Hi all,
I've taken this opportunity to prod the boss to let me buy some real
certs for our few self-hosted mail services. Until now, we've used
self-signed certs.
My question is, what exactly is the correct procedure for doing this?
Also, do I still need to do the step I've been seeing:
Ste
On Apr 16, 2014, at 13:52, Tanstaafl wrote:
> Hi all,
>
> I've taken this opportunity to prod the boss to let me buy some real certs
> for our few self-hosted mail services. Until now, we've used self-signed
> certs.
>
> My question is, what exactly is the correct procedure for doing this?
>
On 4/16/2014 7:14 AM, Matti Nykyri wrote:
On Apr 16, 2014, at 13:52, Tanstaafl wrote:
Or will simply replacing my self-signed certs with the new real ones be good
enough?
No it will not. Keys are te ones that have been compromised. You need
to create new keys. With those keys you need to c
On Apr 16, 2014, at 20:56, Tanstaafl wrote:
> On 4/16/2014 7:14 AM, Matti Nykyri wrote:
>> On Apr 16, 2014, at 13:52, Tanstaafl wrote:
>>> Or will simply replacing my self-signed certs with the new real ones be
>>> good enough?
>
>> No it will not. Keys are te ones that have been compromised.
On Wednesday 16 Apr 2014 18:56:57 Tanstaafl wrote:
> On 4/16/2014 7:14 AM, Matti Nykyri wrote:
> > On Apr 16, 2014, at 13:52, Tanstaafl wrote:
> >> Or will simply replacing my self-signed certs with the new real ones be
> >> good enough?
> >
> > No it will not. Keys are te ones that have been co
On Apr 17, 2014, at 9:10, Mick wrote:
> On Wednesday 16 Apr 2014 18:56:57 Tanstaafl wrote:
>> On 4/16/2014 7:14 AM, Matti Nykyri wrote:
>>> On Apr 16, 2014, at 13:52, Tanstaafl wrote:
Or will simply replacing my self-signed certs with the new real ones be
good enough?
>>>
>>> No it w
On Thursday 17 Apr 2014 15:40:04 Matti Nykyri wrote:
> On Apr 17, 2014, at 9:10, Mick wrote:
> > On Wednesday 16 Apr 2014 18:56:57 Tanstaafl wrote:
> >> On 4/16/2014 7:14 AM, Matti Nykyri wrote:
> >>> On Apr 16, 2014, at 13:52, Tanstaafl wrote:
> Or will simply replacing my self-signed cert
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 17.04.2014 17:49, Mick wrote:
> On Thursday 17 Apr 2014 15:40:04 Matti Nykyri wrote:
>> On Apr 17, 2014, at 9:10, Mick
>> wrote:
>>> On Wednesday 16 Apr 2014 18:56:57 Tanstaafl wrote:
On 4/16/2014 7:14 AM, Matti Nykyri
wrote:
> On
On Thu, Apr 17, 2014 at 04:49:45PM +0100, Mick wrote:
> On Thursday 17 Apr 2014 15:40:04 Matti Nykyri wrote:
> > On Apr 17, 2014, at 9:10, Mick wrote:
> > > On Wednesday 16 Apr 2014 18:56:57 Tanstaafl wrote:
> > >> On 4/16/2014 7:14 AM, Matti Nykyri wrote:
> > >>> On Apr 16, 2014, at 13:52, Tanst
On Thursday 17 Apr 2014 19:43:25 Matti Nykyri wrote:
> On Thu, Apr 17, 2014 at 04:49:45PM +0100, Mick wrote:
> > Can you please share how you create ECDHE_ECDSA with openssl ecparam, or
> > ping a URL if that is more convenient?
>
> Select curve for ECDSA:
> openssl ecparam -out ec_param.pem -nam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 19.04.2014 13:51, Mick wrote:
> On Thursday 17 Apr 2014 19:43:25 Matti Nykyri wrote:
>> On Thu, Apr 17, 2014 at 04:49:45PM +0100, Mick wrote:
>
>>> Can you please share how you create ECDHE_ECDSA with openssl
>>> ecparam, or ping a URL if that is
On Apr 19, 2014, at 16:17, Joe User wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 19.04.2014 13:51, Mick wrote:
>> On Thursday 17 Apr 2014 19:43:25 Matti Nykyri wrote:
>>> On Thu, Apr 17, 2014 at 04:49:45PM +0100, Mick wrote:
>>
Can you please share how you create ECDHE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 19.04.2014 17:38, Matti Nykyri wrote:
> On Apr 19, 2014, at 16:17, Joe User
> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>>
>> On 19.04.2014 13:51, Mick wrote:
>>> On Thursday 17 Apr 2014 19:43:25 Matti Nykyri wrote:
On Th
On Saturday 19 Apr 2014 14:17:56 Joe User wrote:
> On 19.04.2014 13:51, Mick wrote:
> > It seems that many sites that use ECDHE with various CA signature
> > algorithms (ECC as well as conventional symmetric) use the
> > secp521r1 curve - aka P-256. I just checked and gmail/google
> > accounts use
14 matches
Mail list logo
