On 2014-09-01 13:00, Per Jessen wrote:
Carlos E. R. wrote:
That google thing finds 51,300 results. Polishing to "create your own certificate authority opensuse" gets 21,300 results - and none of those I read mentions that there is a YaST module that creates your own local CA!
Ok, so I create an authority. But now I don't know how to add or sign the dovecot certificate with it.
Once you have established yourself as a CA, you then act like one. With your user hat on, you create a certificate and a signing request and send it to your CA, i.e. yourself.
I thought that might be so, but no idea how to do that :-?
You put your CA hat on etcetera.
I see that YaST has a tab labeled "requests". I can "import", "Add", "Request". I think that the request I create with the user hat I have to enter on the "Add" button, and signed on the "Request" button. Thanks, that puts me further :-) What I had done was create, in YaST, a server certificate, and I was looking at copying/exporting/whatever to be used by dovecot. What you say about "sending" the request looks better, but I don't know how to do that. I still need to learn what to do as "user". I guess I must create some file.
It is a pretty well documented process, even if a bit cumbersome.
Not very well documented - specially the yast part. The only one I found was on google books, on this link: http://books.google.es/books?id=-jzcJkXTLuUC&pg=PA403&lpg=PA403&dq=create+your+own+certificate+authority+YaST&source=bl&ots=vI3LgdSUwx&sig=ubXetOzb7logfIJuzHXwEOqY_s8&hl=en&sa=X&ei=c6wDVKXQKJPiaqfqgvgC&redir_esc=y#v=onepage&q=create%20your%20own%20certificate%20authority%20YaST&f=false There are some pages posted from "The Definitive Guide to SUSE Linux Enterprise Server" By Sander van Vugt, which does explain how to use YaST to do these things. It was there where I found some details on how to create a root certificate, and a server certificate. But the excerpt is not complete, there are missing pages, I suppose on purpose so that people buys the book - which at 56€ I'm not in a a position to do. The own openSUSE documentation does not explain things, it just about says "click create to create a certificate". Interesting...
I don't know to what extent any of this can be done with YaST, but none of it is specific to openSUSE.
It is not that simple to locate a good document on google. I have perused some docs I found from there, and none too clear. Maybe if someone gives me a suggestion for a string to search for "sending certificate for signing"... ;-) (that phrase locates entries on how to sign email) Searching for "ssl certificate signing" instead, on google suggestion, I located one entry: <http://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html> Apparently it would be this: openssl req -new -keyout server.key -out server.csr to generate both a key and a CSR, which stands for "Certificate Signing Request". So it must be similar to that, as I already have the certificate made (a script on dovecot does it). Mmm... I could just modify the entry on the dovecot script to also create the request, and run the script again... $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 chmod 0600 $KEYFILE echo $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2 Wait... The $CERTFILE above would be it? But it is called "$CERTDIR/dovecot.pem", not *.csr? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)