On 7/14/2013 9:03 PM, Gene Heskett wrote:
Hi all;
Thinking I'd like to have a bit of security, I followed the example for dovecot from allgoodthings.org
Guessing between the lines I made a few substitutions to localize it for me, but when I run the line to dump the configs, the output is very short because I do not have the *.pem files.
Where can a usable set of these ssl 'keyfiles' be obtained?
$ openssl genrsa -out server.key 2048 $ openssl req -sha256 -new -key server.key -out server.csr $ openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt $ cat server.key server.crt > server.pem
Run the four commands. You will have a key file, certificate signing request file, a self signed cert and a pem file which is the concatenation of the key and cert (some systems need this, and some are ok with the key and cert being separate). This is everything you will need to get the server working with SSL or TLS.
The third command generates a self signed certificate. If you are playing around or this is for internal / personal use, this is ok, but if you want real security, you need to have your cert signed by a real certificate authority (CA).
If you are going to do this, the way you answer the questions in step two is important. You should do some research into the requirements of your chosen CA, but for example, the question about the state usually must be answered with the full state name, properly capitalized, and not an abbreviation. Example: "Florida" is correct, "FL" is not.
If any doubts, contact your CA first before generating your csr.
Dem