Date: Mon, 2 Aug 2004 10:25:55 -0400 From: Tom Limoncelli <tal@whatexit.org> To: freebsd-questions@freebsd.org Subject: Re: Setting up good certs for ports/mail/imap-uw? Message-ID: <DDA915FE-E48F-11D8-B300-000D93C2342A@whatexit.org> In-Reply-To: <9C51062C-E0E9-11D8-B4EB-000D93C2342A@whatexit.org> References: <9C51062C-E0E9-11D8-B4EB-000D93C2342A@whatexit.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 28, 2004, at 6:58 PM, Tom Limoncelli wrote:
> The instructions for ports/mail/imap-uw tell you that "make cert"
> generates certs that are self-signed and warns you that it is better
> to get "real" certs but doesn't explain how to do that. Any
> suggestions?
Thanks to Simon J. Oliver for the answer.
The .csr isn't generated. Here's a patch for the Makefile (submitted
to the port maintainer) to generate the file. Or you can manually do:
cd /usr/local/certs
openssl x509 -x509toreq -in imapd.pem -signkey imapd.pem -out imapd.csr
The imapd.csr file is the data that gets submitted to the signing
authority.
--Tom
*** /usr/ports/mail/imap-uw/Makefile.ORIG Sun Aug 1 21:07:54 2004
--- /usr/ports/mail/imap-uw/Makefile Sun Aug 1 21:43:26 2004
***************
*** 113,119 ****
--- 113,123 ----
@${INSTALL} -d -o root -g wheel -m 0755 ${PREFIX}/certs
@openssl req -new -x509 -days 365 -nodes -config
${FILESDIR}/imap-uw.cnf -out ${PREFIX}/certs/imapd.pem -keyout
${PREFIX}/certs/imapd.pem
@openssl x509 -subject -dates -fingerprint -noout -in
${PREFIX}/certs/imapd.pem
+ @openssl x509 -x509toreq -in ${PREFIX}/certs/imapd.pem -signkey
${PREFIX}/certs/imapd.pem -out ${PREFIX}/certs/imapd.csr
@${CHMOD} 700 ${PREFIX}/certs/imapd.pem
@${LN} -s ${PREFIX}/certs/imapd.pem ${PREFIX}/certs/ipop3d.pem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DDA915FE-E48F-11D8-B300-000D93C2342A>