Date: Sun, 19 Dec 2004 19:11:44 +0100 From: "Daniel S. Haischt" <me@daniel.stefan.haischt.name> To: freebsd-questions@FreeBSD.org Subject: Re: courier imap keys and self-signed ca signing Message-ID: <41C5C460.70800@daniel.stefan.haischt.name> In-Reply-To: <20041219180247.GA33770@keyslapper.org> References: <000d01c4e5f2$7add5b30$0400a8c0@satellite> <20041219180247.GA33770@keyslapper.org>
next in thread | previous in thread | raw e-mail | index | archive | help
That's true if each of his servers will have the same common name (CN). But if one server resides for example on imap.foobar.com and the other at smtp.foobar.com, he has to use different certificate. Mozilla/Netscape browsers are quite picky if it comes to wrong CN attributes. BTW Dave - If you did install Apache together with mod_ssl the mod_ssl manual could be found at: -> http://localhost/manual/ssl/ Louis LeBlanc schrieb: > On 12/19/04 12:45 PM, dave sat at the `puter and typed: > >>Hello, >> I've got a 5.3 box that i'm using as a self-signing ca. I want to get >>keys going for all the various protocols i use, http, which i've done, pop >>and imap, and smtp. It's these last three i'm having the headache. I'm using >>postfix as my MTA and courier imap for pop/imap, i know that the latter has >>a program to generate keys but not csr's, i'm not sure how to get keys from >>courier and/or postfix to the ca for signing. I'm probably missing somehing >>very basic, and would appreciate any help. >>Thanks. >>Dave. > > > > Why would you want to use multiple methods? Just create a single self > signed CA from OpenSSL and use it to sign a single cert for all your > servers. You could also just use a self signed cert for all of them. > > Check out this info: > http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_ > > That will tell you about using a single cert for multiple domains if > that is what you need. > > Hope this helps. > > Lou -- Mit freundlichen Gruessen / With kind regards Daniel S. Haischt | phone: +49 -7032-992909 Grabenstrasse 11 | +49 -700-DHAISCHT | fax: +49 -7032-992910 D-71083 Herrenberg | fax2mail: +49 -7032-7999738 GERMANY | cell: +49 -172-7668936 SIP: sip:haischt@daniel-s-haischt.biz:5060 email: me@daniel.stefan.haischt.name web: http://www.daniel.stefan.haischt.name/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41C5C460.70800>