The mailing list for listmasters using Sympa

[Adam Bernstein <address@concealed>]

Well, I went ahead and tried having the Thawte ping sent to the list with 
public posting allowed, and successfully completed the certificate creation 
process for my test list.  Hurray!  However, I've now run into a problem 
that seems like a simpler and more fundamental one with the Sympa recipe.

I can import the list certificate into Firefox, but the next step is to 
export it in pkcs12 format so I can import into my email client.  That is 
impossible, because the certificate is listed in Firefox under "Other 
people's certificates", while the Backup (aka export) button only appears 
on "Your certificates".  So this method for list subscribers to obtain the 
list certificate won't work.

Is there another way?

     ab

Adam Bernstein wrote:
> Hi all.  Is anyone successfully using the S/MIME features of Sympa?  If 
> so, would you mind sharing a little wisdom, or would the Sympa team be 
> able to help with this?
>
> I've read and experimented enough to understand the general scheme, and 
> I've set up all the prerequisites and am ready to start testing, but I 
> haven't yet gotten through step 1: creating an X.509 certificate for 
> each list that will use S/MIME.  The Sympa docs say "obtain a personal 
> email certificate for the canonical list address in your browser as if 
> it was your personal certificate", but from where do you obtain that?  I 
> realize the scope of the Sympa docs does not include educating people on 
> the basics of S/MIME, but this is a specific problem with using the 
> listserver, because at this point I have found two ways of obtaining 
> personal email certs and neither of them works.
>
> One way is from Thawte's secure personal email service, which is free 
> and easy enough to use, but it requires the certified email address to 
> be real and to respond properly to a confirmation ping email that they 
> send.  So this can't be used for list addresses....  Actually, it just 
> occurred to me that it could work if I create the list, add myself as a 
> subscriber, and set posting permissions to public, so then I will 
> receive the confirmation ping.  Is this the way to do it?
>
> The second way is to create a self-signed certificate using openssl 
> commands, and we've managed to do that, and the "Load certificate" link 
> now appears on the list's homepage.  However, clicking on it to import 
> it in Firefox results in an error message about being unable to verify 
> the issuer, which I think means Firefox is not liking the self-signed 
> cert (but it doesn't give a dialog box to accept it anyway, as it does 
> with SSL certs).  Is there a way around that problem?
>
> Or is there a third way to obtain an X.509 email cert for a list?
>
> Many thanks.
>
>     ab