Robert Moskowitz: > > With the "-nodes" option in most cases: > > > > $ tmp=$(mktemp smtpd.pem.XXXXXX) && > > openssl req -new \ > > -newkey rsa:1280 -nodes -keyout /dev/stdout \ > > -x509 -days $((365 * 10)) -subj "/CN=$(uname -n)" >> "$tmp" && > > mv "$tmp" smtpd.pem > > Where is the cert going in this example? Are you putting both the cert > and the private key in the same file?
Yes. Postfix by default uses the same file for the private key and the public key certificate. > I would tend to at least include emailAddress. The rest SHOULD be known No. This is a server certificate. Servers have no email address. Second, this is a self-signed certificate, meaning no assurance that the information is trusworthy, so no point loading it up. Wietse