3

How do I import a certificate?

The help file is very confusing.

I want to be able to encrypt some of my emails.

Managing S/MIME certificates

Certificates allow you to communicate with others securely over an encrypted connection, or sign a message confirming your identity to the contact. These settings only apply to S/MIME encryption.

You can import, view, edit (except for your own certificates), and delete your certificates under Edit ▸ Preferences ▸ Certificates.

If you get the error "Peer's certificate issuer has been marked as not trusted by the user. (-8172) - Cannot add SMIMEEncKeyPrefs attribute" after adding your mail certificate, go to Authorities and enable Trust this CA to identify email users for the certificate.

Your Certificates displays a list of certificates that you own. To add a signing certificate, click Import, select the file to import, then click Open and enter a password.

Contact Certificates displays a list of certificates that you have for contacts. These certificates allow you to decrypt messages as well verify signed messages. Authorities displays a list of trusted certificate authorities that verify that your own certificate is valid.

Source: https://help.gnome.org/users/evolution/stable/mail-encryption-s-mime-manage.html.en

thomasrutter
  • 37,804
fixit7
  • 3,399

1 Answers1

2

This answer was inspired by this one: How do I make a digital certificate available to LibreOffice Writer for digital signatures?

To import a certificate in Evolution (tested on Debian 9):

  1. Once you have a certificate, install it on your computer by double-clicking on it.
  2. Open Evolution.
  3. Open Edit -> Preferences.
  4. In the left panel, click Certificates.
  5. Import your certificate by clicking import and selecting your certificate.
  6. In the top of the current menu, click Authorities.
  7. Find the CA that provided your certificate. You can find that. information in the certificate itself by double-clicking on it.
  8. Click edit and check the options you desire. If you trust that CA, you can check all three.

If you are still interested in making a free certificate, and for others like myself trying to figure all that certificate thing, the website www.cacert.org allows you to do so.

However, this CA (Certification Authority) is not yet recognized by browsers by default, therefore if you need your certificate to encrypt a website, the client will have to validate it zirself*.

Have a good day.

*Third-person gender less pronoun as suggested on https://en.wikipedia.org/wiki/Third-person_pronoun#Summary.

DaniyalAhmadSE
  • 148
Nautilus Era
  • 21