Configuring mutt for S/MIME on OS X

My problem was related to Apple's Keychain Access app.

If a certificate request is created in Safari, the private key is stored in the OS X login keychain. The public key can be downloaded subsequently using Safari as a file named pki, which can be imported to the login keychain using Keychain Access. When exporting the certificate, the certficate chain (CA, intermediate CA, root CA) is not included in the PKCS#12 file (which causes the error message). Of course, you could manually export all the elements of your certificate chain and merge them using e.g. OpenSSL.

But it is much easier to create certificate requests in Firefox and export ("backup") the complete certificate from this browser. A PKCS#12 file from Firefox can be imported using smime_keys without further ado.

Summary: I created ~/.smime and copied some trusted CA certs to this directory (~/.smime/ca-bundle.crt). To import my personal certificate, I executed smime_keys add_p12 cert.p12, then added the following lines

set smime_is_default
set smime_default_key="foobar"

to my ~/.muttrc, where "foobar" is the key ID returned for my personal cert by smime_keys list.

janeden

Posted 2011-09-15T07:11:52.397

Reputation: 277

It would be awesome if you could add details on how you achieved this. – Keith Smiley – 2014-03-10T22:53:09.313

Sure, I updated the answer with configuration details. – janeden – 2014-03-18T08:58:59.627

For your key-cert pairs, you need an unbroken chain of certs all the way up to the CA. It's possible the CA you chose is not in your ca-bundle.crt file. – JeffG – 2011-09-26T19:09:07.100

I made sure to import the root and all intermediate CA certs into ca-bundle.crt. – janeden – 2011-09-27T08:08:37.767

Configuring mutt for S/MIME on OS X

Answers