On 2005-02-16, Craig White <[EMAIL PROTECTED]> wrote: > I am also interested in knowing how to generate self-signed certificates > for tls connections on pop3/imap > > This is what I used... > > # openssl req -new -x509 -nodes -out /etc/ssl/cyrus-global.pem \ > -keyout /etc/ssl/cyrus-global.pem -days 3650 > # openssl gendh 512 >> /etc/ssl/cyrus-global.pem > > and set /etc/imapd.conf > > tls_cert_file: /etc/ssl/cyrus-global.pem > tls_key_file: /etc/ssl/cyrus-global.pem > tls_ca_file: /etc/ssl/certs/ca.crt > > which seems to work - the ca.crt file I had create previously with > commands to build certs for openldap... > > openssl genrsa -des3 -out ca.key 2048 > openssl req -new -x509 -days 3650 -key ca.key -out ca.cert > > and while it works, it would be interesting to have someone knowledgable > confirm that I am on the right track here since I certainly don't know > what it is that I am doing.
This is what I use, copped from the Stunnel FAQ: http://nakedape.cc/wiki/ApplicationNotes/SslNotes Lately I've been trying to migrate my self-signed certs to certs generated with TinyCA from a self-signed root cert; that way once I import my root CA I can bypass all of the prompts. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting http://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html