Skip to content

Instantly share code, notes, and snippets.

@richieforeman

richieforeman/makeauthority.sh

Created July 23, 2012 21:38
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save richieforeman/3166387 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save richieforeman/3166387 to your computer and use it in GitHub Desktop.
Download ZIP
Issue Your Own Self-Signed S/MIME Certs with OpenSSL
Raw
makeauthority.sh
# Run this once
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Raw
makecert.sh
# Run this for each email account. The system must install the CA cert and the resulting p12 file in order to be happy.
# Borrowed from http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption
openssl genrsa -des3 -out smime.key 4096
openssl req -new -key smime.key -out smime.csr
openssl x509 -req -days 365 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
openssl pkcs12 -export -in smime.crt -inkey smime.key -out smime.p12
Copy link
Copy Markdown

ghost commented Feb 23, 2019

Thanks so much @sm5050 !!

https://www.dalesandro.net/create-self-signed-smime-certificates/

That was the perfect guide and now I can do a self signed S/MIME cert on my Mail.app on macOS 10.14.3.

@chinsyo
Copy link
Copy Markdown

chinsyo commented May 9, 2019

Thanks so much @sm5050 !!

https://www.dalesandro.net/create-self-signed-smime-certificates/

That was the perfect guide and now I can do a self signed S/MIME cert on my Mail.app on macOS 10.14.3.

I have step by step follow the post above, and could not encrypt mail with smime.
Generate certificates successful but there is no lock display in the mail receiver.
Could you please describe the steps you've done?

@chinsyo
Copy link
Copy Markdown

chinsyo commented May 9, 2019

Thanks so much @sm5050 !!

https://www.dalesandro.net/create-self-signed-smime-certificates/

That was the perfect guide and now I can do a self signed S/MIME cert on my Mail.app on macOS 10.14.3.

I’m not able to get Mail on macOS(10.14.4) or Mail on iOS(12.2) to cooperate with me.

I’ve create ca and test user(test@gmail.com for example), install test user’s p12 on my iphone, and Login test user on iOS Mail.

Turn on the settings for sign and encrypt in account/mail/advanced.

Finally, go to mail and send mail to my self. Nothing happend (no lock as describe in many other tutorials), login to webpage and the mail is plain.

@alexwilson8960
Copy link
Copy Markdown

alexwilson8960 commented Apr 25, 2026

If you want to create your own self-signed S/MIME certificate with OpenSSL, the process is simple:

First, create a CA (Certificate Authority) key and certificate.
Then generate a private key and CSR for your email.
Sign that CSR using your CA to get the S/MIME certificate.
Finally, export everything into a .p12 file so it can be installed in mail clients.

Just make sure to install both the CA certificate and the .p12 file, otherwise email apps may not trust it.

For more quick tech solutions and guides like this, you can also check out https://beanswers.com/
— it’s useful for beginners and enthusiasts alike.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment