To send digitally signed e-mail messages with Fax Voip FSP software, the valid digital certificate suitable for the specified Sender’s e-mail address, must be installed into the Local Machine Certificate Store on your system. The Network Service account, under which Windows Fax Service is started, should have read access permissions to your certificate private keys.
To obtain certificate
Digital certificates are issued by independent certification authorities. When you apply for a digital certificate at a certification authority's Web site, your identity is verified before an ID is issued. There are different classes of digital certificates, each certifying to a different level of trustworthiness. For more information, visit the certification authority's Web site. You can use Free Email certificate from Actalis.
After obtaining certificate, it is usually installed in the Current User Personal Certificate Store. To access your certificate, follow these steps:
1. Switch to Search pane, type control panel, and then click Control Panel. In the Control Panel click Network and Internet, and then click Internet options.
2. In the Internet Properties dialog on the Content page, click Certificates.
3. In the Certificates window select Personal page and then double-click your certificate. Make sure that the information about the presence of the private key is displayed.
Having a valid certificate in the Current User Certificate Store does not provide automatic signing of e-mail messages that Fax Voip FSP sends. The certificate must be installed into the Local Machine Certificate Store. The Network Service account, under which Windows Fax Service is started, should have read access permissions to your certificate private keys. The easiest way is to use the Fax Voip FSP Control Panel to correctly re-install the certificate.
To re-install your certificate into Local Machine Store using Fax Voip FSP Control Panel
It is assumed that the valid digital certificate suitable for the specified Sender’s e-mail address, is already installed into the Current User Certificate Store. To install the certificate into the Local Machine Certificate Store, do the following:
1. Open Fax Voip FSP Control Panel.
2. Click E-mail in TreeView, then click SMTP.
3. Click <Certificate> button.
4. In the dialog box window click Yes to install your certificate into the Local Machine Certificate Store and to grant read access to private keys for fax service (Network Service account). Administrator privileges are required.
5. In the next dialog box, click OK.
The subsequent sections show how to manually install the certificate into the Local Machine Certificate Store. As earlier, it is assumed that the valid digital certificate suitable for the specified Sender’s e-mail address, is already installed into the Current User Certificate Store. You must first export the certificate together with the private key and to store it in the Personal Information Exchange – PKCS #12 (.PFX) file.
To export certificate with private key
1. Switch to Search pane, type control panel, and then click Control Panel. In the Control Panel click Network and Internet, and then click Internet options.
2. In the Internet Properties dialog on the Content page, click Certificates.
3. In the Certificates window select Personal page and select your certificate. Click Export. Follow Certificate Export Wizard instructions.
4. On the Export Private Key page, select Yes, export the private key option.
5. On the Export File Format page, select Personal Information Exchange – PKCS #12 (.PFX) option. Select other options, except the option Delete the private key if export is successful as shown in the picture below.
6. On the next page enter password to protect the private key.
7. On the File to Export page specify the name of the file you want to export.
8. On the Completing the Certificate Export Wizard page click Finish to close the wizard.
Upon successful completion of this procedure, you can remove the certificate from Certificate Store if you plan to reinstall it. To do this click Remove in the Certificates window.
To install certificate into Local Machine Certificate Store
1. Double-click the .PFX file where your certificate with the private key is saved.
2. In the Certificate Import Wizard, on the first page select Local Machine option. Click Next and follow instructions. To install certificate into Local Machine Certificate Store, administrator privileges are required.
3. Follow Certificate Import Wizard instructions.
4. On the Private key protection page, enter password for the private key. You can flag available options in the Import options area if you want. Click Next.
5. On the Certificate Store page choose Automatically select the certificate store based on the type of certificate option. Click Next.
6. On the Completing the Certificate Import Wizard page click Finish to close the wizard.
To access certificates installed into Local Machine Certificate Store
1. Open a Command Prompt window.
2. Type mmc and press the ENTER key. Note that to view certificates in the local machine store, you must be in the Administrator role.
3. On the File menu, click Add/Remove Snap In.
4. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list select Certificates. Click Add.
5. In the Certificates snap-in dialog box, select Computer account and click Next.
6. In the Select Computer dialog box, click Finish.
7. On the Add or Remove Snap-ins dialog box, click OK.
8. In the Console Root window, click Certificates (Local Computer) to view the certificate stores for the computer.
9. (Optional). On the File menu, click Save or Save As. Save the console file for later reuse.
Providing access to certificate private keys for fax service
1. Open the mmc Certificates snap-in, as shown in the previous section.
2. Right click your certificate. On the context menu, select All Tasks and then click Manage Private Keys... .
3. In the Permissions for ... private keys window click Add... .
4. In the Select Users or Groups dialog, enter NETWORK SERVICE and then click Check Names. Click OK.
5. In the Permissions for ... private keys window, in the Group or user names list, select NETWORK SERVICE. Grant Read access permissions for Network Service account, as shown in the picture below. Click Apply.
To view certificate in Fax Voip FSP application
1. Open Fax Voip FSP Control Panel.
2. Click E-mail in TreeView, then click SMTP.
3. To view certificate click <Certificate> button. If valid certificate associated with specified Sender’s e-mail address found, it will be displayed. To verify access permissions for Network Service account, administrator privileges are required.