codingoutloud
5/29/2016 - 6:25 PM
Generate an AES256 certificate for encrypting email, such as with the Outlook client for Mac.
Generate an AES256 certificate for encrypting email, such as with the Outlook client for Mac.
password="SomeTopSecretPassword"
email="bill.wilder@example.com"
# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/CN=DevPartners/emailAddress=$email"
# generate .pem (full public/private certificate)
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem -subj "/emailAddress=$email"
# generate .pfx (full public/private certificate) from .pem
openssl pkcs12 -export -out mycert.pfx -inkey mycert.pem -in mycert.pem -passout pass:$password
# generate .cer (public key) from .pem
openssl x509 -inform pem -in mycert.pem -outform der -out mycert.cer
# informational probes
openssl pkcs12 -in mycert.pfx -nodes -passin pass:$pass | openssl x509 -noout -fingerprint
openssl x509 -in mycert.pem -noout -fingerprint
openssl x509 -in mycert.pem -noout -subject
openssl x509 -in mycert.pem -noout -text | grep "RSA Public Key"
# works on Mac:
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "./mycert.cer"