Carlos E. R. wrote:
On 2014-09-01 16:59, Per Jessen wrote:
Carlos E. R. wrote:
Once you have established yourself as a CA, you then act like one. With your user hat on, you create a certificate and a signing request and send it to your CA, i.e. yourself.
I thought that might be so, but no idea how to do that :-?
Create a root CA:
No, no. That part is already done, from YaST.
Aha.
What I need now is to create a "Certificate Signing Request" from the already existing dovecot server certificate, or create a new dovecot certificate together with the corresponding CSR.
I go thru that everytime I install a new HP server. The certificate is issued by a card on the server (ILO card). I then sign it: openssl ca -policy policy_anything -days 3650 -in server-ilo.csr -out server-ilo.crt and install the newly signed certificate on the card. (web interface).
YaST does a lot of things with these certificates, but this is NOT documented.
I know you're keen on working it with YaST, but personally I wouldn't bother. It's an area that is unlikely (IMHO) to have received much if any testing.
I have found the documentation in paper for SLES, though. Expensive paper.
Huh? You probably don't need to buy SLES just to use the documentation :-) -- Per Jessen, Zürich (12.9°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org