well, then you know that you have a problem with random numbers on your machine :-)
http://www.issihosts.com/haveged/ Am 08.06.2014 22:50, schrieb Jorge Bastos: > Hum.. it stops at "random-seed...." > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Reindl Harald >> Sent: domingo, 8 de Junho de 2014 21:35 >> To: [email protected] >> Subject: Re: [Dbmail] Right way to create SSL certs >> >> Am 08.06.2014 22:26, schrieb Jorge Bastos: >>>> Am 08.06.2014 22:06, schrieb Jorge Bastos: >>>>> What's the best way to create a cert so that I can make email >>>>> clients happy and don't prompt the users about the cert ? >>>> >>>> the problem is not how you make the cert >>>> >>>> the problem is it needs to be signed by a CA and match your servers >>>> name - so no mail.domain.tld for each customer since it's not >>>> maintainable >>>> >>> >>> I did it some time ago, don't remember que parameters, and yes, for >> it >>> I know I have to use only one domain for it. >>> How did you created yours? >> >> look at the attachment, that script i am using for generate our CSR or >> in case of internal used ones the pem file can be directly used as self >> signed certificate >> >> needs some adoption in the template and paths but is used at least for >> 6 years now with some fine tuning over the time >> >>> And, does it REALLY need to be signed by a CA? Isn't enough to just >>> configure the email client to match the domain specified in the cert? >> >> surely - thats how certs are working for decades and that won't change >> until DANE is widely supported which means DNSSEC too >> >> if the client don't trust your CA it warns the user with cryptic >> messages
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
