The mailing list for listmasters using Sympa

[address@concealed]

Peter Farmer wrote:

> Can some kind person please point me to some documentation that describes how
> user X509 certs for S/MIME authentication are added to sympa (I know _where_,
> but the doco doesnt say anything about how they should be installed - what 
> file
> naming conventions, how they are linked to user profiles/logins etc) and whats
> the easiest way to obtain some - home grown or from a commercial CA ?
>  
User certs are automatically catched by Sympa when receiving a signed 
s/mime messsage so if Sympa needs to send encrypted message to this user 
it can perform encryption using this certificate. This is works but it's 
not conform to the PKI theory : Sympa should be able to search for user 
certificates using PKI certificate directory (LDAP) .

That's why Sympa test the key usage certificate attribute to known if 
the certificate allow both encryption and signature.

Certificate are stored as PEM file on /home/sympa/expl/X509-user-certs . 
Files are named address@concealed@enc or address@concealed@sign  (@enc and 
@sign suffix are used according to certificates usage.  No tool other 
tool is provided by Sympa in order to collect this certificate 
repository but you can easily imagine you own tool to create thoses files.

Hope this help.
Serge Aumont