Basic FAQs and HOWTOs

Wil Cooley wcooley at nakedape.cc
Thu Feb 17 02:58:16 EST 2005


On 2005-02-16, Craig White <craigwhite at azapple.com> wrote:
> I am also interested in knowing how to generate self-signed certificates
> for tls connections on pop3/imap
>
> This is what I used...
>
> # openssl req -new -x509 -nodes -out /etc/ssl/cyrus-global.pem \
> -keyout /etc/ssl/cyrus-global.pem -days 3650
> # openssl gendh 512 >> /etc/ssl/cyrus-global.pem
>
> and set /etc/imapd.conf
>
> tls_cert_file: /etc/ssl/cyrus-global.pem
> tls_key_file: /etc/ssl/cyrus-global.pem
> tls_ca_file: /etc/ssl/certs/ca.crt
>
> which seems to work - the ca.crt file I had create previously with
> commands to build certs for openldap...
>
> openssl genrsa -des3 -out ca.key 2048
> openssl req -new -x509 -days 3650 -key ca.key -out ca.cert
>
> and while it works, it would be interesting to have someone knowledgable
> confirm that I am on the right track here since I certainly don't know
> what it is that I am doing.

This is what I use, copped from the Stunnel FAQ:

http://nakedape.cc/wiki/ApplicationNotes/SslNotes

Lately I've been trying to migrate my self-signed certs to certs
generated with TinyCA from a self-signed root cert; that way once I
import my root CA I can bypass all of the prompts.

Wil
-- 
Wil Cooley                                 wcooley at nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list