Creating Certificates

= Certificates =

Creating TLS/SSL Certificates
(Taken from Postfix-Cyrus-Web-cyradm-HOWTO, directories updated)

Do this in a directory outside the Postfix / Cyrus filesystems, eg (name) # mkdir ~/certs (name) # cd ~/certs

openssl req -new -nodes -out req.pem -keyout key.pem openssl rsa -in key.pem -out new.key.pem openssl x509 -in req.pem -out ca-cert -req \ -signkey new.key.pem -days 999 cp new.key.pem /etc/ssl/certs/cyrus-imapd.pem rm new.key.pem cat ca-cert >> /etc/ssl/certs/cyrus-imapd.pem chown root:mail /etc/ssl/certs/cyrus-imapd.pem chmod 640 /etc/ssl/certs/cyrus-imapd.pem # Your key should be protected
 * 1) mkdir /var/imap # remove this???

OpenSSL dialog for openssl req

calvin:~/certs# openssl req -new -nodes -out req.pem -keyout key.pem Generating a 1024 bit RSA private key ..................................++++++ .........++++++ writing new private key to 'key.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:TX Locality Name (eg, city) []:Plano Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:mailserver.example.com Email Address []:myname@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: calvin:~/certs#