Difference between revisions of "OpenSSL and certificates"
Line 7: | Line 7: | ||
# Generate DH pair for certificate: <code>openssl gendh -rand /tmp/cert.rand 512 >>./server.pem</code> |
# Generate DH pair for certificate: <code>openssl gendh -rand /tmp/cert.rand 512 >>./server.pem</code> |
||
# Clean-up: <code>rm -f /tmp/cert.rand</code> |
# Clean-up: <code>rm -f /tmp/cert.rand</code> |
||
Afterwards you have <code>server.pem</code> file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to <code>0600</code> and set owner to <code>root</code>. |
Revision as of 00:46, 9 February 2010
Information on certificate generation for CAcert.org signing.
- Follow instructions on CAcert.org page.
- That's enough for getting simple signed certificate which is good for exim. For Courier IMAP additionally you will require to perform the following steps.
- Create a random file:
dd if=/dev/urandom of=/tmp/cert.rand count=1
- Create PEM formated certificate:
cat private.key server.crt > server.pem
- Generate DH pair for certificate:
openssl gendh -rand /tmp/cert.rand 512 >>./server.pem
- Clean-up:
rm -f /tmp/cert.rand
Afterwards you have server.pem
file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to 0600
and set owner to root
.