Creating SSL certificates for IMAP/Apache in RedHat

Worked out in RedHat, but might work elsewhere. Caution, these are my partial recollections. Should test it again to make sure it works. Maybe when I reinstall the mail server…

We work in /usr/share/ssl. Edit the openssl.cnf configuration file, modify dir in CA_default to /usr/share/ssl, and set the default place for new certs to $dir/certs. Change the defaults for countryName, etc., so that we won't have to type them in repeatedly.

Touch /usr/share/ssl/index.txt, and echo '100001' into /usr/share/ssl/serial.

We create a root certificate for our server. We don't really want to shell out money to a proper authority, right?

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem \
    -out cacert.pem -days 3650 -config ./openssl.cnf

Now the root certificate consists of /usr/share/ssl/cacert.pem and /usr/share/ssl/private/cakey.pem; the first is the public part, which we can distribute to people who want to trust us.

Now go to certs and create a request for the imapd certificate:

openssl req -new -nodes -out imapd-req.pem -keyout imapd-key.pem \
    -days 3650 -config ../openssl.cnf

and actually get the certificate with

openssl ca -out imapd-cert.pem -config ../openssl.cnf \
    -infiles imapd-req.pem

(-infiles must be last!) We'll need the passkey used to create the CA. Last, merge the imapd key and certificate into the final signed certificate:

cat imapd-key.pem imapd-cert.pem > imapd.pem

Should be all! Imapd knows to look for /usr/share/ssl/certs/imapd.pem. See also how to use these certificates in OS X

The same certificates can be used for Apache, but the .key files goes into /etc/httpd/conf/ssl.key/server.key; the .pem files goes into /etc/httpd/conf/ssl.crt/server.crt.

Mmh… maybe /usr/share/ssl/misc/CA does all of the above?

Big thanks go to the kind folks at flatmtn.

Aug 26, 2005

sslcerts (/linuxtricks)
2005-08-26, 00:47 [edit]

  Login:   Password:   [rss] [cc] [w3] [css]

© M. Vallisneri 2012 — last modified on 2010/01/29

Tantum in modicis, quantum in maximis