Difference between revisions of "OpenSSL and certificates"
(2 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
# Generate DH pair for certificate: <code>openssl gendh -rand /tmp/cert.rand 512 >>./server.pem</code> |
# Generate DH pair for certificate: <code>openssl gendh -rand /tmp/cert.rand 512 >>./server.pem</code> |
||
# Clean-up: <code>rm -f /tmp/cert.rand</code> |
# Clean-up: <code>rm -f /tmp/cert.rand</code> |
||
Afterwards you have <code>server.pem</code> file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to <code>0600</code> and set owner to <code>root</code>. |
|||
Configuration of POP3 clients for Gmail (also good for [http://tosteris.com tosteris.com]) described [http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=12103 here]. |
|||
Windows and SSL certificate installation described [http://support.real-time.com/windows/email/ssl-cert.html here]. |
Latest revision as of 23:52, 9 February 2010
Information on certificate generation for CAcert.org signing.
- Follow instructions on CAcert.org page.
- That's enough for getting simple signed certificate which is good for exim. For Courier IMAP additionally you will require to perform the following steps.
- Create a random file:
dd if=/dev/urandom of=/tmp/cert.rand count=1
- Create PEM formated certificate:
cat private.key server.crt > server.pem
- Generate DH pair for certificate:
openssl gendh -rand /tmp/cert.rand 512 >>./server.pem
- Clean-up:
rm -f /tmp/cert.rand
Afterwards you have server.pem
file that you can use for Courier IMAP and POP3 secure server versions. Put them in secure place, change permisions to 0600
and set owner to root
.
Configuration of POP3 clients for Gmail (also good for tosteris.com) described here. Windows and SSL certificate installation described here.