From owner-freebsd-questions@FreeBSD.ORG  Wed Jul 28 22:58:25 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CF88A16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 28 Jul 2004 22:58:25 +0000 (GMT)
Received: from cider.cibernet.com (cider.cibernet.com [212.113.16.126])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 450A843D46
	for <freebsd-questions@freebsd.org>;
	Wed, 28 Jul 2004 22:58:25 +0000 (GMT)
	(envelope-from tal@whatexit.org)
Received: from [10.10.12.182] (ip2.198.145.31.iinet.com [198.145.31.2])
	by cider.cibernet.com (Postfix) with ESMTP id 93EF1773EE
	for <freebsd-questions@freebsd.org>;
	Wed, 28 Jul 2004 23:59:28 +0100 (BST)
Mime-Version: 1.0 (Apple Message framework v618)
Content-Transfer-Encoding: 7bit
Message-Id: <9C51062C-E0E9-11D8-B4EB-000D93C2342A@whatexit.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: freebsd-questions@freebsd.org
From: Tom Limoncelli <tal@whatexit.org>
Date: Wed, 28 Jul 2004 15:58:16 -0700
X-Mailer: Apple Mail (2.618)
Subject: Setting up good certs for ports/mail/imap-uw?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2004 22:58:25 -0000

The instructions for ports/mail/imap-uw tell you that "make cert" 
generates certs that are self-signed and warns you that it is better to 
get "real" certs but doesn't explain how to do that.  Any suggestions?

The long version...

I install the port and then do "make cert" to make the certs:

root@gsp:/ # cd /usr/ports/mail/imap-uw/
root@gsp:/usr/ports/mail/imap-uw # make cert
Generating a 1024 bit RSA private key
...............................++++++
............++++++
writing new private key to '/usr/local/certs/imapd.pem'
-----
You are about to be asked to enter information that will be incorporated
[...much later...]
MD5 Fingerprint=09:88:5C:19:6A:3F:3A:F5:44:65:82:60:56:5A:B0:72
root@gsp:/usr/ports/mail/imap-uw # cd /usr/local/certs/
root@gsp:/usr/local/certs # ls
imapd.pem       ipop3d.pem

Where is the .csr file to submit?  Every document that explains the 
process says that self-signed certs are insecure and recommends getting 
a real cert, but never tells you how to do that.

Sorry, I'm relatively new to email certs.  (https certs give me none of 
these troubles! :-) )

Thanks in advance,
Tom Limoncelli