SSI Lab 2024/25:
	Getting a Digital certificate from Sectigo-U.Porto for email usage: the right way!

You are required to obtain your own personal X.509 Digital Certificate from Sectigo through its partnership with University of Porto.
However, the certificate request must be done correctly: Sectigo should never have access to your locally created private key—only your public key should be sent, using a standard CSR (Certificate Signing Request) file.

A suggested workflow for you follows:

- review the concepts of public key digital certificates
- visit the U.Porto's webpage where your request will be placed:
	https://www.up.pt/portal/en/updigital/security/security-privacy/obtaining-a-client-digital-certificate/
- examine a real CSR file previously used to request a digital certificate from Sectigo-U.Porto:
	up209810Certificate.csr
	(Suggestion: View it using CyberChef’s online tool, under "Public Key > Parse CSR")
- get some basic help for the generation of a CSR file from:
	https://www.digicert.com/easy-csr/openssl.htm
- get some aquaintance with openSSL toolkit capabilities:
	https://openssl-library.org/
- generate your own public-key pair and CSR file
- Submit your CSR file through Sectigo’s portal (in partnership with U.Porto, really, with FCCN)
	https://cert-manager.com/customer/fccn/idp/clientgeant
- get your personal X.509 Digital Certificate:
	probably, a PEM (Privacy Enhanced Mail) file that concatenates 2 certificates: your own and another from an intermediate Certificate Authority
- compare your certificate with an actual PEM file issued by Sectigo, based on the provided CSR file:
	up209810Certificate.pem
	(Suggestion: "view" it with CyberChef's online server, section "Public Key > Parse X.509 certificate")
- trace the signature hierarchy chain of the certificates you received
- install your certificate in an email client (not a webmail client! Thunderbird is recommended).
- send the group report for this lab in a digitally signed and confidential email to JMCruz (up209810).

Relevant resources:

- https://www.up.pt/portal/en/updigital/security/security-privacy/obtaining-a-client-digital-certificate/

- https://www.digicert.com/kb/csr-creation.htm
	- https://www.digicert.com/easy-csr/openssl.htm

- OpenSSL library
	https://openssl-library.org/

- CyberChef's online server
	https://gchq.github.io/CyberChef/

- JMCruz's:
	up209810Certificate.csr
	up209810Certificate.pem