The SecureMail help page cautions people not to use the private key part of the exported PEM file, but it's safer if they don't even export that in the first place. Please change the example openssl command line to openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes -nokeys ... that is, add the -nokeys argument. Then you can drop the warnings about the .pem file containing the private key, it's safe to leave the file around at that point since it's all public data.
The page URL is https://bugzilla.mozilla.org/page.cgi?id=securemail/help.html (in case the URL field gets changed, plus easier to find in a comment sometimes).
Created attachment 712840 [details] [diff] [review] Patch v.1 Good idea. Will this do? Gerv
Comment on attachment 712840 [details] [diff] [review] Patch v.1 that works, r=dveditz
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/extensions/securemail/4.0/ modified template/en/default/pages/securemail/help.html.tmpl Committed revision 25 glob/dkl: can you pull this change into the relevant bmo branches? Gerv
Done Committing to: bzr+ssh://firstname.lastname@example.org/bmo/4.0 modified extensions/SecureMail/template/en/default/pages/securemail/help.html.tmpl Committed revision 8479 Committing to: bzr+ssh://email@example.com/bmo/4.2 modified extensions/SecureMail/template/en/default/pages/securemail/help.html.tmpl Committed revision 8547 dkl