self-signed certificate

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Revision as of 21:53, 24 March 2015 by Woozle (talk | contribs) (unsolved)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

About

A self-signed certificate is useful in some circumstances where you need the security of SSL encryption, but do not need certification by a third party.

How to

  • Very brief introduction to create a CA and a CERT
    • If /usr/local/openssl/openssl.cnf.sample does not exist on your system, you can get a copy from MIT.
    • What needs to be changed is mainly the file locations under [ CA_default ]. They seem to presume that you will be executing commands from outside the CA folder, which doesn't work.
    • If you've already got a .key (private key file) and a .crt (certificate file) generated from that key, it looks like you can configure openssl.cnf to point to them and then skip straight to the penultimate command:
      • openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem
      • I ran all the steps up to that point, but then got errors trying to execute it -- until I repointed openssl.cnf to my pre-existing .crt and .key files.

Even after that, though, sendmail still refused to provide STARTTLS service (despite giving no error messages when loading the configuration).

Retrieved from "https://htyp.org/mw/index.php?title=self-signed_certificate&oldid=20799"