Guide for Publicly Trusted Vp Email Certificate Export and Import into Other Email Client

1. About Publicly Trusted MeSign Vp Email Certificate

The reason why MeSign Technology provides users with a charged publicly trusted Vp Email Certificate is that the free configured encrypting certificate and V1 signature certificate in MeSign APP by default are trusted by MeSign APP only. When MeSign APP user send the signed email to other email client user, other email client will have warning such as "'There is a problem with the signature, the digital signature is invalid." But if user have purchased a Vp Email Certificate and send signed email to other email client user, the other email client will display the email signature normally, such as "The digital signature is trusted" or "The sender signed this message with a trusted certificate" etc.

This guide does not instruct users to export the Vp Email Certificate to other mail clients for use, this is NOT must. It is just to help some users who still want to use their familiar email client and use the Vp Email Certificate for email signature and encryption. When you purchase MeSign Vp Email Certificate, we have saved you the trouble of applying for a certificate from CA and configured the exportable email certificate for you automatically. After you export this certificate, you can use it in other email clients. We only can provide you with a simple guide, if you encounter problems with the use of certificate signature and encryption, you also need to consult the relevant email client software provider.

We believe that after reading this guide and actual operation, you will find that even if you laboriously import the certificate into other email client, you still need to exchange the public key with the receivers before you can send encrypted email. We cannot help you more. After you have tested how difficult it is for these email clients to encrypt email with certificates, you will find that it is more convenient and easier to use MeSign APP for email encryption, just need to set the email account and send encrypted email as normal cleartext email.

2. How to export the Vp Email Certificate?

If the user has purchased a publicly trusted Vp Email Certificate, it will be automatically installed in MeSign APP and MeSign APP will automatically set it as the default signing certificate and encrypting certificate and exportable. Please find the Vp Certificate icon in "Certificate Admin", as shown in the left figure below, click "View Certificate"-"Detailed Information"-"Copy to File"-"Next"-"Yes, Export Private Key"-"Personal Information Exchange (.PFX)"-"Next"-"Password", and then click Next to name the certificate file to complete the certificate export. Please keep the certificate protection password in mind and keep the certificate file safe. As shown in the right figure below, the user can also export the Vp Certificate in MeSign APP Android version and Apple iOS version, select "Export Certificate" from the "Certificate Admin”, and you will be prompted to set the certificate protection password. After confirming, the certificate .pfx file will be automatically sent to user's own email mailbox as attachment in signed email. The unencrypted email is to make it easier for users to directly click on the attachment to install the certificate into other email clients. Please be sure to completely delete this unencrypted email after successful installation or backup of this certificate.

3. How to set and use in Outlook?

MeSign APP Windows version has already configured MeSign email certificates including Vp Email Certificate for Outlook to use by default. Outlook will automatically decrypt the encrypted email that encrypted by MeSign APP without any settings. And if you want to use Outlook to reply to encrypted emails or send signed emails, just click to turn on "Encryption" and "Sign" in the "Options" when sending or replying to an email.

4. How to import and set to use for iMail?

The iPhone's own email client - iMail supports S/MIME email encryption and digital signature. iMail trusts the Vp Email Certificate. You can export and import this certificate according to the following guide and configure it correctly.

The user only needs to click on the certificate (.pfx) in the exported email attachment, and it will prompt "Profile downloaded. Review the profile in Settings app if you want to install it.", and then go to "Settings" and click "Profile downloaded", click "install", and enter the certificate protection password to install the certificate successfully. It will display "Not Verified" because the iPhone cannot automatically retrieve the intermediate CA certificate and automatically complete the verification, which does not affect the use.

If you care about this prompt, you can click here to download and install the intermediate CA certificate - MeSince Secure Email CA, it will display "Verified" and show two Profiles (two certificates).

After the certificate is installed, you need to set up your email account to enable the signature and encryption function: "Password and Account"-"Account"-"Advanced-"S/MIME"-"Sign"- select “Yes”, you can view the signing certificate, it display “Trusted”; "Encrypt by Default" – select “Yes”, you can view the encrypting certificate, it display “Trusted”.

Now you can test your Vp Email Certificate. You can first send a signed email to the other party for public key exchange according to the principle of email encryption, and the other party will reply a signed email to you, and you can realize the email encryption. If you cannot find a receiver who also has a certificate, please send a signed email to our customer service email address (shown in the screenshot) to test the encrypted email function of iMail. After you receive the signed email from the other party, you can view the signing certificate and encrypting certificate, and manually save these certificates, then you can send encrypted email to the other party. The following screenshot left is a signed email, the middle is a signed and encrypted email using one S/MIME email certificate, the right one is a signed and encrypted email using two email certificate (one is signing certificate and one is the encrypting certificate)

If you cannot follow the above operations, please give up! You will find that the MeSign APP is easier to use. To use MeSign APP, you only need to set up your mailbox, and you can automatically send encrypted emails when you can send and receive the cleartext emails, without any additional complicated operations, completely automatic!

5. How to import and set to use for Thunderbird?

The email client software Thunderbird released by Mozilla also supports S/MIME email encryption. Thunderbird trusts the Vp Email Certificate. You can follow the instructions below to export and import this certificate and configure it correctly.

The user only needs to click the certificate (.pfx) in the attachment of the exported email attachment and save it in a directory on the computer. In Thunderbird's "Account Settings"-"End-to-End Encryption"-"Manage S/MIME Certificates"-"Your Certificates"-"Import", select the locally Vp Email Certificate .PFX file, enter the certificate protection password, then certificate import is done, it displays the certificate information you imported, click "OK" to return to the "End-to-End Encryption" menu.

Click to select "Personal certificate for digital signing", and your Vp Email Certificate will be displayed. If you have multiple certificates, please select the certificate issued by "MeSince Secure Email CA", as shown in the left picture below. After selection, a prompt "Do you want to use the same certificate to encrypt & decrypt message sent to you?" will pop up. Select "Yes" to complete the configuration of the encrypting certificate. You can also choose "No", you need to import another encrypting certificate.

After successful importing the signing certificate and encrypting certificate, it will display your selected certificates, as shown in the left figure below. Then set whether to default encryption and digital signature. It is worth mentioning that the prompt for setting the default encryption is very interesting, "Without end-to-end encryption, the contents of messages are easily exposed to your email provider and to mass surveillance." The first half sentence is correct, but it needs to be added more information: Not only the email provider can easily know the content of your email, any party can easily be stolen illegally during the email transmission because your email is in cleartext. Setting the default digital signature actually makes it clear in one sentence why the email needs a digital signature: one is to prove that the email is indeed sent by you, and the other is to ensure that the content of the email will not be illegally tampered with. Therefore, it is recommended that users choose the default digital signature and encryption.

Now you can test your Vp Email certificate. You can first send a signed email to the other party for public key exchange according to the principle of email encryption, and the other party will reply a signed email to you, and you can realize the email encryption. As shown in the left figure below, since you do not have the public key of the encrypting certificate of the customer service email, you can only send a signed mail to the customer service email, not encrypted email. After the customer service team reply a signed email to you, you will have the encrypting certificate public key of the customer service email, then you can send encrypted emails to the customer service email. Of course, you can download the encrypting certificate public key of MeSign customer service email and import it into "People" in the Certificate Manager, as shown in the middle figure below, then you can send encrypted emails to the customer service email, as show in the right figure below. Please note: Subject lines of email messages are never encrypted.