Please explain: Creating the TLS/SSL Certificate

Jacob Friis Larsen jfl at
Wed Aug 11 17:07:29 EDT 2004

Could someone explain what this does?
I found it at

Does it create a self signed certificate?
Is there an easier way on Debian?

> *Creating the TLS/SSL Certificate*
> If you want to enable Cyrus' TLS/SSL facilities, you have to create a certificate first. This requires an OpenSSL installation
> openssl req -new -nodes -out req.pem -keyout key.pem  
> openssl rsa -in key.pem -out new.key.pem
> openssl x509 -in req.pem -out ca-cert -req \
> -signkey new.key.pem -days 999 
> mkdir /var/imap
> cp new.key.pem /var/imap/server.pem
> rm new.key.pem
> cat ca-cert >> /var/imap/server.pem
> chown cyrus:mail /var/imap/server.pem
> chmod 600 /var/imap/server.pem # Your key should be protected
> echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
> echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
> echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list