To export a certicate to OpenSSL: Â
$ sudo certadmin export
For more information, see the certadmin man page. You can also access the System
keychain locally from Keychain Access.
Creating a Password File from the Command Line
The password le contains the password you specied when you created the keychain.
Mail service uses the password le to unlock the keychain that contains the SSL certicate.
Creating the Password File in the Keychain
1 Log in to the server as root.
2 In TextEdit, create a le and enter the password as you entered it when you created
the keychain.
Don’t press Return after entering the password.
3 Make the le plain text by choosing Make Plain Text from the Format menu.
4 Save the le, naming it cerkc.pass.
5 Move the le to the root keychain folder.
The path is /private/var/root/Library/Keychains/.
To see the root keychain folder in the Finder, choose Go to Folder from the Go menu,
enter /private/var/root/Library/Keychains/, and then click Go.
6 In the Terminal application, change the access privileges to the password le so only
root can read and write to this le.
Do this by entering the following commands, pressing Return after each one:
cd /private/var/root/Library/Keychains/
chmod 600 certkc.pass
Mail service can now use SSL for secure IMAP connections.
7 Log out from the server.
Note: If Mail service is running, stop it and start it again so it recognizes the new
certicate keychain.
Mail service is now congured for automatic SSL connections.
72 Chapter 3 Mail Service Advanced Conguration
