If you wish to use SecureEmail to sign and encrypt mail in a corporate environment then you need to sign up for an E-PKI account to purchase Comodo Corporate Email Certificates (starting from as little as $7.20 per year).
This page explains how E-PKI account holders can apply for , purchase and issue Comodo Corporate certificates using the E-PKI management interface.
- To start the Comodo SecureEmail certificate sign up wizard, see the instructions here.
- To begin the commercial certificate sign up process, select 'Commercial Use' at Step one of the wizard shown here.
- To find out more about the features and benefit of Comodo E-PKI Manager, or Appendix 1 of this guide or visit the Comodo Website.
- To open a new E-PKI account or to log into an existing account, click here.
Purchasing the Certificates Using the E-PKI Manager
1. Existing E-PKI account holders and Comodo customers wishing to add E-PKI functionality to their accounts should login here (new customers should click the 'GO!' button' to begin enrollment).
2. Once logged into the Comodo management system, select the “EPKI Manager” link.
This will open the E-PKI management interface. On the left hand side, under 'Customer Order Options' is a list of purchasable products. Choose 'Corporate SecureEmail Certificate' (as shown below).
3. As the Administrator you will be make an application for a SecureEmail Certificate for your employees.
You can only make such applications for domains Comodo have validated as owned by your business. Validation of your business and domain is a one-time event. After successful validation of domain ownership you can issue as many email certificates as you require to email addresses on that domain.
Following successful validation, the email certificate and application procedure is as follows:
i. Administrator completes the certificate application form on behalf of the employee - providing employee name, email address and selecting the relevant security policies (see 'Email certificate application and issuance procedure in detail');
ii. Comodo then emails the employee with a link to begin the Certificate enrollment process – the enrollment for the Certificate must take place on the same PC on which the Certificate will be used;
iii. Comodo issue the Certificate which is automatically detected by and installed by the operating system on the employee's PC. If the employee has Comodo SecureEmail installed then the application will take over this aspect of the process and will place the employee's certificate in the appropriate certificate store;
iv. The employee is automatically redirected to the support pages for configuration and usage instructions. If the employee has Comodo SecureEmail installed then they should be instructed to consult this help guide instead.
The remainder of this page outlines this procedure in more detail.
4. Email certificate application and issuance procedure in detail
After choosing 'Corporate SecureEmail Certificate' in the E-PKI manager interface (as shown earlier) you will be presented with the application form shown below:
5. Corporate SecureEmail Certificates may only be applied for on domain names which you have a right to use.
Before applying for Certificates, you must first submit the domain name for validation:
Follow the link in the first stage of enrollment to submit a domain name for validation to Comodo’s IdAuthority. Comodo will validate ownership of the submitted domain name.
6. Once validated your domain name will appear in a selection box in the enrollment form:
Complete the employee details and confirm the employee is an employee or authorized representative of your company.
7. You will be asked to specify the security options for the employee’s Certificate.
- Cryptographic Service Provide (CSP): The CSP is responsible for generating the cryptographic keys. Select from the drop down list which CSP is to be used when the employee enrolls for their Corporate SecureEmail Certificate. If the Certificate is to be generated an placed on a smart card or other security device, ensure you select the relevant CSP from the list.
Please note that the CSP you select MUST be present on the employee’s PC.
- Private Key User Protected: Check this box to place additional protection on the use of the private key (signing key) associated with the employee’s Certificate. Additional protection will challenge to the employee to OK the use of the Certificate every time the private key is used.
- Private Key Exportable: Check this box if the private key associated with the employee’s Certificate should be exportable, e.g. if the Certificate can be backed up. If you do not allow exportability and the Certificate is lost, all emails encrypted for the employee will no longer be accessible.
8. Submit the form and the issuance process will begin.
9. An email will be sent to the stated employee containing a link to a specific setup page.
This page will automatically generate a Corporate SecureEmail Certificate request and submit this request to the Comodo Certification Authority. Comodo will then generate the Certificate.
Once the link has been followed, it is important that the employee keep the browser window open – the Certificate, when issued, will then automatically be installed. The browser will then automatically redirect to the support pages to assist the employee in configuration and usage.
For support on configuration and installation please view:
Your account will be debited with the value of the certificate product type and validity period selected upon application of the Certificate. Upon receipt of the Certificate application the Certificate will be issued and emailed to your Account Administrator. Providing that the Certificate application contains no invalid or conflicting data, the Certificate will usually be issued within 1 hour.
Comodo SecureEmail User Guide | © 2010 Comodo Security Solutions Inc. | All Rights Reserved.