Logo Devoh

I Thawte Not

For several years now, I've been using Thawte's free personal email certificates to sign and encrypt my email. However, when I went to renew my certificates today, I found myself in disbelief that Thawte has discontinued this service, offering instead a free one-year VeriSign certificate that renews for $19.95.

Despite our strong desire to continue providing the Thawte Personal E-mail Certificate and Web of Trust services, the ever-expanding standards and technology requirements will outpace our ability to maintain these services at the high level of quality we require. As a result, Thawte Personal E-Mail Certificates and the Web of Trust will be discontinued on November 16, 2009 and will no longer be available after that date.

While disappointing that this once free service has been EOLed, I'm also relieved to not have to use their system again. Thawte's certificate generation tool was never very usable, and often required jumping through Firefox-shaped hoops to get the certificates installed on a Mac. Even then, the basic certificates contained only your email address, and not your name. If you wanted your name on the certificate, you had to join their Web of Trust, which meant meeting up with other members in real life to have them vouch for your name. This required multiple in-person meetings until enough points had been accumulated for Thawte to be able to confirm that you were who you said you were. It was a nice assurance in theory, but I was never able to track down anyone locally who was actually willing to do this.

But what to do about an alternative? While signed emails are nice, I'm not sure that I could justify the $20/year fee associated with a paid certificate from VeriSign. I poked around a bit and found a company called Comodo offers a free secure email certificate, and their signing process is a huge improvement over Thawte's. Just fill out a single form with a handful of fields, then look for an email with a link that will install the certificate right into your Keychain if you're using Mac OS X. Mail.app will pick up on these certificates automatically, and start signing your emails by default. And, bonus, they even let you put your own name on it.