You are here

HueStones is a root certification authority (CA) for some SSL and S/MIME certificates issued for software, web-services and email.

Root CA certificates help your browser or email client verify that signed software, internet content and email has not been tampered with and is genuine. However before your browser or email client can automatically verify content signed by HueStones for you, it must be made aware of the HueStones CA root certificate. This page explains how to download and install the HueStones CA root certificate on your browser or email client.

You may have to install the HueStones CA root certificate multiple times based on your platform, browser and email client. Please follow the installation instructions below to install this certificate. If you have questions or concerns regarding installing this certificate please read the FAQ.

  1. Installation instructions for Windows
    This will install the certificate on IE, Windows Mail, Outlook, Outlook Express and Google chrome on Windows.
  2. Installation instructions for FireFox
    This will install the certificate on Firefox on Windows or Linux.
  3. Installation instructions for Thunderbird
    This will install the certificate on Thunderbird on Windows or Linux.


Installation instructions for Windows

  1. Download and save the HueStones CA root certificate in your Documents folder.
  2. Double click the downloaded HueStonesCA.crt file. You should see a certificate installation window similar to the one show below.
  3. Press the Install Certificate button.

  4. A certificate import wizard will open. Click Next on the wizard screen.
  5. Select Place all certificates in the following store and then click Browse.

  6. Select Trusted Root Certification Authorities and then click OK.

  7. Press Next and then click Finish on the last page of the wizard.

  8. You will receive a security warning asking you to verify the thumbprint of the certificate. Confirm that the thumbprint is E852B787 A627AF70 1D891CAC F04A324A 37C82613. If the displayed thumbprint matches the above string, press Yes.
  9. Windows will show you a Import Successful message. Press OK and close the certificate installation window.

Go back to top


Installation instructions for FireFox

  1. Download and save the HueStones CA root certificate in your home folder.
  2. Go to the Firefox Tools menu and select Options and go to the Advanced->Encryption tab.

  3. Click View Certificates, this will open the Certificate Manager. Go to the Authorities tab.

  4. Click Import and browse to the HueStonesCA.crt file you downloaded and saved earlier.
  5. A Downloading Certificate window will open. Tick all three Trust boxes and then press OK to install the certificate.

  6. Press OK and close all open windows.

Go back to top


Installation instructions for Thunderbird

  1. Download and save the HueStones CA root certificate in your home folder.
  2. Go to the Thunderbird Tools menu and select Options and go to the Advanced->Certificates tab.

  3. Click View Certificates, this will open the Certificate Manager. Go to the Authorities tab.

  4. Click Import and browse to the HueStonesCA.crt file you downloaded and saved earlier.
  5. A Downloading Certificate window will open. Tick all three Trust boxes and then press OK to install the certificate.

  6. Press OK and close all open windows.

Go back to top


Frequently asked questions (FAQ)

I have received a email message and my email program alerts me with a red cross that the digital signature is invalid. I'm concerned about what this means?
Firstly, please confirm that the signature attached to the email is from a person you know and that the signature certificate was issued by HueStones CA. If the above two checks are ok, then it means that the sender has signed their email as an added security measure for both of you. Your email client probably needs the HueStones CA root certificate to be installed to verify that signature. Please install this certificate and the error should go away. If the error remains, read the next FAQ.

I have installed this certificate. However I still have an email message which my email program alerts has an invalid digital signature.
There could be several reasons why the signature on the email is invalid. Usually your email program will give you a detailed reason for why it concludes the signature is invalid. One reason would be that the sender has signed the email using an expired certificate. Usually you should contact the sender of the email message providing details of the error you see.

Does installing this certificate mean I irrevocably trust HueStones?
No. Installing this certificate simply allows your browser (or email client) to automatically confirm that signed software (or email) from HueStones has not been tampered with and is genuine. Your browser or email client will usually display a message confirming this. It is up to you to choose to install the software or read the email given the additional knowledge that it is genuine and vetted by HueStones. If at this time you choose not to trust HueStones, you can cancel the installation or delete the email.

Will HueStones be able to automatically install software on my machine if I install this certificate?
No. Installing this certificate does not give HueStones any additional access to your machine. At the time of installation of software your browser or email client will usually display an additional confirmation message if the software is signed by HueStones. It is up to you to choose to install the software given the additional knowledge that it is genuine and from HueStones. So this certificate actually improves security.

I do not trust HueStones, should I still install this certificate?
Yes. Because installing this certificate will allow you to spot what signed software or email comes from HueStones and allow you to reject it if you so wish.

Why is your certificate not signed by VeriSign or Thawte?
VeriSign and Thawte are root certification authorities (CAs) themselves. Root certificates are at the top of the certificate chain and do not need to be signed further. The only difference is that VeriSign and Thawtes root certificates come pre-installed with your browser due to their popularity, so you do not need to install their certificates manually.

Is all HueStones software signed?
Not yet. Besides not all types of software can be signed. However we are steadily moving towards signing most of our software using this certificate as the root.

What is the thumbprint of your certificate?
The SHA1 thumbprint of our root certificate is E852B787 A627AF70 1D891CAC F04A324A 37C82613.

Do you issue SSL certificates for webservices for third-parties?
No. We do not yet issue SSL certificates to third-parties.

Do you issue PKCS#12 certificates for personal email for third-parties?
Yes, we could issue you a PKCS#12 certificate that will enable you to sign and encrypt your personal email communication for a period not exceeding 6 months. However you will first need to prove to us that your internet identity (name and email) matches your real world identity. If you are interested, please contact us. There will be a nominal one-time charge for this service.