Viktor Dukhovni wrote the following on 07/02/14 23:13:
On Fri, Feb 07, 2014 at 10:40:37PM +0000, Alan Munday wrote:Should not be too hard. In your case, as I suggested upstream, a simple self-signed certificate with no issuing CA is quite sufficient: Assuming a suitable private key in key.pem, a self-signed cert is just one command: openssl req -x509 -sha1 -new -key key.pem -out newcert.pem \ -subj "/CN=$(uname -n)" -days 3650
Not difficult at all.
Indeed, looks like you're done. The below is not self-signed, but nobody cares really. No need to post-pend an issuer CA nobody trusts to the chain.
Does this imply that, for users like me, the "Getting started, quick and dirty" section of the Postfix TLS support could be further simplified?
Thanks Alan
