Configuring mutt for S/MIME on OS X
Solution 1:
My problem was related to Apple's Keychain Access app.
If a certificate request is created in Safari, the private key is stored in the OS X login keychain. The public key can be downloaded subsequently using Safari as a file named pki
, which can be imported to the login keychain using Keychain Access. When exporting the certificate, the certficate chain (CA, intermediate CA, root CA) is not included in the PKCS#12 file (which causes the error message). Of course, you could manually export all the elements of your certificate chain and merge them using e.g. OpenSSL.
But it is much easier to create certificate requests in Firefox and export ("backup") the complete certificate from this browser. A PKCS#12 file from Firefox can be imported using smime_keys
without further ado.
Summary: I created ~/.smime
and copied some trusted CA certs to this directory (~/.smime/ca-bundle.crt
). To import my personal certificate, I executed smime_keys add_p12 cert.p12
, then added the following lines
set smime_is_default
set smime_default_key="foobar"
to my ~/.muttrc
, where "foobar" is the key ID returned for my personal cert by smime_keys list
.