On Mon, Nov 08, 2010 at 07:32:25PM -0600, Vernon A. Fort wrote:
> On Tue, 2010-11-09 at 11:53 +1100, Voytek Eymont wrote:
> > On Tue, November 9, 2010 11:35 am, Larry Stone wrote:
> >
> > > There are plenty of instructions out there; try searching for "iphone
> > > install certificate". But in short, e-mail the certificate to your iphone
> > > and then double-"click" it just like opening any other attachment. The
> > > iPhone will then open an "install certificate" dialog.
> >
> > do I simply send the '/etc/postfix/tls/smtpd.crt' file 'as is',
> > is that the one ?
>
> or create a pkcs12
> "openssl pkcs12 -export -in cert.pem -inkey key.pem -name "Site Name"
> -certfile demoCA/cacert.pem -out mycert.p12" and email that file.
NO, NO, NO!
A pkcs12 file carries both the private key and the certificate, in
this case the phone needs only a public certificate to add to its trust
chain. It MUST NOT have access to the server's private key.
Please don't answer questions in areas where your expertise is very
limited...
--
Viktor.
