Note: In the interest of better security and the enablement of greater trust, we have decided that 1024-bit keys will now be the minimum strength used in the issuance of thawte digital certificates.
To create a certificate signed by a Certificate Authority using OpenSSL, follow these steps:
Create or choose a directory for the certificates and your private key. Because the private key is stored unencrypted, it is very important that only user root has access to this directory. For example, the following three commands: mkdir -p -m665 /etc/mail/certs chown root:mail /etc/mail/certs chmod 660 /etc/mail/certs
Use openssl to create a public-private key pair and a certificate signing request (csa). For example, the following command (this text should be entered at a command prompt as one long line): /usr/local/ssl/bin/openssl req -new -nodes -out req.pem -keyout /etc/mail/certs/cert.pem When you run openssl it prompts you for items of information. It is very important that you properly answer these prompts; the default explanation may not be accurate. It asks you: Country Name Supply the ISO-standard two-letter code for your country. State or Province Name Type the full name of your state or province. Locality Name Type the full name of your city or municipal area. Organization Name Type the legal name of your company or organization. Organizational Unit Name Type the name of your division or section of your company. Common Name Type the fully-qualified host name of the mail server host. Do not type your personal name, even if the openssl prompt sounds like that is what you should do. This must be the same name that a client enters to get to your server. Email Address This should be your email address, or that of an institutional role (such as postmaster).
Ensure that the file which now contains the private key (and will later contain the signed certificate) is owned by and only accessible by root. For example, the following two commands: chmod 600 /etc/mail/certs/cert.pem chown root:0 /etc/mail/certs/cert.pem Send the certificate signing request (file req.pem) to your Certificate Authority for signing. You will receive back a signed request.
For instructions to install the certificate for Qpopper, go to the following solution: vs27715