[Fed-Talk] Default email certificate
[Fed-Talk] Default email certificate
- Subject: [Fed-Talk] Default email certificate
- From: Paul Derby <email@hidden>
- Date: Wed, 16 Dec 2009 14:54:04 -0500
Thawte discontinued their email certificates earlier this Fall pushing everyone to sign up for a Verisign cert with a one year "free" enticement.
We elected to go with Comodo and obtained 3 year certs for our employees, about half run on OS X, the other half on Windows XP.
Installing the new email certificate is easy, then comes the task of telling the email client to use the new cert while the non-expired old cert is still in place so past encrypted emails can be read. With Windows XP Outlook users, you go to TOOLS/OPTIONS/SECURITY/SETTINGS and pick the certificate you want to use from a drop down list. The only way we have found to change the "default" cert in OS X is to export the non-expired certs, delete the certs, then import the certs with the default imported first, the non-default imported second. You have to have both certs present so users can read their old encrypted email messages.
Does anyone know of an easier way to change the default cert for an OS X user? Doing this import/export process gets tedious when you have large numbers of users.
I filed a "bug" report ages ago under Tiger asking that Apple add a way for a user to specify which cert to use if multiple valid certs were present.
--
Paul Derby
Chief Enterprise Architect
supporting BioWatch Systems Program Office as IT Lead
Department of Homeland Security
email@hidden (preferred)
email@hidden
703-647-2745
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden