Chapter 3 Mail Service Advanced Conguration 71
Importing an SSL Certicate into the Keychain from the Command Line
You can import your SSL certicate into the Keychain using Keychain Access or from
the command line with certtool. To import an SSL certicate using certtool:
1 Log in to the server as root.
2 Open the Terminal application.
3 Go to the folder where the saved certicate le is located.
For example, if the certicate le is saved on the desktop of the root user, enter
cd /private/var/root/Desktop and press Return.
4 Enter the following command, and then press Return:
$ certtool i sslcert.txt k=certkc
Using certtool this way imports a certicate from the le named sslcert.txt into
the keychain named certkc.
A message conrms that the certicate was imported.
...certificate successfully imported.
5 Log out from the server.
After generating a CSR and a keychain, you continue conguring Mail service for
automatic SSL connections by purchasing an SSL certicate from a certicate authority
such as Verisign or Thawte. You can do this by completing a form on the certicate
authority’s website.
When prompted for your CSR, open the csr.txt le using a text editor, such as TextEdit.
Then, copy and paste the contents of the le into the appropriate eld on the
certicate authority’s website. The websites for these certicate authorities are at:
 www.verisign.com
 www.thawte.com
When you receive your certicate, save it in a text le named sslcert.txt. You can save
this le with the TextEdit application. Make sure that the le is plain text, not rich text,
and that it contains only the certicate text.
Accessing Server Certicates from the Command Line
Server Admin keeps a centralized store of your server’s certicates for ease of use
and management. Use certadmin to access this information from the command line.
certadmin directly manipulates the list of certicates stored in the System keychain.
To view the certicates in the System keychain: Â
$ sudo certadmin list
By default, certadmin prints the Common Name eld of each certicate separated
by newlines. Adding the option -x or --xml prints the certicate list to screen as an
XML property list (plist).
