Obtaining an ISC Certificate
for use with PGP

ISC Certificates for Use with PGP

If you are using PGP and wish to communicate with a SecretAgent user in a secure manner, you may convert your legacy RSA key into a renewable X.509v3 certificate with a one year validity period for $10.00 USD per year.

To obtain your certificate using PGP 6 or 7 (see below for PGP 8):

  1. Start PGPkeys
  2. Download the "ISC Silver CA" root certificate using the following link:

    ISC Silver CA root certificate

    Save the certificate file to your desktop making sure to change the '.p7c' filename extension to '.pem' when you see the Save As dialog. Then import the certificate into PGPkeys using the Keys | Import menu item. (You'll need to change the file selection filter to 'PEM Encoded Files (*.pem)' to select the file.)
  3. Configure PGPkeys to summit PKCS#10 certificate requests to an ISC CGI script that bounces those requests back to you via e-mail: select Edit | Options and change the CA tab settings to:

    URL: http://www.infoseccorp.com/cgi-bin/pgp.pl?to=<your e-mail address>
    Revocation URL: http://www.infoseccorp.com/
    Type: Net Tools PKI

    Also select the "ISC Silver CA" root certificate obtained in step 2.

  4. Now right click on your legacy RSA key and select Add | Certificate... (or left click on the key and use the Keys | Add | Certificate... menu item).
  5. Click Add, enter your e-mail address, and click OK leaving 'CRS' selected as the request type.
  6. Enter a password for your private key and click OK.
  7. Wait for a 'Certificate Request' message to be returned to you via e-mail.
  8. Copy the body of the e-mail message to the clipboard.

IMPORTANT: Just copy the text between the certificate request boundary lines:

-----BEGIN NEW CERTIFICATE REQUEST-----

<copy this stuff to the clipboard>

-----END NEW CERTIFICATE REQUEST-----

  1. Click the following link: Enrollment (using an existing PKCS#10 PDU)
  2. On the CertAgent enrollment page, select the second radio button, paste your PKCS#10 PDU into the text box, and click Upload.
  3. You will be transferred to a payment page on this website. Click the "Buy Now" button to make a $10 payment via PayPal, or make a note of your certificate request ID and contact us to make a direct credit card payment. We accept Visa, MasterCard, and American Express. Checks and purchase orders are not accepted.
  4. Wait for a pickup notification to arrive via e-mail.
  5. Click on the link in the e-mail, retrieve your certificate, and provide it to your SecretAgent correspondents. These SecretAgent 5.7users will then be able to create encrypted OpenPGP archives that only you can decrypt. (Using PGPKeys to import your certificate into your own local keyring is optional: PGP will essentially ignore it.)

If you are using PGP 8, the above process works but can be made a little easier. Select 'PKCS-10' instead of 'CRS' before clicking OK in step 5 and skip steps 7 & 8: PGP 8 will place the certificate request on your clipboard so you can just paste it into our enrollment page. Bouncing the request off our website (as in steps 7 & 8) is only necessary if you're using PGP 6 or 7.

ISC certificate services are offered AS IS, and without warranty. The relying party agrees to make his own determination regarding the appropriate use of certificates and services.


Run Your Own CA

Need a low-cost, full-featured X.509 certificate authority — with no per-certificate fees! — to jump-start your own PKI? Check out the latest release of CertAgent.