On 7/14/2013 9:03 PM, Gene Heskett wrote:> Hi all;
>
> Thinking I'd like to have a bit of security, I followed the example for
> dovecot from allgoodthings.org
>
> Guessing between the lines I made a few substitutions to localize it for
> me, but when I run the line to dump the configs, the output is very short
> because I do not have the *.pem files.
>
> Where can a usable set of these ssl 'keyfiles' be obtained?
$ openssl genrsa -out server.key 2048
$ openssl req -sha256 -new -key server.key -out server.csr
$ openssl x509 -req -days 3650 -in server.csr -signkey server.key -out
server.crt
$ cat server.key server.crt > server.pem
Run the four commands. You will have a key file, certificate signing
request file, a self signed cert and a pem file which is the
concatenation of the key and cert (some systems need this, and some are
ok with the key and cert being separate). This is everything you will
need to get the server working with SSL or TLS.
The third command generates a self signed certificate. If you are
playing around or this is for internal / personal use, this is ok, but
if you want real security, you need to have your cert signed by a real
certificate authority (CA).
If you are going to do this, the way you answer the questions in step
two is important. You should do some research into the requirements of
your chosen CA, but for example, the question about the state usually
must be answered with the full state name, properly capitalized, and not
an abbreviation. Example: "Florida" is correct, "FL" is
not.
If any doubts, contact your CA first before generating your csr.
Dem