Hum.. it stops at "random-seed...." > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Reindl Harald > Sent: domingo, 8 de Junho de 2014 21:35 > To: [email protected] > Subject: Re: [Dbmail] Right way to create SSL certs > > > > Am 08.06.2014 22:26, schrieb Jorge Bastos: > >> Am 08.06.2014 22:06, schrieb Jorge Bastos: > >>> What's the best way to create a cert so that I can make email > >>> clients happy and don't prompt the users about the cert ? > >> > >> the problem is not how you make the cert > >> > >> the problem is it needs to be signed by a CA and match your servers > >> name - so no mail.domain.tld for each customer since it's not > >> maintainable > >> > > > > I did it some time ago, don't remember que parameters, and yes, for > it > > I know I have to use only one domain for it. > > How did you created yours? > > look at the attachment, that script i am using for generate our CSR or > in case of internal used ones the pem file can be directly used as self > signed certificate > > needs some adoption in the template and paths but is used at least for > 6 years now with some fine tuning over the time > > > And, does it REALLY need to be signed by a CA? Isn't enough to just > > configure the email client to match the domain specified in the cert? > > surely - thats how certs are working for decades and that won't change > until DANE is widely supported which means DNSSEC too > > if the client don't trust your CA it warns the user with cryptic > messages
_______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
