Prev: Open With shows all apps repeated multiple times?
Next: Recording audio in Snow Leopard
From: Tim Bradshaw on 14 Mar 2010 14:35
I want to be able to sign and occasionally encrypt mail I send to &
from my work address - basically so I can be sure nothing sensitive
goes over the open network. I'm using Mac mail at home and Thunderbird
at work (the work system is not a mac). Normally I'd do this with GPG,
and I have GPGMail working fine. But for various reasons it is going
to be a significant pain to set up GPG on the work machine.

So I thought, S/MIME.

The easiest way to do this seems to be to set up a little private CA,
and make certificates for both versions of me. Previously I've done
this with OpenSSL but the Certificate Assistant seems to offer a GUI
way of doing this, and I'm lazy.

So I:
* Made a CA using the certificate assistant;
* Told the mac it was trusted;
* distributed the CA certificate to work, and put it into thunderbird;
* used the CA to create certificates for me at home (on the mac);
* used a suitable "openssl req" incantation to create certificate
request for work;
* signed that certificate with the CA on the mac;
* installed the signed certificate on the work machine.
So now I can send myself signed mail, in both ways, and (after sending
signed mail) both mail clients know about both my certificates (so, in
particular, the problem is not that I don't have the public key of the
person I want to encrypt mail for, I think).

But the little "padlock" box in mail is still greyed out, and
thunderbird thinks that its certificate is only good for signing, not
encryption.

What am I doing wrong?

Thanks

--tim

 | 
Pages: 1
Prev: Open With shows all apps repeated multiple times?
Next: Recording audio in Snow Leopard