| Main Archive Page > Month Archives > postfix-users archives |
Re: ot: iphone setup for smtp-auth self certified
From: Larry Stone <lstone19_at_nospam>Date: Tue Nov 09 2010 - 12:39:15 GMT
To: <postfix-users@postfix.org>
On 11/8/10 8:45 PM, Victor Duchovni at Victor.Duchovni@morganstanley.com
wrote:
> On Mon, Nov 08, 2010 at 07:32:25PM -0600, Vernon A. Fort wrote:
>
>> On Tue, 2010-11-09 at 11:53 +1100, Voytek Eymont wrote:
>>> On Tue, November 9, 2010 11:35 am, Larry Stone wrote:
>>>
>>>> There are plenty of instructions out there; try searching for "iphone
>>>> install certificate". But in short, e-mail the certificate to your iphone
>>>> and then double-"click" it just like opening any other attachment. The
>>>> iPhone will then open an "install certificate" dialog.
>>>
>>> do I simply send the '/etc/postfix/tls/smtpd.crt' file 'as is',
>>> is that the one ?
>>
>> or create a pkcs12
> NO, NO, NO!
>
> A pkcs12 file carries both the private key and the certificate, in
> this case the phone needs only a public certificate to add to its trust
> chain. It MUST NOT have access to the server's private key.
>
> Please don't answer questions in areas where your expertise is very
> limited...
Victor correctly points out that you should not answer where your expertise
is very limited (which applies to me regarding certificates) but since I was
following the instructions of (I hope) experts when I did it, those
instructions had me send the public root (self-signed certificate authority)
certificate to the phone (and other clients that would be accessing the
server). I suspect there is more than one way to do it. But I'd wait until
someone else says that's a valid way as well and that I haven't created a
security mess.
-- Larry Stone lstone19@stonejongleux.com http://www.stonejongleux.com/