On Tue, 2006-01-03 at 14:57 +0100, Alexander Dalloz wrote:
> Am Di, den 03.01.2006 schrieb Ingo Jochim um 11:05:
>
> > How can I create a SSL certificate via script full automated?
> >
> > Thank you for your help.
> > Ingo
>
> You may do it like some (those which ship with a certificate) of the
> Fedora RPMs do during rpmbuild. Following is taken from the OpenLDAP
> .spec:
>
> pushd %{_sysconfdir}/pki/tls/certs
> umask 077
> cat << EOF | make slapd.pem
> --
> SomeState
> SomeCity
> SomeOrganization
> SomeOrganizationalUnit
> localhost.localdomain
> root@xxxxxxxxxxxxxxxxxxxxx
> EOF
> chown root:ldap slapd.pem
> chmod 640 slapd.pem
> popd
That's the easy part :) Over the holidays I had a go at Kyle Dent's
Postfix book and fiddled with setting up Postfix with SMTP AUTH (smtp
and smtpd) and TLS which obviously needed CA, server and client private
and public certificates and CSRs. Quite challenging. And then there was
Evolution's seemlingly stubborn refusal to do something with those
certificates that made sense to me. It would be very nice if the CA
scripts in /etc/pki/tls/misc/ got a little TLC from those in the know or
perhaps even a system-config-certificates. There's a discrepancy between
the CA scripts and the info in the Postfix book and info on the Net:
both mention that you have to use "-nodes" with the openssl command. Yet
the CA scripts don't use that parameter. And the CA scripts use the
-x509 parameter while the info in the Postfix book and info on the Net
don't use it. This doesn't make it any easier so I would welcome and
appreciate any progress.
Regards,
Patrick
