To list the certificates stored in the System keychain:

$ certadmin list

By default, certadmin will print the “Common Name” field of each certificate separated by newlines. Adding the option -x or --xml will print the certificate list to screen as an xml property list (plist).

To export the given certificate to OpenSSL:

$ certadmin export

See the certadmin man page for more information.

Creating a Password File

To create a password file, use TextEdit, and then change the privileges of the file using the Terminal application. This file contains the password you specified when you created the keychain. Mail service will automatically use the password file to unlock the keychain that contains the SSL certificate. The mail service is now configured for automatic SSL connections.

To create a password file:

1Log in to the server as root.

2In TextEdit, create a new file and enter the password exactly as you entered it when you created the keychain.

Don’t press Return after typing the password.

3Make the file plain text by choosing Make Plain Text from the Format menu.

4Save the file, naming it cerkc.pass.

5Move the file to the root keychain folder. The path is /private/var/root/Library/ Keychains/.

To see the root keychain folder in the Finder, choose Go to Folder from the Go menu, then enter /private/var/root/Library/Keychains/, and then click Go.

6In the Terminal application, change the access privileges to the password file so only root can read and write to this file.

Do this by typing the following two commands, pressing Return after each one:

cd /private/var/root/Library/Keychains/

chmod 600 certkc.pass

Mac OS X Server mail service can now use SSL for secure IMAP connections.

7Log out as root.

Note: If the mail service is running, you need to stop it and start it again to make it recognize the new certificate keychain.

Chapter 12 Working with the Mail Service

201

Page 201
Image 201
Apple Mac OS X Server manual Creating a Password File, To list the certificates stored in the System keychain