Saturday, July 12, 2014

5.5 amd64 X200: Alpine S/MIME, finally managed to sign with CACert.


I finally managed to get my Alpine to sign outgoing emails with Digital Certs from, "community-driven Certificate Authority that issues certificates to the public at large for free."

If you're using Thunderbird, setting up Digital Signature is quite easy, just a matter of getting your personal Digital ID and importing it in Thunderbird. There's a few steps in detail but it's just a matter of a bit of adventure in the Thunderbird's Option window.

But if you're like me, who uses Alpine and would like to have the ability to sign with Digital Signature, there's quite a challenge. I've been stuck with this for some time, but as it's not a super-urgent thing, I took my time to solve this. So here I'm posting the steps needed to get my Alpine to sign my email with Digital Cert attained from

1) Register with and create a personal Digital Cert.
This step is self-explanatory, go to, register your own account and create your personal Digital Certificate. I don't want to pay for Digital Certificate offered by more trustworthy company so this is a great option for me.

2) Download the Digital Certificate from and import in Firefox.
Ok for this, you will need to have Firefox. After you downloaded your Digital Certificate, you will need to open up Firefox, and in Edit > Preferences > Advanced > Certificates > View Certificates > Your Certificates, click on the Import button and import your Digital Cert.

3) Backup Digital Cert from Firefox in PKCS12 format.
From Edit > Preferences > Advanced > Certificates > View Certificates > Your Certificates, choose the Digital Cert you want to use and then click the Backup button. You will need to create a password for it. Remember to save it at pkcs12 format. For example, save it as

4) Create PEM format from the PKCS12 file.
Open your xterm, and create a PEM file from the PKCS12 (*.p12) file you just backed up.

$ openssl pkcs12 -in -out

Now the newly created file can be edited with vi or any text editor you use.

5) Create CRT and KEY file for Alpine use.
Some people suggested to use openssl to create CRT and KEY file. I didn't managed to do this successfully using the openssl method, and the result is that my Alpine gave out "Couldn't find the certificate needed to sign." prompt when I try to sign my outgoing emails. So I went with the manual way.

Remember that the PEM format is plain text and editable? So I vi the file. I can see there's 3 section there. The top part is something like this:

Bag Attributes

That top portion is the private key. Delete everything before the:


and delete everything after the:


then save it to something as Remember, this is your private key. And don't overwrite the original file you've edited.

Open the file again. You would see the just below the private key portion, there's something like:

Bag Attributes
    friendlyName: Class 1 Certification Authority

Now this is you Certificate Issuer portion. I edited the file and deleted everything before the immediate:


and deleted everything after the immediate:


then save the file as Do take note that this file could be named as anything but make sure the filename ends with ".crt".

Open the PEM file again, and the 3rd portion is you public key. The "Bag Attributes" details should contain your email address you created the Digital Cert with. So I deleted everything before the:


then save the file to something as

6) Setup Alpine to use the Digital Cert.
By default, Alpine needs ~/.alpine-smime directory to store the Digital Certs. But in my case, it didn't exits. So I mkdir these directories:


Then move all your *crt & *.key files to the correct directory such as:


That should be it. In Alpine, I use Roles so the From address is the same as my Digital Cert so Alpine can Digitally sign the email composed. So far signing email is ok but I haven't tested the encryption. Later.

- Roles in Alpine
- Alpine S/MIME -

5.5 amd64 X200: Firefox always crashing? Then try raising datasize.


My Firefox crashed sometime. Been like this since forever I think. Didn't bother to look at it until a few days ago when I think "hey I commonly sees this crashing but why other didn't flame the net about it?". So I went out to search for answers.

Then I found that this is not application or OpenBSD issue, but rather limited default setting. Firefox is quite a resource hog and by default, the datasize limit is set for 512Mb, which is by Firefox, quite low.

So I edited /etc/login.conf and find the default setting like below:


and changed the value to:


As I have about 4Gb of ram, this setting should be ok. So far this setting is ok and Firefox haven't crashed yet. Later.


- man login.conf

6.5 amd64: Modify existing certbot certificates.

Hi, It's been quite some time eh. As you can see, I still upgrade my OpenBSD system regularly but currently I do not have the time to ...