[CentOS] which commands do you use to SSL certify your own server?

Marco Fioretti

mfioretti at mclink.it
Fri Jun 15 11:31:19 UTC 2007


Hello,

I am going to build an email server on Centos for a small,
private group of users and I just want to encrypt all
communications between that server and the (remote) email
clients of those users (or they browsers, when they use
webmail). Client certificates are not necessary, at least
now.

I understand that to do that I need to create my own SSL CA,
create with it a self signed certificate and key pair and make sure
that the private key is not encrypted, so the server restarts
unattended in case of a reboot.

I have already looked at man pages and a few online tutorials,
but frankly they are not clear on what to do to achieve all
and _only_ what I wrote above. Most documentation, when not
outdated, seems targeted at much more complex scenarions.

Is this sequence of actions and commands correct and complete
for my case, or not:

1) cd /usr/share/ssl
2) modify openssl.cnf to have your Common Name and other parameters
3) run:
      ./CA -newca
      ./CA -newreq-nodes
4) move the private key from the .pem file to a separate file
5) put the cert and key file in a location where Postfix,
6) Dovecot and Apache can all use them
7) configure each of those servers to use the certificate

What have I missed?

Thank you in advance for any feedback (I'll have access
to the server only over the weekend, but it would be great
to have this issue as clear as possible before starting...)

Marco




More information about the CentOS mailing list