On 11/8/10 8:45 PM, Victor Duchovni at victor.ducho...@morganstanley.com wrote:
> On Mon, Nov 08, 2010 at 07:32:25PM -0600, Vernon A. Fort wrote: > >> On Tue, 2010-11-09 at 11:53 +1100, Voytek Eymont wrote: >>> On Tue, November 9, 2010 11:35 am, Larry Stone wrote: >>> >>>> There are plenty of instructions out there; try searching for "iphone >>>> install certificate". But in short, e-mail the certificate to your iphone >>>> and then double-"click" it just like opening any other attachment. The >>>> iPhone will then open an "install certificate" dialog. >>> >>> do I simply send the '/etc/postfix/tls/smtpd.crt' file 'as is', >>> is that the one ? >> >> or create a pkcs12 > NO, NO, NO! > > A pkcs12 file carries both the private key and the certificate, in > this case the phone needs only a public certificate to add to its trust > chain. It MUST NOT have access to the server's private key. > > Please don't answer questions in areas where your expertise is very > limited... Victor correctly points out that you should not answer where your expertise is very limited (which applies to me regarding certificates) but since I was following the instructions of (I hope) experts when I did it, those instructions had me send the public root (self-signed certificate authority) certificate to the phone (and other clients that would be accessing the server). I suspect there is more than one way to do it. But I'd wait until someone else says that's a valid way as well and that I haven't created a security mess. -- Larry Stone lston...@stonejongleux.com http://www.stonejongleux.com/
