Smokes your problems, coughs fresh air.

Tag: openssl

Generating an SSL CSR and key

To generate an SSL certificate signing request (CSR) with key you can do this:

openssl req -nodes -newkey rsa:2048 -keyout bla.key -out bla.csr

This syntax does not force you to supply a password, which is convenient.

If you generate a CSR for startcom, you don’t have to fill in any fields; only the public key from the CSR is used. For other vendors, the common name is important; the domain name must be entered there.

Changing an apache virtual host to ssl

To change a virtual host in apache to ssl:

#Redirect all normal traffic to the https site.
<VirtualHost *:80>
  RewriteEngine on
  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
# This virtual host was *:80 first
<VirtualHost *:443>
   DocumentRoot /bla
   # If I don't specify this, nagios's check_ssl_cert doesn't work.
   # These lines were added to make it SSL
   SSLEngine on
   SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
   SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
   # if you have an official certificate, also add some of these:
   SSLCertificateChainFile /etc/ssl/certs/bla
   <Directory /bla>
      Order allow,deny
      Allow from all
      AllowOverride None
      Options -MultiViews FollowSymlinks Indexes

Generating key and certificate for courier-imap

To create a self-signed certificate for courier-imap:

openssl req -new -x509 -days 3650 -nodes -out imapd.pem -keyout imapd.pem

This will create a pem file with key and certificate in it. When asked for the common-name, enter the FQDN.

Don’t forget to specify the maildir path correctly in the imapd-ssl config file, as well as some other config parameters that are duplicated for imapd-ssl.


© 2024 BigSmoke

Theme by Anders NorenUp ↑