TLS certificate password
Mike O'Rourke
mjoop at curia.op.org
Sat Mar 29 10:51:32 EST 2003
Hi Paul,
The server certificate can not be encrypted for Cyrus (or Apache, or
OpenLDAP, or Sendmail, etc). Basicly, the option for openssl is -nodes.
For a decent how-to on this (written for Postfix, but valid for almost
any server application) please see the page that Lutz Jänicke wrote:
http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/doc/myownca.html
There are more links to instructions at:
http://www.sendmail.org/~ca/email/starttls.html
Since these certificates are unencrypted, I always make the permissions
400 and owned by the application owner (in the case of Cyrus-IMAPd,
cyrus).
hth Mike.
>>> Paul Dekkers <bb+lists.cyrus-info at vet.fnt.hvu.nl> 03/29/03 04:06pm
>>>
Hi,
I have a .pem signed by my self-signed CA, but it is password
protected.
I saw no option in imapd.conf to specify the password for a
certificate:
is this indeed not possible, and do I have to create an .pem without
password?
(In that case; can anyone tell me what openssl-command I have to use to
create that kind of .pem? (from either the .p12 or the current .pem) I
tried with just specifying an empty password, but that didn't work
:-/)
Regards,
Paul
More information about the Info-cyrus
mailing list