Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 1 of 13

1. What is happening and when? From 29th March 2017, your email encryption certificate issued from the Certificate Authority “Vodafone

(Corporate Services 2009)” will no longer be valid. This is due to the revocation of the underlying Vodafone Corporate Public Trust Certificate Authority.

It is recommended that you review and complete the following steps: 1. Export your current email encryption certificate. This will allow you to continue to view

previously encrypted emails using your old certificate in the event that you need to access these emails in the future. Further details on how to complete this action are available in the “How do I export my email encryption certificate” section below.

2. If you have a business requirement to send C3 (Confidential) or C4 (Secret) classified emails to only internal Vodafone email recipients, then please click on the “Internal certificate required” voting button placed on the notification email you have received. This will entitle you to Private Trust email encryption certificate, which will encrypt emails within the Vodafone organisation. There is no further action required once you respond to the email, this certificate can be distributed via Active Directory.

3. If you have a business requirement to send C3 or C4 classified emails to internal & external 3rd party email recipients, then please click on the “External certificate required” voting button placed on the notification email you have received. You will then need to request a new Public Trust email encryption certificate. Please review the steps ”How do I request a new public email encryption certificate” in this document for further instructions. This will replace your existing email encryption certificate and will be valid for 1 year.

2. How do I know that I have a Vodafone Corporate Services 2009 email encryption certificate? Step 1: Open an Internet Explorer window

Step 2: Click on the menu options Tools   Internet Options   Content   Certificates

Step 3: If “Issued By” is “Vodafone (Corporate Services 2009) and once you click on “View” the purpose of the certificate is shown as “Protects e-mail messages” then you have an email encryption certificate that will no longer be valid from 29th March.

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 2 of 13

3. What are the security options that an email encryption certificate offers me? Email certificates allow you to sign and/or encrypt the contents sent via email. Private Trust certificates only

allow encryption to occur internally to Vodafone which a Public Trust certificate allows for encryption to occur on an external network.

Vodafone approved encryption and key management processes must be used to protect C3 information when it is transferred to an external network. Internal transfer (i.e. between Vodafone.com email addresses) does not need to be encrypted. There are other approved mechanisms (i.e. not email) for the transfer of C3 and C4 classified information to an external network. For full details, please refer to the Vodafone Information Security Detailed Requirements here.

4. What is the difference between signing and encrypting an email? Signing an email message offers another layer of security by providing assurance to the recipient that you—

not an imposter—signed the contents of the email message.

Email encryption involves encrypting the content of email messages in order to protect potentially sensitive information from being read by anyone other than intended recipients in transit. Email encryption often includes authentication.

5. What will happen to encrypted emails if I continue to send encrypted emails with an invalid email encryption certificate? Email recipients will encounter a “Digital Signature Invalid” message but should still be able to read the email.

6. What will happen to my previously encrypted emails? Your existing encrypted emails will still be available to view as before. However, you should export your

existing Vodafone Corporate email encryption certificate to ensure continued read access to previously encrypted emails, e.g. in the event of replacing a laptop rebuild or replacement, etc. See “How do I export my email encryption certificate” below.

If you no longer have your certificate due to machine rebuild or software upgrade you will not be able to export your certificates. The Vodafone CA is unable to reissue lost certificates.

7. What should I do next? If you have a confirmed business requirement to send C3 (Confidential) or C4 (Secret) classified emails to

external email recipients then request a new email encryption certificate, see “How do I request a new email encryption certificate” below. It is also recommended that you export your existing Vodafone Corporate email encryption certificate, see “How do I export my email encryption certificate” below.

If you are requesting a Private Trust SHA-1 certificate, the only action required from your side is to export your existing Vodafone Corporate email encryption certificate, see “How do I export my email encryption certificate” below.

8. My certificate does not expire until 2017/18, why do I need to change? Regardless of any stated expiry date your Vodafone Corporate email encryption certificate will no longer be

valid from 29th March 2017.

9. In case of any help needed regarding certificates, who should I contact? For all questions, please contact ca@vodafone.com

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 3 of 13

10. How do I export my email encryption certificate?

Step 1: Open an Internet Explorer window

Step 2: Click on the menu options Tools Internet Options Content Certificates

Step 3: Select the certificate you want to export. For the purposes of this exercise, you should be looking for the certificate Issued by “Vodafone (Corporate Services 2009)”

Step 4: Click on the button ‘Export’

Step 5: You will be presented with two choices, please select ‘Yes, export the private key’ and then click on ‘Next’

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 4 of 13

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 5 of 13

Step 6: Please enter a password you to protect the private key you have.

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 6 of 13

Step 7: When you click on ‘Finish’, the file will be saved in the .pfx format. This certificate format will have the private key with it.

11. How do I import a previously exported email certificate?

If your exported Vodafone Corporate email encryption certificate requires to be imported as a result of loss, etc. then you will need to import your exported certificate as follows.

Step 1: Double click the .pfx file

Step 2: Click Next -->Next

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 7 of 13

Step 3: Provide your Password

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 8 of 13

Step 4: Click Finish.

This should enable you to continue to be able to read emails previously encrypted with this email certificate.

Disclaimer: If you no longer have your certificate due to machine rebuild or software upgrade you will not be able to export your certificates. The Vodafone CA is unable to reissue lost certificates.

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 9 of 13

12. How do I request a new public email encryption certificate?

Note: Email encryption certificates must only be requested by Vodafone staff. By requesting an email encryption certificate you are confirming that you have an acknowledged business requirement to send C3 (Confidential) or C4 (Secret) classified emails to external email recipients.

Step 1: Visit the DigiCert guest URL and select “Order NOW”

https://www.digicert.com/secure/requests/products?guest_key=9171c9cz07c2m4gh

Step 2: Under “Certificate Settings” please fill the below details:

Organization*: Select “Vodafone Group Services Limited” from drop-down menu.

Organization Unit: Provide your Organization Unit details.

Signature Hash*: Must be “SHA256”

Validity Period*: Must be “1 Year”

Step 3: Under “Certificate(s) to Request” please fill the below details.

Recipient Name*: Enter the name associated with this email certificate, i.e. your first and second names.

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 10 of 13

Recipient Email*: Enter requestor email ID, i.e. your Vodafone email address. (An auto generated email will be sent to this mail ID containing the Certificate generation link.)

Recipient CSR: Please leave it blank.

Step 4: Under “Additional Information” put the below details:

Requestor Email ID: Input your Vodafone email address.

Approver Email ID: Input your Vodafone Manager email address.

Are you renewing your SHA1 certificate? Input your Vodafone (Corporate Services 2009) email certificate name, i.e. your first and last names.

Have your read / followed the Mandatory Guidelines before submitting the request (Y/N) :N/A

Is an SSL certificate required based on the data presented/input? : N/A

Is the degradation of the service likely to have a negative impact on brand? N/A

Is the service customer facing? N/A

Is the service revenue generating, e.g. does it take top-up payments? N/A

Team DL / Common Mailbox: Input your Team Distribution List or Line Manager email address.

Text Box: Input “VODAFONE CORPORATE SERVICES 2009 EMAIL-ENCRYPTION-RENEWAL”

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 11 of 13

Step 5: Read and select “I agree Terms of Service above”

Step 6: Click Submit request.

After successful submission you must get the order reference ID in the browser:

Step 7: Click on the certificate generation link received from DigiCert and allow web access confirmation.

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 12 of 13

Step 8: Click Generate Certificate option.

Vodafone Corporate CA - Email Certificates: Frequently Asked Questions For further questions, please contact ca@vodafone.com (Published 20th March 2017 v0.9)

C2 : Vodafone Confidential Page 13 of 13

Step 9: It will start generating your certificate and install it automatically.