One of the issues faced by people using S/MIME (and in particular those used to using PGP) is one of getting their public key, their certificate to other people. In PGP you simply export your public key to a text file and bung it on a web page. Others come along and download it, and install it into PGP. Simple. So how do we do it with S/MIME, or more correctly, your X.509 certificate.
The first problem is extracting your certificate into a format that can be used by others. You don't want to give away your private key, just the public part.
Incredibly, this is easy in IE :-)
-----BEGIN CERTIFICATE----- OIoinwoeifnowiec98ycojknIUhcwoueUBCEIUbiwevoiwnef -----END CERTIFICATE-----
There will actually be quite a few more lines between the BEGIN and END lines within your file.
That's the file to put on to your web server, see MIME type below.
Things aren't so easy if you use Netscape 4, or one of the Mozilla based browsers (Netscape 6/7, Beonex etc). As things stand with Mozilla v1.1 you cannot export your public certificate. If someone knows how to do this as part of the UI, please let me know.
By far the simplest way is to export/backup your certificate into a PKCS#12 file (.p12) and import it into IE on a windows machine, then follow the actions above. If you don't have access to a Windows machine, read on.
Another method is to use something like OpenSSL (http://www.openssl.org/), which can read PKCS#12 files, and pull them apart, saving your public certificate. OpenSSL compiles easily on numerous UNIX systems, and also Windows (if you have Dev Studio). I believe it's pre-installed on Linux and FreeBSD. Once compiled into the openssl binary, you can use it to extract the public key from your exported/backed up PKCS#12 file.
The following command line parameters should do the trick
openssl pkcs12 -in exportFile.p12 -out MyCert.pem -clcerts -nokeys
This will create the PEM formatted file... but it does contain some extra information before the BEGIN CERTIFICATE line. You can safely remove the lines but do not remove the BEGIN CERTIFICATE line!
It's simple enough to upload the page to your web site of choice and then create a link to it, but not all web sites will correctly set the MIME type for the created file. If you have a nice ISP, they may have already got this set up in their server, and it should recognise a file extension of .PEM or .CER although they probably do not.
If you don't have any control over this aspect of the web server, but you do have access to cgi-bin, you could knock up a script that sets the correct MIME type. Same goes for servlets or JSPs.
If all else fails, then the user can download the file to local disc and import it manually. Mozilla (and derivatives) has a feature to allow the import of PEM files into the Certificate Manager. This feature should be in Mozilla 1.2, and anything based upon it. If you use Netscape 4, unfortunaley you are out of luck, but you should consider upgrading to Netscape 7 now - it really is nice.
Obviously browser technology changes, and certainly Mozilla is developing all the time, expect new features to all nicer manipulation of certificates. I for one will keep asking the developers about it.