The SecureMail help page cautions people not to use the private key part of the exported PEM file, but it's safer if they don't even export that in the first place. Please change the example openssl command line to
openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes -nokeys
... that is, add the -nokeys argument.
Then you can drop the warnings about the .pem file containing the private key, it's safe to leave the file around at that point since it's all public data.
The page URL is https://bugzilla.mozilla.org/page.cgi?id=securemail/help.html
(in case the URL field gets changed, plus easier to find in a comment sometimes).
Created attachment 712840 [details] [diff] [review]
Good idea. Will this do?
Comment on attachment 712840 [details] [diff] [review]
that works, r=dveditz
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/extensions/securemail/4.0/
Committed revision 25
glob/dkl: can you pull this change into the relevant bmo branches?
Committing to: bzr+ssh://firstname.lastname@example.org/bmo/4.0
Committed revision 8479
Committing to: bzr+ssh://email@example.com/bmo/4.2
Committed revision 8547