regarding the following text from
Postfix-Cyrus-Web-cyradm-HOWTO
Creating the TLS/SSL Certificate
If you want to enable Cyrus' TLS/SSL facilities, you have to create a
certificate first. This requires an OpenSSL installation
openssl req -new -nodes -out req.pem -keyout key.pem
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req \
-signkey new.key.pem -days 999
mkdir /var/imap
cp new.key.pem /var/imap/server.pem
rm new.key.pem
cat ca-cert >> /var/imap/server.pem
chown cyrus:mail /var/imap/server.pem
chmod 600 /var/imap/server.pem # Your key should be protected
echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf
Would it not be more appropriate and credible to get an
official certificate, or use one that already is in effect for
other ssl related network activity; E.G. https?
I have created certificates for Apache for testing ssl
connections. But these expire after a year and are
not recognized by commercial web and e-mail software
( an why would they? It would defeat the purpose).
Thanks
Jeff K
_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch
_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm
