I created for Company I am working for, own CA for several purposes. One of them is generating SMIME certificates for email signing/encryption. I use such certificates on different platforms like Linux (most common), Apple Mail, WIN, Android etc.
Practically all people in Company, have several email accounts. Most of people use Thunderbird as email client. Because of TB bug it is not possible to import more than one individual certificate. So it is possible to install individual certificate for only one identity that is one email address. Googled workarounds, including TB Add-On`s - does not work.
Using OpenPGP it is possible to assign one certificate to several identities/email address. As far as I know, some payed SMIME certificate providers offers SMIME certs with several identities.
So, how can I generate one SMIME certificate with several identities/email address ?
Below script I use to generate individual SMIME certs, signed by our own CA. I know from Mageia forum, that is something like "SubjectAltName" in cert. How should I modify script below to generate one cert with several "Alt" identities?
Code:
#!/bin/bash
dir="/home/maciek/Dokumenty/SMIME"
cd $dir
echo "Generowanie certyfikatu osobistego"
echo
openssl genrsa -des3 -out humble_coder.key 4096
openssl req -new -key humble_coder.key -out humble_coder.csr
echo "Podpisanie certyfikatu osobistego przez CA"
echo
openssl x509 -req -days 3650 -in humble_coder.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out humble_coder.crt -setalias "Certyfikat wydany przez EPI" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
echo "Konwersja certyfikatu na p12"
echo
openssl pkcs12 -export -in humble_coder.crt -inkey humble_coder.key -out humble_coder.p12
echo
echo "Jak ma si nazywa certyfikat?"
read name
mv -f ./humble_coder.p12 $name.p12
rm -f ./humble_coder*
