[Evolution] Managing evolution certificates - quick note

[tatooin <tatooin kelkoo com>]

Hi,

Since I had myself some troubles finding how to make my IMAP SSL server
considered as trusted by evolution, I thought it might be a good idea to
post a quick note on this.

So, here we go:

First, you need the Certificate Database Tool from mozilla.org, which is
available inside mozilla source tree (see:
ftp://ftp.mozilla.org/pub/mozilla/source)

There is certutil package available in security/nss/cmd/certutil, inside
mozilla source tree. This tool will enable you to manage the certifcates
stored inside evolution/netscape/mozilla/whatever certificate databases
(cert7.db)

Compile this tool.

Now, using the following command:
certutil -L -d /home/username/evolution

You'll see what certificate(s) are registered in your database, and
their attributes.

For instance, if you want to make your POP/IMAP server certificate
considered as valid by Evolution to avoid the popup each time a new
connection is established to this server, do the following:

certutil -M -t P,, -n "Your certificate Name" -d home/username/evolution
(Flags after -t are the new attributes for your certificate.)

Now, if you want to ensure that the certificate is now considered as
valid when used for an SSL Server, do: 
certutil -V -n "Your server certificate name" -u S -d
/home/username/evolution

If you want to add a new CA:
certutil -A -n "Your New CA Name" -t TCu,TCu,TCu -i
/path/to/your/CAcertificate.pem -d evolution/

A complete description of the flags to use (as well as the entire
command syntax) is available at:
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

I'm using Evolution since Beta 0.14, and it's working very fine for me.

Hope this helps.