[Mac_crypto] ssl... where does the keychain/cert go for mail?

R. A. Hettinga mac_crypto@vmeng.com
Wed, 24 Mar 2004 10:24:48 -0500

--- begin forwarded text

User-Agent: Microsoft-Entourage/
Date: Wed, 24 Mar 2004 09:59:54 -0500
Subject: ssl... where does the keychain/cert go for mail?
From: Gary Robinson <grobinson@transpose.com>
To: <macos-x-server@lists.apple.com>
Sender: macos-x-server-admin@lists.apple.com
List-Id: for administrators of Mac OS X Server and related technologies.
List-Post: <mailto:macos-x-server@lists.apple.com>
List-Help: <mailto:macos-x-server-request@lists.apple.com?subject=help>
List-Subscribe: <http://www.lists.apple.com/mailman/listinfo/macos-x-server>,


I've been unable to get Apple's instructions for SSL with mail in OS X
Server 10.3 working. I found alternative instructions at
http://www.afp548.com/Articles/Panther/sslinfo.html, but they put the cert
in folders known only to postfix and cyrus, whereas the Apple instructions
put them in a keychain.

The Apple instructions look like they'd be more robust in case future
versions of OS X Server change the mail software again. So, despite the fact
that I got afp548's instructions to work for me, I would like to make one
last stab at doing it "The Apple Way" before I simply give up.

The problem seems to be that the Apple instructions at
http://developer.apple.com/server/security_ssl.html, for OS X 10.3 Server,
are wrong. For example the instruction given there for creating a keychain
with certtool simply doesn't work, period. certtool can certainly be used
for that purpose, but not as stated in that document.

I have also located the instructions for setting up SSL for email for 10.2
Server (http://docs.info.apple.com/article.html?artnum=75335). And the book
Mac OS X Security also covers it. I am trying to put these different
writings together into something that makes sense.

If anyone on this list knows how to do this and is willing to help, I'll ask
questions here, one at a time, until I get it working.

First question:

Apple's security_ssl.html  document, which is about installing SSL in 10.3
Server says that the keychain for the cert goes into
/Users/root/Library/Keychains. However, my system, which is a fresh install
of 10.3 Server, has no /Users/root directory.

Whereas, the Mac OS X Server book says it goes in
var/root/Library/Keychains. And so does the Apple doc for 10.2 (artnum
75335). And my system does indeed have a /var/root/ directory.

So, in 10.3, where does it really and truly go? Is this another error in


Putting http://wecanstopspam.org in your email helps it pass through
overzealous spam filters.

Gary Robinson
Transpose, LLC
Company: http://www.transpose.com
Blog:    http://www.garyrobinson.net
macos-x-server mailing list | macos-x-server@lists.apple.com
Do not post admin requests to the list. They will be ignored.

--- end forwarded text

R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'