Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

S/MIME certificates & client users

cavi

cavi

macrumors regular
Original poster
Sep 19, 2010
151
28
Haifa, Israel
Hello everyone,

I run several services on my server which one of them is Mail.
I want to encrypt and secure several emails which I send. From a small research that I perform I understood that I need a S/MIME certificate in order to encrypt my emails. I also learned that there are some free choices out there which I can use.
as far as I understand I can create a S/MIME certificate in my server app which will allow me to secure my emails. I try to create one certificate, but after I created it I didn't knew what to do. the certificate didn't appear in the Certificates area in the server app but in the Keychain under Certificates tab.
Can you please explain to me how, after I created a S/MIME certificate, I use it in the Clients email? moreover, Do I need to create a certificate for every user?

Thanks in advance! :)
 
Ok, I managed to create a certificate (I created a certificate authority in my server). the thing is that the other side receive with the email a message which says "this certificate was signed by an unknown authority". before I go to COMODO, any ideas?
 
cavi said:
Ok, I managed to create a certificate (I created a certificate authority in my server). the thing is that the other side receive with the email a message which says "this certificate was signed by an unknown authority". before I go to COMODO, any ideas?
Click to expand...

That is because you made a certificate from Your Server. If you buy a certificate from a certified Retailer that it will be a signed Cert that is "Verified" online!
 
  • Like
Reactions: cavi
The CA that you created will only be "trusted" by those who install your CA in their Trusted Certificates store. However, if your CA is signed by a public authority, then it will be trusted by association with the public CA (Comodo, etc.).

If all of the clients are internal users who need to trust your self signed CA, just distribute the CA to all of your users and save some $. But, if some users are external, simpler to get a public signed CA.
 
techwarrior said:
The CA that you created will only be "trusted" by those who install your CA in their Trusted Certificates store. However, if your CA is signed by a public authority, then it will be trusted by association with the public CA (Comodo, etc.).

If all of the clients are internal users who need to trust your self signed CA, just distribute the CA to all of your users and save some $. But, if some users are external, simpler to get a public signed CA.
Click to expand...
Yes, that is exactly what I did. I created a free certificate in Comodo and installed it on my client machine...
THANKS! =]
 
cavi said:
Hello everyone,

I run several services on my server which one of them is Mail.
I want to encrypt and secure several emails which I send. From a small research that I perform I understood that I need a S/MIME certificate in order to encrypt my emails. I also learned that there are some free choices out there which I can use.
as far as I understand I can create a S/MIME certificate in my server app which will allow me to secure my emails. I try to create one certificate, but after I created it I didn't knew what to do. the certificate didn't appear in the Certificates area in the server app but in the Keychain under Certificates tab.
Can you please explain to me how, after I created a S/MIME certificate, I use it in the Clients email? moreover, Do I need to create a certificate for every user?

Thanks in advance! :)
Click to expand...

First, get GPGTools. Then set up GPG on Mail for each account. (Can use Enigmail plugin on Thunderbird also.)
Then find your friends public keys on pgp.mit.edu and import them. Now you have secure email.

S/MIME is barely supported in the wider community, and as a cryptographer I wouldn't recommend S/MIME other than as a pathetic standard that only the government could love.

If you want SSL certificates to sign your domain name(s), then use let's encrypt for a free (90 day renewal term) certificate for https.
 
  • Like
Reactions: cavi
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back