Doing Business with Boeing

This download option will present you with a file that contains one or more certificates encoded in vCard version 2.1 format. By default the file name will have a ".vcf" suffix. Files containing vCard 2.1 formatted data can be imported into some address book and S/MIME enabled applications such as Microsoft Outlook and Outlook Express.

The four certificates contained in this file represent the Boeing Certificate Authorities (CA) that issued the personal certificates you can load from the LDAP Proxy Web Interface. These CA certificates are loaded into your web browser or email client program and are used to authenticate the Boeing personal certificates you collect to use in email encryption. Some email clients will not allow you to load user certificates until you have loaded the issuing CA certificates.

To view the CA certificates you currently have loaded, try the following:

• Firefox and Thunderbird
  Edit -> Preferences -> Advanced -> Certificates -> Manage Certificates -> Authorities
• Mozilla Communicator
  Edit -> Preferences -> Privacy & Security -> Certificates -> Manage Certificates -> Authorities
• Internet Explorer
  Tools -> Internet Options -> Content -> Certificates -> Trusted Root Certification Authorities
  and
  Tools -> Internet Options -> Content -> Certificates -> Intermediate Certification Authorities

Use your web browser to save the CA certificate file to your local disk and use the client program's "import" facility to load the contents of the certificate file into the client's certificate database. The CA certificate file has a "p7b" suffix and contains the following Boeing CA certificates:

• The Boeing Company Root Certificate Authority
• The Boeing Company Class 2 Certificate Authority
• Secure Mail CA
• Secure Messaging

This download option will present you with a file that contains one or more certificates encoded in PKCS7 format. By default the file name will have a ".p7c" suffix as required by the Entrust software.

If the LDAP Proxy Web Interface finds certificates for the user whose email address you entered, you will be prompted to "Open" or "Save" the certificate file. Select "Open". If you are not already logged in to the Entrust utility, you will be prompted for your Entrust profile password. When you are logged in the Entrust Address Book will open and load the certificates.

Once the user certificates are loaded into the Address Book, you can rename the entry by right-clicking the entry and selecting "Rename".

This download option will present you with a file that contains one or more certificates encoded in PKCS7 format. By default the file name will have a ".p7b" suffix. Web browsers like Mozilla Communicator, Firefox, and Internet Explorer can be used to save these certificate files to your local disk. They can also be be imported into these web browser's certificate database.

This download option will present you with a certificate that can be saved to a file in binary (ASN.1 or DER) format. By default, the filename will have a ".cer" suffix. Files containing certificates in this format can be imported into some PKI and S/MIME enabled applications.

If multiple certificates are returned for the specified email address, you will be prompted to select a certificate to save. Certificates selected from a multiple certificate list will be saved in a BASE64 encoded (PEM) format. These certificate files will also have a ".cer" suffix as the default filename. Typically, a certificate saved in BASE64/PEM format can also be imported into your application in the same way as the binary DER formatted certificates.

The Mozilla web browsers contain a certificate database that stores all certificates used by the browsers and Mozilla email applications. In order to use one of the email programs to send encrypted email, you must have a public X.509 certificate of the email recipient stored in your mailer's certificate database.

To load the email recipient's certificate(s) into Mozilla, enter the complete email address of the recipient in the Email Address field on the Sending Encrypted Email to Boeing web form. Then select Mozilla Communicator, Firefox, or Thunderbird as your download option and press the Get Certificate(s) button. If any certificates are found for the specified email address, they will be automatically loaded into your browser's certificate database and a message will be displayed telling you how many certificates were loaded.

You can view all the user certificates being stored in your Mozilla browser by following:
Edit -> Preferences -> Privacy & Security -> Certificates -> Manage Certificates -> Other People'

You can view all the user certificates being stored in Thunderbird by following:
Edit -> Preferences -> Advanced -> Certificates -> Manage Certificates -> Other People's

The Internet Explorer web browser is used to store all certificates used by the Outlook and Outlook Express email programs. In order to use one of these email programs to send encrypted email, you must have the email recipient's public certificate stored in your IE browser.

To load the email recipient's certificate(s) into IE, enter the complete email address of the recipient in the Email Address field on the Sending Encrypted Email to Boeing web form. Then select Microsoft Outlook and Outlook Express as your download option and press the Get Certificate(s) button. If any certificates are found for the specified email address, a pop-up menu will be displayed. Select Open this file from its current location and press the OK button.

The Outlook Address Book window will appear and the certificate(s) will be loaded into the IE browser.

You can view all the certificates being stored in your browser by opening IE and following:
Tools -> Internet Options -> Content -> Certificates -> Other People

This download option will present you with a page containing all certificates found for the specified email address. Each certificate will be displayed in a Base64 format with BEGIN and END header records delimiting each certificate. This is called "PEM" format (Privacy-Enhanced Mail). You can use your mouse to cut and paste each certificate to a file (typically with a ".cer" filename suffix). PEM files can be used to import certificates into some PKI and S/MIME enabled applications such as Mozilla web browsers.

NOTE: When moving the certificate to a file, be sure not to include any extra characters at the end of each line (like spaces) as the encoded certificate must match the certificate length encoded in the format. Extraneous characters copied into the PEM file would make the encoded certificate unreadable.

For more information about email encryption at Boeing and the use of the LDAP Proxy, see the LDAP Proxy Service page.

The LDAP Proxy source code is available for download from SourceForge.net.

Contact: Boeing LDAP Proxy Team