Robert Moskowitz:
> > With the "-nodes" option in most cases:
> >
> > $ tmp=$(mktemp smtpd.pem.XXXXXX) &&
> > openssl req -new \
> > -newkey rsa:1280 -nodes -keyout /dev/stdout \
> > -x509 -days $((365 * 10)) -subj "/CN=$(uname -n)" >> "$tmp" &&
> > mv "$tmp" smtpd.pem
>
> Where is the cert going in this example? Are you putting both the cert
> and the private key in the same file?
Yes. Postfix by default uses the same file for the private key and
the public key certificate.
> I would tend to at least include emailAddress. The rest SHOULD be known
No. This is a server certificate. Servers have no email address.
Second, this is a self-signed certificate, meaning no assurance
that the information is trusworthy, so no point loading it up.
Wietse
