PHWinfo - Afficher un message

11/09/2006, 22h19

In article <45053984$1@127.0.0.1> Edmund <ed@kdtc.net> writes:
>
>As for the second, I think the method of creating
>a new certificate (which I forgot to credit:
>Mr. Shapiro) was not complete or at least it
>was but isn't applicable for sendmail usage.

It works fine for sendmail, in fact I expect it was written up
specifically for sendmail (not that it would be signiificantly different
for e.g. a web server).

>Mr. Shapiro's link:
>http://www.sendmail.org/~ca/email/other/cagreg.html
>
>Big Negrow's 20th June 2006 post had a link
>that looked correct. (In the midst of
>executing the commands.)
>
>Big Negrow's link:
>http://www.reject.org/pr0ject/freebs...ndmail-tls.txt
>
>Can someone clarify why there's a slight difference?

Personal taste? The order in which they happened to try things until
they found something that worked? Shortcomings of the OpenSSL
documentation? There are lots of variations all of which work, in fact
Claus' STARTTLS page has links to two others besides Greg's (personally
I found Greg's to be th most straightforward of those though).

But anyway, regarding your problem finding the private key, read the
text:

"(certificate and private key in file newreq.pem)"

I.e. you'll have to extract the key into its own file by means of an
editor or equivalent - though it may well work to specify the cert+key
file for both confSERVER_CERT and confSERVER_KEY, I haven't tried it.

If you read the OpenSSL documentation for the 'req' command, you'll find
that it will generate the key if you don't provide one, i.e. it will run
the 'genrsa' command for you.

--Per Hedeland
per@hedeland.org

11/09/2006, 22h19	#3
Per Hedeland Messages: n/a Hébergeur:	Re: starttls certificate question In article <45053984$1@127.0.0.1> Edmund <ed@kdtc.net> writes: > >As for the second, I think the method of creating >a new certificate (which I forgot to credit: >Mr. Shapiro) was not complete or at least it >was but isn't applicable for sendmail usage. It works fine for sendmail, in fact I expect it was written up specifically for sendmail (not that it would be signiificantly different for e.g. a web server). >Mr. Shapiro's link: >http://www.sendmail.org/~ca/email/other/cagreg.html > >Big Negrow's 20th June 2006 post had a link >that looked correct. (In the midst of >executing the commands.) > >Big Negrow's link: >http://www.reject.org/pr0ject/freebs...ndmail-tls.txt > >Can someone clarify why there's a slight difference? Personal taste? The order in which they happened to try things until they found something that worked? Shortcomings of the OpenSSL documentation? There are lots of variations all of which work, in fact Claus' STARTTLS page has links to two others besides Greg's (personally I found Greg's to be th most straightforward of those though). But anyway, regarding your problem finding the private key, read the text: "(certificate and private key in file newreq.pem)" I.e. you'll have to extract the key into its own file by means of an editor or equivalent - though it may well work to specify the cert+key file for both confSERVER_CERT and confSERVER_KEY, I haven't tried it. If you read the OpenSSL documentation for the 'req' command, you'll find that it will generate the key if you don't provide one, i.e. it will run the 'genrsa' command for you. --Per Hedeland per@hedeland.org