Setup guide
Now create the CSR with the mail server key:
sudo openssl req -new -key mailserver.key -out mailserver.csr
Fill out the following fields as completely as possible:
Country Name: Organizational Unit:
State or Province Name: Common Name:
Locality Name (city): Email Address:
Organization Name:
The Common Name field is critically important. It must match the domain name of
the mail server exactly or the certificate will not work.
Sign mailserver.csr as follows:
openssl ca -in mailserver.csr -out mailserver.crt
The mail server expects the key and certificate inside the same file, so concatenate
the key and certificate:
cat mailserver.key mailserver.crt > mailserver.pem
This creates the mailserver.pem file. This file can be moved to the mail server
and installed as described in the “Securing E-mail Services” section.
4.4.1.4 Creating an SSL Certificate for LDAP Services
Generating SSL certificates for LDAP services is similar to generating SSL
certificates for the web server. Start by generating a private key for the server in the
/usr/share/certs directory:
sudo openssl genrsa -out ldapserver.key 2048
Next, a CSR must be generated for the CA to sign:
sudo openssl req -new -key ldapserver.key -out ldapserver.csr
Fill out the following fields as completely as possible, making certain that the
Common Name field matches the domain name of the LDAP server exactly:
Country Name: Organizational Unit:
State or Province Name: Common Name:
Locality Name (city): Email Address:
Organization Name:
37
UNCLASSIFIED