[GH-ISSUE #143] Support s/mime email certificates #86

Closed
opened 2026-02-25 22:32:33 +03:00 by kerem · 6 comments
Owner

Originally created by @jcjones on GitHub (Feb 28, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/143

Given an email address for a command line option, it would be cool to generate certificates suitable for S/MIME use in Thunderbird or Outlook.

Originally created by @jcjones on GitHub (Feb 28, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/143 Given an email address for a command line option, it would be cool to generate certificates suitable for S/MIME use in Thunderbird or Outlook.
kerem closed this issue 2026-02-25 22:32:33 +03:00
Author
Owner

@FiloSottile commented on GitHub (Feb 28, 2019):

What would you use an S/MIME certificate that is only valid on your computer for?

<!-- gh-comment-id:468438663 --> @FiloSottile commented on GitHub (Feb 28, 2019): What would you use an S/MIME certificate that is only valid on your computer for?
Author
Owner

@btoews commented on GitHub (Mar 19, 2019):

I would use this for testing development of S/MIME tooling. Would you accept a PR that implemented this?

<!-- gh-comment-id:474471061 --> @btoews commented on GitHub (Mar 19, 2019): I would use this for testing development of S/MIME tooling. Would you accept a PR that implemented this?
Author
Owner

@FiloSottile commented on GitHub (Mar 19, 2019):

Could we just detect an email address in the names list and generate a cert valid for S/MIME? I’m not familiar with S/MIME myself.

<!-- gh-comment-id:474478378 --> @FiloSottile commented on GitHub (Mar 19, 2019): Could we just detect an email address in the names list and generate a cert valid for S/MIME? I’m not familiar with S/MIME myself.
Author
Owner

@btoews commented on GitHub (Mar 19, 2019):

If you'd be okay with that. We'd want to either add a DN component or SAN for the email address. We'd also probably want to add key usage for signing and extended key usage for email/code signing.

<!-- gh-comment-id:474485130 --> @btoews commented on GitHub (Mar 19, 2019): If you'd be okay with that. We'd want to either add a DN component or SAN for the email address. We'd also probably want to add key usage for signing and extended key usage for email/code signing.
Author
Owner

@FiloSottile commented on GitHub (Mar 19, 2019):

Sounds good to me!

Slight preference for SAN over DN.

Drop the serverAuth EKU if all names are emails. Still respect -client.

<!-- gh-comment-id:474486943 --> @FiloSottile commented on GitHub (Mar 19, 2019): Sounds good to me! Slight preference for SAN over DN. Drop the serverAuth EKU if all names are emails. Still respect -client.
Author
Owner

@btoews commented on GitHub (Mar 19, 2019):

Cool. I won't be able to look at this for ~2 weeks, but will put it on my todo list unless someone else gets to it first.

<!-- gh-comment-id:474487771 --> @btoews commented on GitHub (Mar 19, 2019): Cool. I won't be able to look at this for ~2 weeks, but will put it on my todo list unless someone else gets to it first.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#86
No description provided.