On Thu, Dec 20, 2012 at 08:40:42AM -0500, Robert Moskowitz wrote:
> That is the only place in the documentation where I have found
> openssl command examples. Are there other place(s) that I have
> missed?
What would you like to see in the documentation? Instructions for
creating a self-signed server certificate without a parent issuing
CA? This could be added I guess, but the Postfix TLS_README is not
intended or going to be a comprehensive guide to OpenSSL and X.509.
People who want ECDSA certs and perhaps TLS 1.2 SHA256 message
digests, ... will sadly have to learn about these elsewhere.
For most users, the simplest recipe will suffice.
People who want a more compact recipe for a self-signed cert on
a single SMTP server can use my "one-liner" (for machines whose
hostname is an FQDN):
$ tmp=$(mktemp smtpd.pem.XXXXXX) &&
openssl req -new \
-newkey rsa:1280 -keyout /dev/stdout \
-x509 -days $((365 * 10)) -subj "/CN=$(uname -n)" >> "$tmp" &&
mv "$tmp" smtpd.pem
> I have been in LOTS of CA policy debates, ...
This thread is veering off course. What is the question at this
point?
--
Viktor.
