Difference between revisions of "OpenSSL and certificates"

From DiLab
Jump to: navigation, search
Line 9: Line 9:


Afterwards you have <code>server.pem</code> file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to <code>0600</code> and set owner to <code>root</code>.
Afterwards you have <code>server.pem</code> file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to <code>0600</code> and set owner to <code>root</code>.

Configuration of POP3 clients for Gmail described [http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=12103 here].
Windows and SSL certificate installation described [http://support.real-time.com/windows/email/ssl-cert.html here].

Revision as of 23:51, 9 February 2010

Information on certificate generation for CAcert.org signing.

  1. Follow instructions on CAcert.org page.
  2. That's enough for getting simple signed certificate which is good for exim. For Courier IMAP additionally you will require to perform the following steps.
  3. Create a random file: dd if=/dev/urandom of=/tmp/cert.rand count=1
  4. Create PEM formated certificate: cat private.key server.crt > server.pem
  5. Generate DH pair for certificate: openssl gendh -rand /tmp/cert.rand 512 >>./server.pem
  6. Clean-up: rm -f /tmp/cert.rand

Afterwards you have server.pem file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to 0600 and set owner to root.

Configuration of POP3 clients for Gmail described here. Windows and SSL certificate installation described here.