Openssl certs for Cyrus
Christian Schulte
cs at schulte.it
Mon Feb 3 12:33:11 EST 2003
Jasper Jans wrote:
>is someone willing to outline the commands that are needed to
>create working certificates for sendmail/openldap/cyrus-sasl/etc
>that are all signed by a CA that is also self generated.. i'm
>not sure what it is that i do wrong - maybe it is the generating
>of the CA or maybe the server cert or the signing - i'm rather
>lost here :/
>
>thanks a lot,
>jasper
>
>
Hi,
I do that all with /usr/local/ssl/misc/CA.pl ! The path may vary at your
box but /usr/local/ssl is where openssl is installed on my box. For
generating the CA the script can and should be used unmodified but for
generating the new csr you should disable the encryption of the private
key to make sendmail/cyrus handle the cert correctly. I think one had to
add -nodes in the CA.pl script for the commands to create the csr for
that but I do not remember exactly...CA.pl uses
/usr/local/ssl/openssl.cnf or some configurationfile like that in which
all necessary configurations for the new CA or certs can be done...
--Christian--
More information about the Info-cyrus
mailing list