In this tutorial, I will show how to send secure email on your hosting provider. Basically, most of hosting provider support this feature, but you need to ask them before registerd.
it’s main use by our customers is encrypting e-mail using SSL certificates so that sensitive data, such as customers credit card details, can be safely sent from your web site to your local PC for processing. Combined with the shared SSL option this gives you the ability to securely accept and forward your web site visitors card details.
The following tutorial shows how you can use the installed AspEncrypt and AspEmail ASP components to send encrypted e-mails from your web site – the encryption used is the same as that used by https web pages and is considered unbreakable, only recipients of the mail with your certificate installed will be able to read the e-mails.
The first thing you need to do is obtain your own free personal e-mail certificate, these can be obtained from Thawte or Comodo, or other.
To complete the application form you will need the following information :
1) Type required is X.509 Format
2) When choosing CSP keep default (Microsoft Enhanced Cryptographic Provider 1.0)
Once you have completed the application and certificate has been issued you will be sent an e-mail by Thawte with a link to install the certificate – follow the link and the cert will be installed to your local PC, Internet Explorer and Outlook / Outlook Express.
Once the certificate is installed on your PC you need to export the certificates public key to a file within your hosting account so that it can be used by your scripts to encrypt your e-mail messages :
To do this go to Internet Explorer and select Tools -> Internet Options -> Content
Choose certificates and you’ll be shown the certificates installed on your PC – select the one you just installed, then select export.
An export wizard will start – select NOT to export the private key, format should be the default DER encoded binary X.509 (.cer) and select where the certificate should be saved on your local machine.
You now need to upload .cer file to the /private/ folder in your hosting account so that it is available to your scripts.
A basic script is shown below showing the methods used to call encryption, please see our other tutorials for more information on basic e-mail methods and how to e-mail the results from a form on your website :
<% ' Create e-mail Set Mail = Server.CreateObject("Persits.MailSender") Mail.Host = "smtp.dotnetted.co.uk" Mail.From = "firstname.lastname@example.org" Mail.Subject = "Encrypted E-mail" Mail.AddAddress "email@example.com" Mail.Username = "firstname.lastname@example.org" Mail.Password = "password" Mail.Body = "Encrypted message Body goes here !" ' Encrypt and send e-mail using stored cert Set CM = Server.CreateObject("Persits.CryptoManager") Set Cert = CM.ImportCertFromFile("D:\path-to-your-cert-here\certname.cer") Set Context = CM.OpenContext("mycontainer", True) Set Msg = Context.CreateMessage Msg.AddRecipientCert Cert Mail.SendEncrypted Msg ' Message is sent - tidy up objects Set Mail = Nothing Set CM = Nothing Set Context = Nothing Set Cert = Nothing Set Msg = Nothing %>
For more information on the components themselves, including the full object references and additional sample scripts please see the authors sites :