On 12/20/2012 08:29 PM, Wietse Venema wrote:
Robert Moskowitz:
With the "-nodes" option in most cases:
$ tmp=$(mktemp smtpd.pem.XXXXXX) &&
openssl req -new \
-newkey rsa:1280 -nodes -keyout /dev/stdout \
-x509 -days $((365 * 10)) -subj "/CN=$(uname -n)" >> "$tmp" &&
mv "$tmp" smtpd.pem
Where is the cert going in this example? Are you putting both the cert
and the private key in the same file?
Yes. Postfix by default uses the same file for the private key and
the public key certificate.
I would tend to at least include emailAddress. The rest SHOULD be known
No. This is a server certificate. Servers have no email address.
We can debate this, but little gained. I am OK with this as a basic
template.
Second, this is a self-signed certificate, meaning no assurance
that the information is trusworthy, so no point loading it up.
:)
Again, thank you both for your efforts.
