CAcert Client Certificates for MacOS

Create

Create a key/request pair. When asked, protect the key with a key passphrase and enter the <samp>{EMAIL}</samp> address. All other fields may remain empty.

 . name="{NAME}"     # first and last name
 . email="{EMAIL}"
 . openssl req -newkey rsa:2048 -keyout $email.key -out $email.csr

Securely backup the {EMAIL}.key and the corresponding key passphrase. You will need both to renew the client certificate.

Log in at [CAcert](https://cacert.org) and select "Client Certificates -> New". Select the same {EMAIL} address and include the {NAME}. Paste {EMAIL}.csr in the CSR textarea. Accept the CCA and submit.

Backup the certificate in PKCS12 format

Download the certificate in PEM format to {EMAIL}.crt, then create the PKCS12 ({EMAIL}.pfx) file. You'll have to unlock the key with the key passphrase set above. Furthermore, protect the PKCS12 file with an export password.

 . openssl pkcs12 -export -inkey $email.key -in $email.crt -name "$name" -out $email.pfx

Open Firefox and access [privacy settings](about:preferences#privacy). Scroll down to "certificates", click "view certificates", click "import" and import {EMAIL}.pfx.

Securely backup the {EMAIL}.pfx and the corresponding export password.

Renew

To renew a certificate, you need to have the corresponding private key saved on the computer you are renewing from.


CategoryTutorials

HowTo/CCforNewbiesMac (last edited 2024-05-28 16:23:42 by AlesKastner)