S/MIME certificates & client users

Discussion in 'Mac OS X Server, Xserve, and Networking' started by cavi, Nov 4, 2016.

  1. cavi macrumors regular

    cavi

    Joined:
    Sep 19, 2010
    Location:
    Haifa, Israel
    #1
    Hello everyone,

    I run several services on my server which one of them is Mail.
    I want to encrypt and secure several emails which I send. From a small research that I perform I understood that I need a S/MIME certificate in order to encrypt my emails. I also learned that there are some free choices out there which I can use.
    as far as I understand I can create a S/MIME certificate in my server app which will allow me to secure my emails. I try to create one certificate, but after I created it I didn't knew what to do. the certificate didn't appear in the Certificates area in the server app but in the Keychain under Certificates tab.
    Can you please explain to me how, after I created a S/MIME certificate, I use it in the Clients email? moreover, Do I need to create a certificate for every user?

    Thanks in advance! :)
     
  2. cavi thread starter macrumors regular

    cavi

    Joined:
    Sep 19, 2010
    Location:
    Haifa, Israel
    #2
    Ok, I managed to create a certificate (I created a certificate authority in my server). the thing is that the other side receive with the email a message which says "this certificate was signed by an unknown authority". before I go to COMODO, any ideas?
     
  3. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #3
    That is because you made a certificate from Your Server. If you buy a certificate from a certified Retailer that it will be a signed Cert that is "Verified" online!
     
  4. cavi thread starter macrumors regular

    cavi

    Joined:
    Sep 19, 2010
    Location:
    Haifa, Israel
    #4
    OK, that make sense... =]
    I'll buy one from comodo. THANKS!
     
  5. techwarrior macrumors 6502

    techwarrior

    Joined:
    Jul 30, 2009
    Location:
    Colorado
    #5
    The CA that you created will only be "trusted" by those who install your CA in their Trusted Certificates store. However, if your CA is signed by a public authority, then it will be trusted by association with the public CA (Comodo, etc.).

    If all of the clients are internal users who need to trust your self signed CA, just distribute the CA to all of your users and save some $. But, if some users are external, simpler to get a public signed CA.
     
  6. cavi thread starter macrumors regular

    cavi

    Joined:
    Sep 19, 2010
    Location:
    Haifa, Israel
    #6
    Yes, that is exactly what I did. I created a free certificate in Comodo and installed it on my client machine...
    THANKS! =]
     
  7. kiwipeso1 Suspended

    kiwipeso1

    Joined:
    Sep 17, 2001
    Location:
    Wellington, New Zealand
    #7
    First, get GPGTools. Then set up GPG on Mail for each account. (Can use Enigmail plugin on Thunderbird also.)
    Then find your friends public keys on pgp.mit.edu and import them. Now you have secure email.

    S/MIME is barely supported in the wider community, and as a cryptographer I wouldn't recommend S/MIME other than as a pathetic standard that only the government could love.

    If you want SSL certificates to sign your domain name(s), then use let's encrypt for a free (90 day renewal term) certificate for https.
     

Share This Page