How to make cerificate for client installation?

Cristian Mitrana cristian.mitrana at
Mon Oct 10 05:53:42 EDT 2005

* lkolchin at <lkolchin at> [10-10-05 10:46]:
> Hello All,
> I'm using SMTP-AUTH with TLS wrapper with Self Signed Certificate on my system.
> I want users to be able to install certificate on their computer (on OE or another mail-client) and not press "Yes" on the nag screen on every login.
> How can I do it so client certificate only contain the public portion of the certificate (so it is secure to publish this certificate on the net)?
  This depends on the client used and it's highly specific. And has
nothing to do with cyrus.

> Background Info:
> This is how I've created certificates:
> # openssl req -new -x509 -sha1 -extensions v3_ca -nodes -days 999 -out cert.pem
> # ls
> .  ..  cert.pem  privkey.pem
> # cat privkey.pem cert.pem > /etc/ssl/certs/cert.pem
> # mv -f privkey.pem /etc/ssl/certs/skey.pem
> # chown cyrus:mail /etc/ssl/certs/cert.pem
> # chmod 600 /etc/ssl/certs/cert.pem

 It is enough to provide the client with the certificate and import it
into it's trust database (as I said, depends on the application).
Depending on the application you might want to convert it to DER 
(with openssl x509 -in ... -out cert.der -outform der ).
 The private part is the privkey.pem and that you should keep safe.

 For windows (OE) you have to use the mmc program, TB has a special
 settings tab which lets you import in PEM format, I don't know about
 other clients on windows.


More information about the Info-cyrus mailing list