Difference between revisions of "OpenSSL and certificates"
| Line 2: | Line 2: | ||
# Follow instructions on [http://www.cacert.org/help.php?id=4 CAcert.org] page. |
# Follow instructions on [http://www.cacert.org/help.php?id=4 CAcert.org] page. |
||
# That's enough for getting simple signed certificate which is good for [http://exim.org/ exim]. For [http://www.courier-mta.org/imap/ Courier IMAP] additionally you will require to |
# That's enough for getting simple signed certificate which is good for [http://exim.org/ exim]. For [http://www.courier-mta.org/imap/ Courier IMAP] additionally you will require to perform the following steps. |
||
# <code>dd if=/dev/urandom of=/tmp/cert.rand count=1</code> |
# Create a random file: <code>dd if=/dev/urandom of=/tmp/cert.rand count=1</code> |
||
# Create PEM formated certificate: <code>cat private.key server.crt > server.pem</code> |
|||
# Generate DH pair for certificate: <code>openssl gendh -rand /tmp/cert.rand 512 >>./server.pem</code> |
|||
# Clean-up: <code>rm -f /tmp/cert.rand</code> |
|||
Revision as of 00:40, 9 February 2010
Information on certificate generation for CAcert.org signing.
- Follow instructions on CAcert.org page.
- That's enough for getting simple signed certificate which is good for exim. For Courier IMAP additionally you will require to perform the following steps.
- Create a random file:
dd if=/dev/urandom of=/tmp/cert.rand count=1 - Create PEM formated certificate:
cat private.key server.crt > server.pem - Generate DH pair for certificate:
openssl gendh -rand /tmp/cert.rand 512 >>./server.pem - Clean-up:
rm -f /tmp/cert.rand
