On 08/11/2010 03:30 AM, Richard Gliebe wrote:
On 8/10/10 6:01 PM Michael Orlitzky wrote:
You can still download the certificate (from, say, your website) and install it on each workstation. Just right click the cert file, and I think the option is either "Install" or "Import."
Will this also works with *.pem certificates?
Short answer: yes, although you might have to rename the cert file with an extension that Windows understands.
Long answer:
The PEM format is really just a container format for keys and some other stuff, so you should double-check what's in the PEM file first. Often, they will contain,
- Just a private key
- Just a public key or certificate
- Both a private and public key
For example, if your CERTDIR and KEYDIR are the same when you run dovecot_mkcert.sh, then both the public and private keys will be stored in the same file (e.g. dovecot.pem).
You want to be careful that you don't ship your private key off to the clients. The certificate is contained in one of those PEM files; if you put it on a Windows box and give it an extension that Windows understands, you should be able to import it.
The PEM files are just plain text, and it should be obvious from the "BEGIN CERTIFICATE" or "BEGIN RSA PRIVATE KEY" which one you're looking at.