Mailinglist Archive: opensuse (982 mails)

< Previous Next >
Re: [opensuse] When connecting to my own dovecot server, Alpine complains that it is using self-signed certificates.
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Mon, 01 Sep 2014 16:59:11 +0200
  • Message-id: <lu2263$q2e$1@saturn.local.net>
Carlos E. R. wrote:

On 2014-09-01 13:00, Per Jessen wrote:
Carlos E. R. wrote:

That google thing finds 51,300 results. Polishing to "create your
own certificate authority opensuse" gets 21,300 results - and none
of those I read mentions that there is a YaST module that creates
your own local CA!

Ok, so I create an authority. But now I don't know how to add or
sign the dovecot certificate with it.

Once you have established yourself as a CA, you then act like one.
With your user hat on, you create a certificate and a signing request
and send it to your CA, i.e. yourself.

I thought that might be so, but no idea how to do that :-?

Create a root CA:

in <myrootauthority> run CA.pl -newca - "CA.pl" is a script that comes
with openssl.

You will need to familiarise yourself with the whole thing and get a
setup that works, it does take some time.

To issue a new certificate:

openssl req -new -x509 -nodes -keyout file.key -out file.crt
openssl x509 -x509toreq -in file.crt -signkey file.key -out tmp.pem
openssl ca -days 3652 -policy policy_anything -out file.pem -infiles
tmp.pem

I still need to learn what to do as "user". I guess I must create some
file.

It is a pretty well documented process, even if a bit cumbersome.

Not very well documented - specially the yast part.

Dunno about YaST, I have never used it in this context, but the openssl
stuff is quite well documented. (if not, I would have never have
managed either).


--
Per Jessen, Zürich (12.9°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups