[Neo3000]

Hi guys,

I am struggling with the planned roll out of S/MIME certificates in our environment.
The main issue seems to be the private key: As of KB18586, you can (1) send it by mail or (2) use desktop manager sync tool.
We do not use desktop manager, so (2) is not an option. I have a bad feeling with (1) because you transmit the private key over an insecure channel.

I tried downloading the pfx/p12 file via the browser (SSL). But that gave me an error ("The file received from the webserver was recognized as a certificate file on the device. However, the data itself was not a valid certificate. Please contact the webmaster for assistance").

I was wondering, if any of you found another smarter way of rolling out certificates ... maybe there is a tiny application doing the job out there?

If there is no other way, I will probably live with the mail option and try to transmit the p12 password to the user securely ... but still there must be a better option.

Greetings,
Neo3000