From owner-freebsd-questions@FreeBSD.ORG Mon Aug 2 14:26:11 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 34B9716A4CE for ; Mon, 2 Aug 2004 14:26:11 +0000 (GMT) Received: from whatexit.org (whatexit.org [64.32.179.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07E8A43D48 for ; Mon, 2 Aug 2004 14:26:11 +0000 (GMT) (envelope-from tal@whatexit.org) Received: from localhost (unknown [127.0.0.1]) by whatexit.org (Postfix) with ESMTP id D680265EB for ; Mon, 2 Aug 2004 14:26:07 +0000 (US/Eastern) Received: from whatexit.org ([127.0.0.1]) by localhost (joisey [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 17747-02-2 for ; Mon, 2 Aug 2004 10:25:54 -0400 (EDT) Received: from [10.0.1.5] (ool-4351ec81.dyn.optonline.net [67.81.236.129]) by whatexit.org (Postfix) with ESMTP id 3F87A65EE for ; Mon, 2 Aug 2004 10:25:54 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v618) In-Reply-To: <9C51062C-E0E9-11D8-B4EB-000D93C2342A@whatexit.org> References: <9C51062C-E0E9-11D8-B4EB-000D93C2342A@whatexit.org> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Tom Limoncelli Date: Mon, 2 Aug 2004 10:25:55 -0400 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.618) X-Virus-Scanned: by amavisd-new at whatexit.org Subject: Re: Setting up good certs for ports/mail/imap-uw? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Aug 2004 14:26:11 -0000 On Jul 28, 2004, at 6:58 PM, Tom Limoncelli wrote: > The instructions for ports/mail/imap-uw tell you that "make cert" > generates certs that are self-signed and warns you that it is better > to get "real" certs but doesn't explain how to do that. Any > suggestions? Thanks to Simon J. Oliver for the answer. The .csr isn't generated. Here's a patch for the Makefile (submitted to the port maintainer) to generate the file. Or you can manually do: cd /usr/local/certs openssl x509 -x509toreq -in imapd.pem -signkey imapd.pem -out imapd.csr The imapd.csr file is the data that gets submitted to the signing authority. --Tom *** /usr/ports/mail/imap-uw/Makefile.ORIG Sun Aug 1 21:07:54 2004 --- /usr/ports/mail/imap-uw/Makefile Sun Aug 1 21:43:26 2004 *************** *** 113,119 **** --- 113,123 ---- @${INSTALL} -d -o root -g wheel -m 0755 ${PREFIX}/certs @openssl req -new -x509 -days 365 -nodes -config ${FILESDIR}/imap-uw.cnf -out ${PREFIX}/certs/imapd.pem -keyout ${PREFIX}/certs/imapd.pem @openssl x509 -subject -dates -fingerprint -noout -in ${PREFIX}/certs/imapd.pem + @openssl x509 -x509toreq -in ${PREFIX}/certs/imapd.pem -signkey ${PREFIX}/certs/imapd.pem -out ${PREFIX}/certs/imapd.csr @${CHMOD} 700 ${PREFIX}/certs/imapd.pem @${LN} -s ${PREFIX}/certs/imapd.pem ${PREFIX}/certs/ipop3d.pem