On 29.12.2023 18:06, Togan Muftuoglu via openSUSE Users wrote:
"CER" == Carlos E R <robin.listas@telefonica.net> writes:
CER> I can not obtain an external certificate, I don't have a domain. I CER> use a faked name.
CER> YaST no longer has the module to create certificate authorities and CER> certificates.
CER> I would learn How to do it, if someone points me to a "how to create CER> CA and certificates for dovecot that makes Thunderbird happy, for CER> dummies".
As a starting point https://gist.github.com/Soarez/9688998
Not relevant to this discussion, but apparently OpenSSL introduced a bug since this page was created. The command openssl x509 -req -in example.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out example.org.crt no more creates serial file. Looking in sources, this file is never read or created when CSR is used as input, random serial number is generated. This seems to be changed in a huge commit in 2020. I do not know whether this particular behavior change was intentional, commit message is not really descriptive. But I guess not, I fail to see the usage of this "feature".