Hello, I only want to:
* be my own CA in order to * create a self signed certificate and key (in a separate file) to use for encrypted communication between my home email client and a Postfix/dovecot server I am building. * make sure that the private key is not encrypted, so the server restarts unattended in case of a reboot. now, the online openssl man page of CA.pl (http://www.openssl.org/docs/apps/CA.pl.html) says: ######################################### -newcert creates a new self signed certificate. The private key and certificate are written to the file ``newreq.pem''. -newreq creates a new certificate request. The private key and request are written to the file ``newreq.pem''. -newreq-nodes is like -newreq except that the private key will not be encrypted. ########################################## The questions are: 1) what is the actual difference between "creating a new certificate request" and "creating a new self signed certificate"?? Why there are "certificates" and "certificates *requests*"? What is the exact doc to read to understand this point? 2) which of these options are needed, and in in which order, to do all and only what I described at the beginning of this message? Is this command sequence the right one for this scenario: ./CA -newca ./CA -newreq-nodes or do I also have to add: ./CA -sign or something else? 3) Running the two commands in 2) I will have (if I understand correctly) the new certificate and key all in one file (newreq.pem). How to get them in separate files? Can I just cut the key part and paste it in another file or there is a better way? I *have* already checked several online tutorial but frankly they do not make these points clear (not to mention that some are pretty old and quite a few of the others talk about a CA _shell_ script and that, on Centos at least, you do find packaged a CA shell script and not a CA.pl one) Thank you in advance for any feedback, Marco ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
