[CentOS] [OT] Where to buy S/MIME ??

Mon Nov 26 06:52:44 UTC 2018
Sorin Srbu <sorin.srbu at ilk.uu.se>

> -----Original Message-----
> From: CentOS <centos-bounces at centos.org> On Behalf Of Alice Wonder
> Sent: den 25 november 2018 14:35
> To: CentOS mailing list <centos at centos.org>
> Subject: [CentOS] [OT] Where to buy S/MIME ??
> 
> Hi, I'm getting increasingly paranoid.
> 
> Something I said on a certain social media site several months ago was
> modified - then reported - then by account was banned until I agreed to
> delete it.
> 
> Obviously since what I said was modified I didn't have any issue with
> deleting it but I want more than just DKIM sigs on my e-mail now.
> 
> Anyway looking for S/MIME I can use to sign and/or encrypt but mostly
> sign. Not interested in GnuPG or self-signed S/MIME - I want something
> that can be trusted because someone else that is trusted actually
> vouched for me.
> 
> The "free for personal" S/MIME from Comodo didn't work. Browser said it
> did but there was nothing to export for me to then import. I suspect it
> is because I used private browser window, I really don't like the idea
> of a private key stored in browser anyway. And it never asked for a
> password to encrypt the private key, nor let me specify key strength
> (only let me choose between medium and high - I assume high is 4096 but
> I don't know, it didn't say)
> 
> Didn't like the "browser generated" process, even if it had worked and
> generated the final product I could export - I really didn't like the
> process and have serious questions about the wisdom of a private key
> without a pass phrase stored in an application that interacts with web
> sites.
> 
> Anyway so used openssl to create private key (with aes-256 encryption
> and pass phrase) and then a CSR.
> 
> But I can't find anyone who sells certs for S/MIME to send the CSR too.
> 
> Globalsign but they wanted $89 - no one else.
> 
> Found a few sites that offered to "send me a quote" that I think were
> intended for corporate accounts.
> 
> Where do regular users who just want an inexpensive certificate usable
> for S/MIME from a CSR generated the traditional way go to buy a cert?

Would letsencrypt.org work for you?
I use them for my web sites, but unsure if you can do s/mime with them.

It's free, and trusted/sponsored by loads of big muckamucks according to
their web site.
--
//Sorin