> You did not specify a key to use for this operation. This writes > a new key to a default file (often privkey.pem) with insecure > permissions (0644) (even password protected keys should not > be world readable).
It saved the key as "cakey.pem" with 644. Should I change the permissions of the mentioned files to 600? > So use the "-key filename" option for a key you created, and don't > go for absurdly long keys that's just silly. I tried the following, but I wasn't prompted for a password this time. How to do it right? $ touch smtpd2.key $ chmod 600 smtpd2.key $ openssl genrsa 2048 > smtpd2.key $ openssl req -new -x509 -key smtpd2.key -extensions v3_ca -keyout cakey.pem \ > -out cacert.pem -days 730 I'm a bit overwhelmed by all these certs/keys. I understand how it works in case of SSH, but I have no idea why I need two (Is this correct?) keys and two certs in this case. How I understand the process: $ touch smtpd.key # created a file $ chmod 600 smtpd.key # changed permissions $ openssl genrsa 4096 > smtpd.key # generated a 4096 RSA private key # Generated a new self signed certificate using the private key from smtpd.key. # Saved as smtpd.crt. $ openssl req -new -key smtpd.key -x509 -days 730 -out smtpd.crt # Created another certificate (cacert.pem) and a new private key (cakey.pem). $ openssl req -new -x509 -extensions v3_ca -keyout cakey.pem \ -out cacert.pem -days 730 Is there a need to create a public key? The whole process looks similar to SSH, but I didn't create a public key this time. And I don't understand why.
