Am Fr, den 19.11.2004 schrieb akonstam@xxxxxxxxxxx um 2:03: > Can someone hint how one creates this needed certificate and where the > file resides and under what name. I saw there was a Makefile that is > supposed to do this but all I managed to do using that Makefile is > secure the httpd server so that it could not be restarted without > entering a passphrase. > Aaron Konstam There are different possibilities how you can create (and manage) such certificates. In any way the base tool use OpenSSL, which you can use directly. http://sial.org/howto/openssl/ has some good papers. Some days old documentation by Red Hat on http://www.redhat.com/support/resources/faqs/RH-apache-FAQ/c163.html. The Fedora OpenSSL comes with the script /usr/share/ssl/misc/CA. One very basic thing is that the Common Name (CN) of the server service cert has to fit it's hostname. In some cases you would only get a warning if they differ, in other situations / with other clients the services is deferred. Speaking about Apache on Fedora the default location for the SSL server hostcert is /etc/httpd/conf/ssl.crt/, for the hostkey it is /etc/httpd/conf/ssl.key/. The location for the dovecot cert is /usr/share/ssl/certs/. Don't know from head whether this location is hard coded during compilation or configurable with dovecot.conf. For the obsolete uw-imapd it was hard coded. Hope it helps a bit. Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.8-1.521smp Serendipity 02:35:44 up 1 day, 4:21, load average: 0.02, 0.26, 0.35
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
