-
-
Save richieforeman/3166387 to your computer and use it in GitHub Desktop.
# Run this for each email account. The system must install the CA cert and the resulting p12 file in order to be happy. | |
# Borrowed from http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption | |
openssl genrsa -des3 -out smime.key 4096 | |
openssl req -new -key smime.key -out smime.csr | |
openssl x509 -req -days 365 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout | |
openssl pkcs12 -export -in smime.crt -inkey smime.key -out smime.p12 |
Similar issues as nils-tekampe, the certs (even with the 3 extensions above) are not recognized by IOS. Android and IOS can decrypt the messages, but cannot encrypt. IOS doesn't see the cert and Android will only sign the message, not encrypt. Any thoughts? If I come up with a solution, I'll post here.
A year later but what I did:
Used modified instructions from https://www.dalesandro.net/create-self-signed-smime-certificates/
It appears that the critical step for ios/iphone/ipad is a proper config file.
Did this on my raspberry pi using root:
Add a file called smime.cnf to root/etc/ssl with the contents:
``[req]
distinguished_name = req_distinguished_name
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
[smime]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
subjectAltName = email:copy
extendedKeyUsage = emailProtection
I then followed everything exactly from https://www.dalesandro.net/create-self-signed-smime-certificates/
I copied the output files to my google drive then downloaded and installed the profiles to my iphone and it worked.
As usual once you figure out how to do it it takes about 5 minutes!!!
Thanks so much @sm5050 !!
https://www.dalesandro.net/create-self-signed-smime-certificates/
That was the perfect guide and now I can do a self signed S/MIME cert on my Mail.app on macOS 10.14.3.
Thanks so much @sm5050 !!
https://www.dalesandro.net/create-self-signed-smime-certificates/
That was the perfect guide and now I can do a self signed S/MIME cert on my Mail.app on macOS 10.14.3.
I have step by step follow the post above, and could not encrypt mail with smime.
Generate certificates successful but there is no lock display in the mail receiver.
Could you please describe the steps you've done?
Thanks so much @sm5050 !!
https://www.dalesandro.net/create-self-signed-smime-certificates/
That was the perfect guide and now I can do a self signed S/MIME cert on my Mail.app on macOS 10.14.3.
I’m not able to get Mail on macOS(10.14.4) or Mail on iOS(12.2) to cooperate with me.
I’ve create ca and test user(test@gmail.com for example), install test user’s p12 on my iphone, and Login test user on iOS Mail.
Turn on the settings for sign and encrypt in account/mail/advanced.
Finally, go to mail and send mail to my self. Nothing happend (no lock as describe in many other tutorials), login to webpage and the mail is plain.
I'm using OpenSSL Win32, v.1.01.e and can't get this to work. Here are the steps I'm using if someone would please help out. I need to be able to sign/encrypt mail between Outlook 360 & 2016 and Android. Also, if you could please provide the .CNF file contents as well that would be awesome.
openssl genrsa -aes256 -out ca.key 4096
openssl req -new -x509 -set_serial 1152 -days 100000 -config email.cnf -key ca.key -out ca.crt
openssl genrsa -aes256 -out email.key 4096
openssl req -new -key email.key -out email.csr -config email.cnf
openssl x509 -req -sha256 -days 100000 -in email.csr -CA ca.crt -CAkey ca.key -set_serial 1153 -out email.crt -setalias MyEmailKey -clrtrust -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
openssl pkcs12 -export -aes256 -in email.crt -inkey email.key -out email.p12 -name MyEmailKey -passout 79112779
Thanks!