Setting up good certs for ports/mail/imap-uw?
Tom Limoncelli
tal at whatexit.org
Mon Aug 2 07:26:11 PDT 2004
On Jul 28, 2004, at 6:58 PM, Tom Limoncelli wrote:
> The instructions for ports/mail/imap-uw tell you that "make cert"
> generates certs that are self-signed and warns you that it is better
> to get "real" certs but doesn't explain how to do that. Any
> suggestions?
Thanks to Simon J. Oliver for the answer.
The .csr isn't generated. Here's a patch for the Makefile (submitted
to the port maintainer) to generate the file. Or you can manually do:
cd /usr/local/certs
openssl x509 -x509toreq -in imapd.pem -signkey imapd.pem -out imapd.csr
The imapd.csr file is the data that gets submitted to the signing
authority.
--Tom
*** /usr/ports/mail/imap-uw/Makefile.ORIG Sun Aug 1 21:07:54 2004
--- /usr/ports/mail/imap-uw/Makefile Sun Aug 1 21:43:26 2004
***************
*** 113,119 ****
--- 113,123 ----
@${INSTALL} -d -o root -g wheel -m 0755 ${PREFIX}/certs
@openssl req -new -x509 -days 365 -nodes -config
${FILESDIR}/imap-uw.cnf -out ${PREFIX}/certs/imapd.pem -keyout
${PREFIX}/certs/imapd.pem
@openssl x509 -subject -dates -fingerprint -noout -in
${PREFIX}/certs/imapd.pem
+ @openssl x509 -x509toreq -in ${PREFIX}/certs/imapd.pem -signkey
${PREFIX}/certs/imapd.pem -out ${PREFIX}/certs/imapd.csr
@${CHMOD} 700 ${PREFIX}/certs/imapd.pem
@${LN} -s ${PREFIX}/certs/imapd.pem ${PREFIX}/certs/ipop3d.pem
More information about the freebsd-questions
mailing list