|Main Archive Page > Month Archives > postfix-users archives|
On 11/8/10 8:45 PM, Victor Duchovni at Victor.Duchovni@morganstanley.com
> On Mon, Nov 08, 2010 at 07:32:25PM -0600, Vernon A. Fort wrote:
>> On Tue, 2010-11-09 at 11:53 +1100, Voytek Eymont wrote:
>>> On Tue, November 9, 2010 11:35 am, Larry Stone wrote:
>>>> There are plenty of instructions out there; try searching for "iphone
>>>> install certificate". But in short, e-mail the certificate to your iphone
>>>> and then double-"click" it just like opening any other attachment. The
>>>> iPhone will then open an "install certificate" dialog.
>>> do I simply send the '/etc/postfix/tls/smtpd.crt' file 'as is',
>>> is that the one ?
>> or create a pkcs12
> NO, NO, NO!
> A pkcs12 file carries both the private key and the certificate, in
> this case the phone needs only a public certificate to add to its trust
> chain. It MUST NOT have access to the server's private key.
> Please don't answer questions in areas where your expertise is very
Victor correctly points out that you should not answer where your expertise
is very limited (which applies to me regarding certificates) but since I was
following the instructions of (I hope) experts when I did it, those
instructions had me send the public root (self-signed certificate authority)
certificate to the phone (and other clients that would be accessing the
server). I suspect there is more than one way to do it. But I'd wait until
someone else says that's a valid way as well and that I haven't created a
-- Larry Stone firstname.lastname@example.org http://www.stonejongleux.com/