Hello Timothy, [email protected] (Timothy Legge), 2011.02.28 (Mon) 20:18 (CET): > Ive been strugeling with setting up a CA on my OpenBSD Box. Ive been trying > to figur out where I've been going wrong over the past 3 or 4 days, and Im > at a loss now. [snip] http://marc.info/?l=openbsd-misc&m=125691677521019 -> http://www.tor.at/~McMer/ca/
The link still works and I've added a README. after ``make cnf-ca'' and ````make init'' you have a ca-cert.pem which you can just append to /etc/ssl/cert.pem or import in thunderbird, firefox, ... ``make pem_all name=<yourname>'' generates <yourname>.csr, <yourname>.crt, <yourname>.key, <yourname>.pem which I use for services as follows: apache: /var/www/conf/httpd.conf: SSLCertificateFile /etc/ssl/http.pem SSLCertificateKeyFile /etc/ssl/http.pem opensmtpd: /etc/mail/smtpd.conf: listen on lo0 tls certificate smtp enable auth $ ls /etc/mail/certs/ smtp.crt smtp.key dovecot: /etc/dovecot.conf: ssl_cert_file = /etc/ssl/imap.pem ssl_key_file = /etc/ssl/imap.pem openldapd: /etc/ldapd.conf: listen on re0 ldaps certificate ldap $ ls /etc/ldap/certs/ ldap.crt ldap.key squid: /etc/squid/squid.conf: https_port 3129 cert=/etc/ssl/proxy.pem
