How to make cerificate for client installation?

lkolchin at lkolchin at
Mon Oct 10 03:46:18 EDT 2005

Hello All,
I'm using SMTP-AUTH with TLS wrapper with Self Signed Certificate on my system.
I want users to be able to install certificate on their computer (on OE or another mail-client) and not press "Yes" on the nag screen on every login.
How can I do it so client certificate only contain the public portion of the certificate (so it is secure to publish this certificate on the net)?
Background Info:
This is how I've created certificates:
# openssl req -new -x509 -sha1 -extensions v3_ca -nodes -days 999 -out cert.pem
# ls
.  ..  cert.pem  privkey.pem
# cat privkey.pem cert.pem > /etc/ssl/certs/cert.pem
# mv -f privkey.pem /etc/ssl/certs/skey.pem
# chown cyrus:mail /etc/ssl/certs/cert.pem
# chmod 600 /etc/ssl/certs/cert.pem
In my imapd.conf I've added:
tls_cert_file: /etc/ssl/certs/cert.pem
tls_key_file: /etc/ssl/certs/cert.pem
tls_ca_file: /etc/ssl/certs/cert.pem
tls_ca_path: /etc/ssl/certs
Best Regards,
Leon Kolchinsky
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list