Hey all, So after finally getting ssl working with a self-signed certificate, Im trying to make the certificate legit by getting a Thawte signed certificate. I read through the cyrus docs and followed them to create the original self-signed server.pem file (which worked). My question is how do I then generate a CSR from that server.pem file, that I can then submit to thawte? Likewise, when I get the new certificate back from thawte, do I just paste it into the existing server.pem file, replacing the key part of the file? Also, does the command cyrus recommends "openssl req -new -x509 -nodes -out /var/imap/server.pem -keyout /var/imap/server.pem -days 365" create a 128 bit key pair?
BTW, I also tried following the instructions for Openssl key/csr/crt creation on thawte's website (see below). I then changed the cyrus.conf to point to the new key and self-signed certificate and it caused cyrus to reject ssl logins with the error: "unable to get private key from '/var/imap/servername.com.key' (which does exist and is readable by the cyrus user. ---------------------------- Thawte Openssl instructions --- Step 1. Go to your SSL directory cd /usr/local/ssl/private Step 2. Generate a private key openssl genrsa -des3 -rand file1:...:file5 1024 > www.xxx.com.key Now PLEASE backup your www.xxx.com.key and make a note of the passphrase. Losing your key will cost you money! Step 3. Go to your certs directory cd /usr/local/ssl/certs Step 4. Generate a CSR from your key openssl req -new -key ../private/www.xxx.com.key > www.xxx.com.csr Step 5. Generate a self-signed certificate openssl req -x509 -key ../private/www.xxx.com.key -in www.xxx.com.csr > www.xxx.com.crt ------------------------------------------------------------ Clearly I don't know what I'm doing here. Any help would be much appreciated. Sincerely, Lee
