On Wed, Dec 19, 2012 at 02:38:52PM -0500, Robert Moskowitz wrote: > I am looking at a number of tutorials for setup.
This is a formula for failure. :) Stick to the documentation. http://www.postfix.org/documentation.html > I have found two different commands and looking for guidance: > > genkey --days 3650 mail.example.com I don't know what this is, but it probably generates a 10-year certificate? There is no "genkey" command on my system with OpenSSL 0.9.8x, and "genkey" is not a valid subcommand of openssl(1). > or > > openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 > -nodes -keyout smtpd.key -keyform PEM -days 365 -x509 Each of the options you have listed in your command are documented in the OpenSSL req(1) manual. > Now I actually know a LOT about X.509, having worked on PKIX > in IETF. But I am theory, not practice. I want control over > CN content and the tutorial with the later shows what I want. We don't know what you want. What is this certificate to be used for? Do you want a self-signed certificate, or to run your own CA, or to submit your CSR to an external CA? -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
