1,234
edits
Changes
→Postfix + TLS
<source lang="bash">cd /root/postfix-keys
openssl genrsa -des3 -out vm2.andrewsmith.org.key 2048chmod 600 vm2.andrewsmith.org.keyopenssl req -new -key vm2.andrewsmith.org.key -out vm2.andrewsmith.org.csropenssl x509 -req -days 365 -in vm2.andrewsmith.org.csr -signkey vm2.andrewsmith.org.key -out vm2.andrewsmith.org.crtopenssl rsa -in vm2.andrewsmith.org.key -out vm2.andrewsmith.org.key.nopassmv vm2.andrewsmith.org.key.nopass vm2.andrewsmith.org.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 vm2.andrewsmith.org.key cakey.pemcp vm2.andrewsmith.org.key cakey.pem /etc/ssl/private/cp vm2.andrewsmith.org.crt cacert.pem /etc/ssl/certs/</source>
Those commands will create a certificate, a certificate signing request, a certificate authority, and a sign your certificate with your certificate authority. Same as in the real world except there you would contact a real CA, here you're making up your own.