From owner-freebsd-questions@FreeBSD.ORG Sun Dec 19 18:11:49 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54A3016A4CE for ; Sun, 19 Dec 2004 18:11:49 +0000 (GMT) Received: from mail.terralink.de (mail.tlink.de [217.9.16.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 017EC43D39 for ; Sun, 19 Dec 2004 18:11:49 +0000 (GMT) (envelope-from me@daniel.stefan.haischt.name) Received: from smtp.abyssworld.de (daniel-s-haischt.biz [84.252.66.2]) by mail.terralink.de (Postfix) with ESMTP id C32E2BD617 for ; Sun, 19 Dec 2004 19:11:47 +0100 (CET) Received: from localhost (smtp.abyssworld.de [192.168.0.7]) by smtp.abyssworld.de (Postfix) with ESMTP id ECBCF18B6F for ; Sun, 19 Dec 2004 19:11:46 +0100 (CET) Received: from smtp.abyssworld.de ([127.0.0.1])port 10024) with ESMTP id 93068-05 for ; Sun, 19 Dec 2004 19:11:46 +0100 (CET) Received-SPF: none (smtp.abyssworld.de: 192.168.0.7 is neither permitted nor denied by domain of daniel.stefan.haischt.name) client-ip=192.168.0.7; envelope-from=me@daniel.stefan.haischt.name; helo=[192.168.120.239]; Received: from [192.168.120.239] (smtp.abyssworld.de [192.168.0.7]) by smtp.abyssworld.de (Postfix) with ESMTP id 5CFB818B5B for ; Sun, 19 Dec 2004 19:11:46 +0100 (CET) Message-ID: <41C5C460.70800@daniel.stefan.haischt.name> Date: Sun, 19 Dec 2004 19:11:44 +0100 From: "Daniel S. Haischt" User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org References: <000d01c4e5f2$7add5b30$0400a8c0@satellite> <20041219180247.GA33770@keyslapper.org> In-Reply-To: <20041219180247.GA33770@keyslapper.org> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Comment-1: GNU's Not Unix! X-Comment-2: Support FSF! X-Virus-Scanned: amavisd-new at abyssworld.de Subject: Re: courier imap keys and self-signed ca signing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Dec 2004 18:11:49 -0000 That's true if each of his servers will have the same common name (CN). But if one server resides for example on imap.foobar.com and the other at smtp.foobar.com, he has to use different certificate. Mozilla/Netscape browsers are quite picky if it comes to wrong CN attributes. BTW Dave - If you did install Apache together with mod_ssl the mod_ssl manual could be found at: -> http://localhost/manual/ssl/ Louis LeBlanc schrieb: > On 12/19/04 12:45 PM, dave sat at the `puter and typed: > >>Hello, >> I've got a 5.3 box that i'm using as a self-signing ca. I want to get >>keys going for all the various protocols i use, http, which i've done, pop >>and imap, and smtp. It's these last three i'm having the headache. I'm using >>postfix as my MTA and courier imap for pop/imap, i know that the latter has >>a program to generate keys but not csr's, i'm not sure how to get keys from >>courier and/or postfix to the ca for signing. I'm probably missing somehing >>very basic, and would appreciate any help. >>Thanks. >>Dave. > > > > Why would you want to use multiple methods? Just create a single self > signed CA from OpenSSL and use it to sign a single cert for all your > servers. You could also just use a self signed cert for all of them. > > Check out this info: > http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_ > > That will tell you about using a single cert for multiple domains if > that is what you need. > > Hope this helps. > > Lou -- Mit freundlichen Gruessen / With kind regards Daniel S. Haischt | phone: +49 -7032-992909 Grabenstrasse 11 | +49 -700-DHAISCHT | fax: +49 -7032-992910 D-71083 Herrenberg | fax2mail: +49 -7032-7999738 GERMANY | cell: +49 -172-7668936 SIP: sip:haischt@daniel-s-haischt.biz:5060 email: me@daniel.stefan.haischt.name web: http://www.daniel.stefan.haischt.name/