Specifications
206 Chapter 12 Managing Mail Service
Importing an SSL Certificate into the Keychain
To import an SSL certificate into a keychain, use the certtool tool. This continues the
process of configuring Mail service for automatic SSL connections.
To import an SSL certificate into the keychain:
1 Log in to the server as root.
2 Open the Terminal application.
3 Go to the folder where the saved certificate file is located.
For example, if the certificate file is saved on the desktop of the root user, enter cd /
private/var/root/Desktop
and press Return.
4 Enter the following command, and then press Return:
$ certtool i sslcert.txt k=certkc
Using certtool this way imports a certificate from the file named sslcert.txt into the
keychain named certkc.
A message on screen confirms that the certificate was successfully imported.
...certificate successfully imported.
5 Log out from the server.
Accessing Server Certificates
Server Admin keeps a centralized store of your server’s certificates for ease of use and
management. You can use certadmin to access this information from the command
line. certadmin manipulates the list of certificates stored in the System keychain.
To view the certificates in the System keychain:
$ sudo certadmin list
By default, certadmin prints the Common Name field of each certificate separated by
newlines. Adding the option -x or --xml prints the certificate list to screen as an XML
property list (plist).
To export a certificate to OpenSSL:
$ sudo certadmin export
For more information, see the certadmin man page.
Creating a Password File
To create a password file, use TextEdit, and then change the privileges of the file using
the Terminal application. This file contains the password you specified when you
created the keychain. Mail service uses the password file to unlock the keychain that
contains the SSL certificate. Mail service is now configured for automatic SSL
connections.