Getting a sensible S/MIME Cert

What the shait this has been annoying…

Well, here is the bottom line:

Issue Your Own Self-Signed S/MIME Certs with OpenSSL by using these two shell scripts:

makeauthority.sh

#!/bin/bash
# Run this once to create a new cert authority if you don't have an own CA already
$ openssl genrsa -des3 -out ca.key 4096
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

makecert.sh

#!/bin/bash
# Run this for each email account.  The system must install the CA cert and the resulting p12 file in order to be happy.

# Borrowed from https://gist.github.com/richieforeman/3166387 who borrowed from http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption

# First adjust $EMAIL below to whatever email you're creating a cert for

EMAIL="example@domain.de"

openssl genrsa -des3 -out $EMAIL.key 4096
openssl req -new -key $EMAIL.key -out $EMAIL.csr
openssl x509 -req -days 365 -in $EMAIL.csr -CA rootDevCA.pem -CAkey rootDevCA.key -set_serial 1 -out $EMAIL.crt -setalias "Self Signed SMIME for $EMAIL" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
openssl pkcs12 -export -in $EMAIL.crt -inkey $EMAIL.key -out $EMAIL.p12