Filter
Top Products
122 Chapter 11 Working With Mail Service
Creating a Passphrase File
To create a passphrase file, you will use TextEdit, then change the privileges of the file
using the Terminal application. This file contains the passphrase you specified when
you created the keychain. Mail service will automatically use the passphrase file to
unlock the keychain that contains the SSL certificate. This concludes configuring Mail
service for automatic SSL connections.
1 Log in to the server as root (if you’re not already logged in as root).
2 In TextEdit, create a new file and type the passphrase exactly as you entered it when
you created the keychain.
Don’t press Return after typing the passphrase.
3 Make the file plain text by choosing Make Plain Text from the Format menu.
4 Save the file, naming it cerkc.pass.
5 Move the file to the root keychain folder.
The path is /private/var/root/Library/Keychains/.
To see the root keychain folder in the Finder, choose Go to Folder from the Go menu,
then type /private/var/root/Library/Keychains/ and click Go.
6 In the Terminal application, change the access privileges to the passphrase file so only
root can read and write to this file.
Do this by typing the following two commands, pressing Return after each one:
cd /private/var/root/Library/Keychains/
chmod 600 certkc.pass
Mail service of Mac OS X Server can now use SSL for secure IMAP connections.
7 Log out as root.
Note: If Mail service is running, you need to stop it and start it again to make it
recognize the new certificate keychain.
Setting Up SSL for Mail Service on a Headless Server
If you want to set up SSL for Mail service on a server that doesn’t have a display, first
follow the instructions in the sections:
• “Generating a CSR and Creating a Keychain” on page 119
• “Obtaining an SSL Certificate” on page 121
• “Importing an SSL Certificate Into the Keychain” on page 121
• “Creating a Passphrase File” on this page
Then copy the keychain file “certkc” and the keychain passphrase file “certkc.pass” to
the root keychain folder on the headless server. The path on the headless server is
/private/var/root/Library/Keychains/.
LL2354.book Page 122 Monday, October 20, 2003 9:47 AM