Don's Home > Computer Security > Thawte Web of Trust (WoT) digital certificates
Under Construction

Thawte, a South African based company, has adapted the Web of Trust idea to the issuance of X.509 Certificates through a network of Digital Notaries. You present proof of identity to Notaries and can then request a certificate.
See: Secure Email and Notaries (You must join first)

 

Thawte WoT Notarization procedures

  1. Go to the Thawte web site ( http://www.thawte.com/) and see Web of Trust Overview for a description of the certificates and their uses. [NOTE: Your Thawte ID can be either your verified e-mail address or the nid-1 (Namespace ID) format, YOUR choice. (Personally, I'd suggest an e-mail address that's unlikely to change.)]
  2. Sign up for the Freemail certificate program by choosing the Secure Your E-mail link.
  3. Respond as requested to the e-mail verifying your e-mail address. Once you submit the the probe and ping you do not have to request a certificate immediately (see next step).
  4. You may be asked for the following:
    • Character Set (Use ISO-8859-1 - Latin-1 for western european and US)
    • Your national identification number, passport number, driver license number or tax number, depending on your nationality.
    • Your full name and date of birth.
    • Your Email Address to be used as your Thawte Username
    • Your employer's name, size and address (if you are employed).
    • Your home address and contact details.
    • Your preferred currency.
  5. Unless you NEED a certificate prior to getting all your notarizations, WAIT until after you have been asserted to the 50 point level and can get certificates with your name in them. Notaries can assign between 10 and 35 points.
  6. Go to View Notary Map at Find a Notary (You must join first).
    Go to Country > State > County to find a notary.
    Then select allow notary to view your details.
  7. Have a photocopy of the below ID(s) for each Notary who will be asserting you.
  8. Bring one or more forms of ID with you to the meeting. One needs to be a photo ID, one must have what you are using as your "National Identification Number" (NID). If you use your Driver's License Number or passport number for your NID a photo Driver's License or passport alone would be enough. If you use your Social Security Number you must present your ORIGINAL Social Security Card plus a photo ID.
  9. You will get e-mail to confirm that you have just been notarized. It will tell you to the Certificate Request Page at Thawte.
  10. You can request a certificate specifying your software (Netscape, Outlook, ...)
    For an X.509 certificate, please choose your software from the list below:
    * Mozilla Firefox/Thunderbird, Netscape Communicator/Messenger
    * Microsoft Internet Explorer, Outlook and Outlook Express
    * Lotus Notes R5
    * OperaSoftware Browser
    * C2Net SafePassage Web Proxy

    See:
    How to Set Up Encrypted Mail on Mac OS X | O'Reilly Media
    Note: For Mac Mail you need to specify "test".
    You also need to specify a password
      See:
    good passwords.
    How to setup mail.app to use a Thawte Certificate at massPerception.com
    OS X 10.3: Mail - How to Use a Secure Email Signing Certificate (Digital ID) at support.apple.com

  11. You will get another e-mail from Thawte saying "Personal Cert Issued", with a link to a page where you can download it.
    Notes:
    • You need to be running the same browser, on the same machine, logged in as the same user, as you were when you made the request.
    • Some browsers will download the certificate when you click fetch without any indication that they did anything. Most email software has an option to view your certificate where you can verify you got it.
    • Newer versions of the Safari browser on the Macintosh will automatically put the certificate in your Keychain where Mac Mail can find it, but you may have to move it to use Thunderbird.
    Common filename extensions for X.509-certificates are: 
        * .DER - DER encoded certificate
    * .PEM - (Privacy Enhanced Mail) Base64 encoded DER certificate,
    * .P7B - See .p7c
    * .P7C - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
    * .PFX - See .p12
    * .P12 - PKCS#12, may contain certificate(s) (public) and private keys (password protected)
    See: Download Personal Email Certificate at Thawte
    X.509 at wikipedia
    Server Certificates at CMU
    Certificates at MIT
    Import and Export (Backup) Personal and CA Certificates into and from Applications at Fermi Lab
Source: WebWarren.com/ACGNJ-talks/

Notary Points: 

New notary: 10 points             After 15 assertions: 25 points 
After 5 assertions: 15 points     After 25 assertions: 30 points 
After 10 assertions: 20 points    After 35 assertions: 35 points
Thawte
Main Office: Cape Town, South Africa.
+27 21 937 8902

US Office: Mountain View, CA
+1 650 426 7400
cs-support@thawte.com

Thawte Links:
www.thawte.com/wot/index.html
Web of Trust Overview
Protect your E-Mail Guide www.thawte.com/guides/download/wot_dl.html
Other security Guides www.thawte.com/guides/
You can request a free personal e-mail certificate at: www.thawte.com/email/index.html
Secure Your E-mail
You may have to have an account and login to see the following:
Step-by-step Guide
Your Account
NJ Notaries
Request a Certificate
Tech Support

Misc Notes:
Their web site is very confusing: In one place it asks you for your Certificate code: There is not certificate code for personal email certificates.

Uses:
Restrict access to a Web site to people with certificates.
e.g. by setting up access control lists in each directory you want to restrict.

Links:
Thawte FAQ 1

Return to Computer Security

last updated 5 Feb 2006