty. The relying party agrees to make his own determination regarding the appropriate use of certificates and services.
Run Your Own CA
Need a low-cost, full-featured X.509 certificate authority — with no per-certificate fees! — to jump-start your own PKI? Check out the latest release of CertAgent.