Server certificates

hanasaki hanasaki at hanaden.com
Tue Apr 9 18:59:28 CDT 2002 

I use these files to make my certs for imap-ssl under courier imap.

script:
==============
root at portal:[31]/usr/lib/courier/sbin cat mkimapdcert
#! /bin/sh
#
# $Id: mkimapdcert.in,v 1.4 2001/08/26 15:49:50 mrsam Exp $
#
# Copyright 2000 Double Precision, Inc.  See COPYING for
# distribution information.
#
# This is a short script to quickly generate a self-signed X.509 key for
# IMAP over SSL.  Normally this script would get called by an automatic
# package installation routine.

test -x /usr/bin/openssl || exit 0

prefix="/usr/lib/courier"

if test -f /usr/lib/courier/share/imapd.pem
then
         echo "/usr/lib/courier/share/imapd.pem already exists."
         exit 1
fi

cp /dev/null /usr/lib/courier/share/imapd.pem
chmod 600 /usr/lib/courier/share/imapd.pem
chown daemon /usr/lib/courier/share/imapd.pem

cleanup() {
         rm -f /usr/lib/courier/share/imapd.pem
         rm -f /usr/lib/courier/share/imapd.rand
         exit 1
}

cd /usr/lib/courier/share
dd if=/dev/urandom of=/usr/lib/courier/share/imapd.rand count=1 2>/dev/null
/usr/bin/openssl req -new -x509 -days 365 -nodes          -config /usr/lib/courier/etc/imapd.cnf 
-out 
/usr/lib/courier/share/imapd.pem -keyout 
/usr/lib/courier/share/imapd.pem || cleanup
/usr/bin/openssl gendh -rand /usr/lib/courier/share/imapd.rand 512 
 >>/usr/lib/courier/share/imapd.pem || cleanup
/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in 
/usr/lib/courier/share/imapd.pem || cleanup
rm -f /usr/lib/courier/share/imapd.rand

root at portal:[34]/usr/lib/courier/sbin cat /usr/lib/courier/etc/imapd.cnf

RANDFILE = /usr/lib/courier/share/imapd.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=US
ST=NY
L=New York
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=localhost
emailAddress=postmaster at example.com

[ cert_type ]
nsCertType = server

Jonathan Hutchins wrote:
> Isn't there a utility in the ssl directory to create a certificate?  I think
> someone mentioned the procedure when they were talking about secure POP.
> 
> 
> 
> 

-- 
= hanasaki at hanaden.com                                          =
=     Spam : Just Say NO!                                       =

More information about the Kclug mailing list