Lars Müller wrote:
On Mon, Nov 23, 2009 at 10:05:14AM -0600, Jim Flanagan wrote:
I set up my new email server over the weekend, and have plain text logins working fine. I need to set up my certs to allow TLS/SSL for internet email access. I've had problems doing this in the past and could use some consice guidance with this.
What I 'd like to do is issue a self signed cert for imap and smtp. I suppose I could just issue a cert, but would rather it be signed.
Please give the YaST CA module a try. It allows you to setup your own Certification Authority which even goes beyond one single cert.
An alternative might be to use something like http://www.cacert.org/ I bet there are many pros and cons available from the net.
Lars
I tried that, but I'm not EXACTLY clear on what I'm doing here. I do like the automation of this very much. What I want to wind up with is a self signed cert for both smtp and imap for mail.jjfiii.com, preferably only one cert, that does not require a password and is not encrypted so email clients can connect with no hassle, just import the cert once. I made 2 Certificate Authorities, one for jjfiii.com (for making certs for Apache after I get my email set up right) and another for mail.jjfiii.com. Now that I'm writing this that seems redundant. In any case that process forced me to insert a password. Then I selected the mail.jjfiii.com CA and entered it, giving password. (I suppose I only need one CA for my little home server, and that the jjfiii.com CA can make a mail.jjfiii.com cert?). Then I created a server certificate, but was unclear as to the options about encrypting, password, which options to export etc. Then I created a CSR and signed it. Unclear again here about what options to use to export. I wound up with one smtpd.crt, no smtpd.key, or cacert.pem or cakey.pem. That obviously didn't work. I'll take another try at it again. Meantime would welcome any pointers here. As you can tell I'm not an expert on this, but understand the need to keep my server (and remote email logins) private and secure. Small as this little setup is. I'm really liking 11.2. As with everything new it takes awhile to get used to, but so far so good. Many thanks, Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org