Created
July 23, 2012 21:38
-
Star
(111)
You must be signed in to star a gist -
Fork
(25)
You must be signed in to fork a gist
-
-
Save richieforeman/3166387 to your computer and use it in GitHub Desktop.
Issue Your Own Self-Signed S/MIME Certs with OpenSSL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run this for each email account. The system must install the CA cert and the resulting p12 file in order to be happy. | |
| # Borrowed from http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption | |
| openssl genrsa -des3 -out smime.key 4096 | |
| openssl req -new -key smime.key -out smime.csr | |
| openssl x509 -req -days 365 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout | |
| openssl pkcs12 -export -in smime.crt -inkey smime.key -out smime.p12 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you want to create your own self-signed S/MIME certificate with OpenSSL, the process is simple:
First, create a CA (Certificate Authority) key and certificate.
Then generate a private key and CSR for your email.
Sign that CSR using your CA to get the S/MIME certificate.
Finally, export everything into a .p12 file so it can be installed in mail clients.
Just make sure to install both the CA certificate and the .p12 file, otherwise email apps may not trust it.
For more quick tech solutions and guides like this, you can also check out https://beanswers.com/
— it’s useful for beginners and enthusiasts alike.