Comments on How To Encrypt Mails With SSL Certificates (S/MIME)
How To Encrypt Mails With SSL Certificates (S/MIME) This article is about how to use the S/MIME encryption function of common e-mail clients to sign and/or encrypt your mails safely. S/MIME uses SSL certificates which you can either create yourself or let a trusted certificate authority (CA) create one for you.
7 Comment(s)
Comments
Many, many thanks. This article help me too much.
Hi there,
Here are a couple notes regarding my experience with self-created Class1 certs for e-mail.
1: When you go to create the client cert, it is good practice to add the correct x509 extensions. Create a file called client.conf and add the following:
[user@host]$ cat client.cnf [ ssl_client ] basicConstraints = CA:FALSE nsCertType = client keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = clientAuth
Now we can sign the certificate:
openssl x509 -req -days 36500 -in your_client_cert.csr -signkey your_CA_private.key -out your_client.crt -extfile client.cnf -extensions ssl_client
Now that you have a client cert and key pair, you want to import it into a P12. It may be necessary to include the CA into the P12 so that recipients can add it to their CA truststore:
openssl pkcs12 -export -in your_client.crt -inkey your_client_private.key -out your_client.pfx -name "Your Name" -CAfile your_ca.crt -caname "Your CA Name" -chain
One very important note: "Your Name" and "Your CA Name" are the aliases used in the PKCS12 store. These aliases MUST be greater than one character long, else Sun/Oracle will fail to find the certificates in the store (refer to the code for sun.security.util.ObjectIdentifier). Using aliases/names like "1" or "2" will cause you random and insanely hard to resolve issues down the line.
Thanks a lot for that article! I tried to give smime a try but I was not successful so far. Your article saved me a lot of time and worked perfectly on my first try!
The
Second method generates p12 keys that has "00" as serial. I think that this is a problem
thanks
I use this but my .p12 certificate doesn't recognize by Iphones . Please help in creating my own smime . Thank you
Noice Article
how to enable with roundcube webmail client and ispconfig multi sites/email domains?