On Tue, Nov 13, 2012 at 12:18:10AM -0500, thorso...@lavabit.com wrote:
> % openssl ca -out foo-cert.pem -infiles foo-req.pem
Do you really need a CA for your SMTP server certificate? Which
SMTP clients will trust this private CA?
> raised "TXT_DB error number 2".
This means that your CA is configured to create at most one
certificate for each subject DN or you've reset the serial
number file, and are issuing a certificate with a duplicate
serial number.
For the former, set "unique_subject = no" in the appropriate
section of "openssl.cnf". For the latter, don't clobber the
serial file.
Better yet, don't bother with a CA if you don't need one.
> default_bits = 4096
DO NOT use rediculous key lengths. If you're protecting yourself
against nation states willing to spend millions of dollars cracking
your key, or want a signature from a public CA that only signs RSA
keys with at least 2048 bits, try 2048. If you want a sensible key
size try 1280 if you're really worried about 1024 not being strong
enough.
On an Intel laptop, signing is ~40 times slower with RSA 4096 than
with 1024. Verification is ~12 times slower.
sign verify sign/s verify/s
rsa 1024 bits 0.001299s 0.000066s 769.8 15188.0
rsa 4096 bits 0.052406s 0.000766s 19.1 1305.2
an SMTP server with a 4096-bit key expends a noticeable amount of
CPU just signing SSL handshakes (for clients that almost always
ignore the certificate). For modern clients that use EDH or ECDH
ciphers the certificate is not what protects the confidentiality
of the traffic (from passive eavesdropping attacks). It makes little
sense to waste CPU and risk server DoS with no upside.
--
Viktor.
