On 2014-09-01 19:38, Per Jessen wrote:
Carlos E. R. wrote:
What I need now is to create a "Certificate Signing Request" from the already existing dovecot server certificate, or create a new dovecot certificate together with the corresponding CSR.
I go thru that everytime I install a new HP server. The certificate is issued by a card on the server (ILO card). I then sign it:
openssl ca -policy policy_anything -days 3650 -in server-ilo.csr -out server-ilo.crt
Not that. Apparently I have to do something like this: openssl req -new -keyout server.key -out server.csr But that creates the key anew. I would have to find a concoction that given the existing server.key generates the server.csr. I need to produce the server.csr. I don't have it. What I have is /etc/ssl/dovecot.pem and /etc/ssl/private/dovecot.pem. Alternatively I run again the /usr/share/doc/packages/dovecot/mkcert.sh script changing it appropriately so that it also generates a dovecot.csr file. The current code is this: $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG \ -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 chmod 0600 $KEYFILE echo $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
YaST does a lot of things with these certificates, but this is NOT documented.
I know you're keen on working it with YaST, but personally I wouldn't bother. It's an area that is unlikely (IMHO) to have received much if any testing.
I think it is used on the SLES side.
I have found the documentation in paper for SLES, though. Expensive paper.
Huh? You probably don't need to buy SLES just to use the documentation :-)
No, I mean that it is documented on paper by third parties... not that you have to buy SLES to run it. The code is apparently the same on openSUSE, just that this YaST functionality is not explained on the available free documentation, perhaps on purpose. You can see some pages of it in the link I posted, the book is good. Some pages are missing, intentionally. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)