Re: Certificate format for tls.patch PLEASE

Tue, 27 Feb 2001 13:19:36 -0800 

No one responded to me when I spelled it out.
here is the Makefile stuff:
cert:
        /usr/local/ssl/bin/openssl req -new -x509 -nodes \
        -out /var/qmail/control/cert.pem -days 366 \
        -keyout /var/qmail/control/cert.pem
        chmod 640 /var/qmail/control/cert.pem
        chown qmaild.qmail /var/qmail/control/cert.pem

cert-req:
        /usr/local/ssl/bin/openssl req -new -nodes \
        -out req.pem \
        -keyout /var/qmail/control/cert.pem
        chmod 640 /var/qmail/control/cert.pem
        chown qmaild.qmail /var/qmail/control/cert.pem
        @echo
        @echo "Send req.pem to your CA to obtain signed_req.pem, and do:"
        @echo "cat signed_req.pem >> /var/qmail/control/cert.pem"

This looks to me like the commands for requesting a cert and key. I already
have them. I need to know how qmail is going to want them now, some programs
want them in a single file with no password protection, I tried that it
didn't work. Others want to seperate files and will prompt you for a
password as they start up, that didn't work either. That is all I know how
to do, is there another way? I tried two files without a password on the
privet key too. Do I need a CA file possibly?



----- Original Message -----
From: "Jamie Heilman" <[EMAIL PROTECTED]>
To: "John McCoy, Jr" <[EMAIL PROTECTED]>
Cc: "Qmail" <[EMAIL PROTECTED]>
Sent: Tuesday, February 27, 2001 1:11 PM
Subject: Re: Certificate format for tls.patch PLEASE


> John McCoy, Jr wrote:
>
> > Exactly what certs and keys are needed and in what format?
>
> Did you read the patch?  Do you understand how SSL certificates work?
>
>        - provide a certificate in /var/qmail/control/cert.pem.
>          "make cert" makes a self-signed certificate.
>          "make cert-req" makes a certificate request.
>          Note: nsCertType must be = server,client or be a generic
>          certificate (no usage specified). If you want to use
>          a separate cert in qmail-remote (SMTP client), then
>          s/cert\.pem/clientcert\.pem/ in qmail-remote.c.
>
> cert.pem must be a complete certificate, private key and all.  Read the
> Makefile post-tls-patch and see what the 'cert' target and the 'cert-req'
> target do, it should answer both your questions.
>
>
> --
> Jamie Heilman                   http://audible.transient.net/~jamie/
> "I was in love once -- a Sinclair ZX-81.  People said, "No, Holly, she's
>  not for you." She was cheap, she was stupid and she wouldn't load
>  -- well, not for me, anyway." -Holly
>

Reply via email to