Setting up good certs for ports/mail/imap-uw?

[Tom Limoncelli]

On Jul 28, 2004, at 6:58 PM, Tom Limoncelli wrote:

> The instructions for ports/mail/imap-uw tell you that "make cert" 
> generates certs that are self-signed and warns you that it is better 
> to get "real" certs but doesn't explain how to do that.  Any 
> suggestions?

Thanks to Simon J. Oliver for the answer.

The .csr isn't generated.  Here's a patch for the Makefile (submitted 
to the port maintainer) to generate the file.  Or you can manually do:
	cd /usr/local/certs
	openssl x509 -x509toreq -in imapd.pem -signkey imapd.pem -out imapd.csr
The imapd.csr file is the data that gets submitted to the signing 
authority.

--Tom


*** /usr/ports/mail/imap-uw/Makefile.ORIG       Sun Aug  1 21:07:54 2004
--- /usr/ports/mail/imap-uw/Makefile    Sun Aug  1 21:43:26 2004
***************
*** 113,119 ****
--- 113,123 ----
         @${INSTALL} -d -o root -g wheel -m 0755 ${PREFIX}/certs
         @openssl req -new -x509 -days 365 -nodes -config 
${FILESDIR}/imap-uw.cnf -out ${PREFIX}/certs/imapd.pem -keyout 
${PREFIX}/certs/imapd.pem
         @openssl x509 -subject -dates -fingerprint -noout -in 
${PREFIX}/certs/imapd.pem
+       @openssl x509 -x509toreq -in ${PREFIX}/certs/imapd.pem -signkey 
${PREFIX}/certs/imapd.pem -out ${PREFIX}/certs/imapd.csr
         @${CHMOD} 700 ${PREFIX}/certs/imapd.pem
         @${LN} -s ${PREFIX}/certs/imapd.pem ${PREFIX}/certs/ipop3d.pem