I recieve every 6 months an email from cacert that is telling me, that my certificates are about to expire. The ask me to renew them and I like to do just that. But usually I have forgotten what steps I need to do. Typically I need to generate a certificate into a different format then my browser presents me with. So therefore I'd like to help myselfe with this post to remember what I need to do in a couple of months.
Goto the CAcert page and login. Then navigate to
Client Certificates and click on
View. You can see your certificates
here and mark alle the ones you would like to renew. Click on
do just that.
Installing the Certificates
Once the renewing is finished you are presented a page containing something similar to this
Now renewing the following certificates: Certificate for 'email@example.com' has been renewed. Click here to install your certificate.
With a click on
Click here you will install the certificate into your
browser. If you want to you can also download the certificate within
Downloading the Certificate
You now are able to download the certificate from your browser. For
about:preferences#advanced, select the
and click onto
View Certificates at the bottom. Within that dialog you
are able to select the certificate you want to download, and click on
Type in a filename that ends with
.p12 to indicated that the data are
within PKCS12 format.
Generating a .pem-File
For the usage within my emacs's mu4e setup, I do need the certificate within PEM format. This can be generated from the certificate in PKCS12 by that command:
openssl pkcs12 -in <infile.p12> -clcerts > <outfile.pem>
You are asked to enter a password/passphrase for the certificate. Choose wisely here.