Filter
Top Products
Chapter 12 Working with the Mail Service 201
To list the certificates stored in the System keychain:
$ certadmin list
By default, certadmin will print the “Common Name” field of each certificate separated
by newlines. Adding the option -x or --xml will print the certificate list to screen as an
xml property list (plist).
To export the given certificate to OpenSSL:
$ certadmin export
See the certadmin man page for more information.
Creating a Password File
To create a password file, use TextEdit, and then change the privileges of the file using
the Terminal application. This file contains the password you specified when you
created the keychain. Mail service will automatically use the password file to unlock the
keychain that contains the SSL certificate. The mail service is now configured for
automatic SSL connections.
To create a password file:
1 Log in to the server as root.
2 In TextEdit, create a new file and enter the password exactly as you entered it when you
created the keychain.
Don’t press Return after typing the password.
3 Make the file plain text by choosing Make Plain Text from the Format menu.
4 Save the file, naming it cerkc.pass.
5 Move the file to the root keychain folder. The path is /private/var/root/Library/
Keychains/.
To see the root keychain folder in the Finder, choose Go to Folder from the Go menu,
then enter /private/var/root/Library/Keychains/, and then click Go.
6 In the Terminal application, change the access privileges to the password file so only
root can read and write to this file.
Do this by typing the following two commands, pressing Return after each one:
cd /private/var/root/Library/Keychains/
chmod 600 certkc.pass
Mac OS X Server mail service can now use SSL for secure IMAP connections.
7 Log out as root.
Note: If the mail service is running, you need to stop it and start it again to make it
recognize the new certificate keychain.