Difference between revisions of "OpenSSL and certificates"

From DiLab
Jump to: navigation, search
Line 7: Line 7:
# Generate DH pair for certificate: <code>openssl gendh -rand /tmp/cert.rand 512 >>./server.pem</code>
# Generate DH pair for certificate: <code>openssl gendh -rand /tmp/cert.rand 512 >>./server.pem</code>
# Clean-up: <code>rm -f /tmp/cert.rand</code>
# Clean-up: <code>rm -f /tmp/cert.rand</code>

Afterwards you have <code>server.pem</code> file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to <code>0600</code> and set owner to <code>root</code>.

Revision as of 00:46, 9 February 2010

Information on certificate generation for CAcert.org signing.

  1. Follow instructions on CAcert.org page.
  2. That's enough for getting simple signed certificate which is good for exim. For Courier IMAP additionally you will require to perform the following steps.
  3. Create a random file: dd if=/dev/urandom of=/tmp/cert.rand count=1
  4. Create PEM formated certificate: cat private.key server.crt > server.pem
  5. Generate DH pair for certificate: openssl gendh -rand /tmp/cert.rand 512 >>./server.pem
  6. Clean-up: rm -f /tmp/cert.rand

Afterwards you have server.pem file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to 0600 and set owner to root.