Jul 26, 2017 - Installing new Certificates


I recieve every 6 months an email from cacert that is telling me, that my certificates are about to expire. The ask me to renew them and I like to do just that. But usually I have forgotten what steps I need to do. Typically I need to generate a certificate into a different format then my browser presents me with. So therefore I'd like to help myselfe with this post to remember what I need to do in a couple of months.

Renew Certificate

Goto the CAcert page and login. Then navigate to Client Certificates and click on View. You can see your certificates here and mark alle the ones you would like to renew. Click on Renew to do just that.

Installing the Certificates

Once the renewing is finished you are presented a page containing something similar to this

Now renewing the following certificates:
Certificate for 'frosch03@frosch03.de' has been renewed.
Click here to install your certificate.

With a click on Click here you will install the certificate into your browser. If you want to you can also download the certificate within various formats.

Downloading the Certificate

You now are able to download the certificate from your browser. For firefox goto about:preferences#advanced, select the Certificates tab and click onto View Certificates at the bottom. Within that dialog you are able to select the certificate you want to download, and click on Backup....

Type in a filename that ends with .p12 to indicated that the data are within PKCS12 format.

Generating a .pem-File

For the usage within my emacs's mu4e setup, I do need the certificate within PEM format. This can be generated from the certificate in PKCS12 by that command:

openssl pkcs12 -in <infile.p12> -clcerts > <outfile.pem>

You are asked to enter a password/passphrase for the certificate. Choose wisely here.