Jasper Jans wrote:
is someone willing to outline the commands that are needed toHi,
create working certificates for sendmail/openldap/cyrus-sasl/etc
that are all signed by a CA that is also self generated.. i'm
not sure what it is that i do wrong - maybe it is the generating
of the CA or maybe the server cert or the signing - i'm rather
lost here :/
thanks a lot,
jasper
I do that all with /usr/local/ssl/misc/CA.pl ! The path may vary at your box but /usr/local/ssl is where openssl is installed on my box. For generating the CA the script can and should be used unmodified but for generating the new csr you should disable the encryption of the private key to make sendmail/cyrus handle the cert correctly. I think one had to add -nodes in the CA.pl script for the commands to create the csr for that but I do not remember exactly...CA.pl uses /usr/local/ssl/openssl.cnf or some configurationfile like that in which all necessary configurations for the new CA or certs can be done...
--Christian--
