The mailing list for listmasters using Sympa

[Adam Bernstein <address@concealed>]

Hi all.  Is anyone successfully using the S/MIME features of Sympa?  If so, 
would you mind sharing a little wisdom, or would the Sympa team be able to 
help with this?

I've read and experimented enough to understand the general scheme, and 
I've set up all the prerequisites and am ready to start testing, but I 
haven't yet gotten through step 1: creating an X.509 certificate for each 
list that will use S/MIME.  The Sympa docs say "obtain a personal email 
certificate for the canonical list address in your browser as if it was 
your personal certificate", but from where do you obtain that?  I realize 
the scope of the Sympa docs does not include educating people on the basics 
of S/MIME, but this is a specific problem with using the listserver, 
because at this point I have found two ways of obtaining personal email 
certs and neither of them works.

One way is from Thawte's secure personal email service, which is free and 
easy enough to use, but it requires the certified email address to be real 
and to respond properly to a confirmation ping email that they send.  So 
this can't be used for list addresses....  Actually, it just occurred to me 
that it could work if I create the list, add myself as a subscriber, and 
set posting permissions to public, so then I will receive the confirmation 
ping.  Is this the way to do it?

The second way is to create a self-signed certificate using openssl 
commands, and we've managed to do that, and the "Load certificate" link now 
appears on the list's homepage.  However, clicking on it to import it in 
Firefox results in an error message about being unable to verify the 
issuer, which I think means Firefox is not liking the self-signed cert (but 
it doesn't give a dialog box to accept it anyway, as it does with SSL 
certs).  Is there a way around that problem?

Or is there a third way to obtain an X.509 email cert for a list?

Many thanks.

    ab