Create SSL certs

Here are the instructions used to make the certs.

The private key is "privateKey.key".

The current StartSSL cert is "ssl.crt".

To create a Certificate Signing Request using the current ssl cert being used in the webserver.

openssl x509 -x509toreq -in ssl.crt -out CSR.csr -signkey privateKey.key

Look into the file CSR.csr and select only the Request like the following. Makeing sure every dash is copied. Otherwise it will cost money.


Put it into the StartSSL and get the cert.

Copy the cert into a new ssl.crt file.

Now have to create a combine file with the ssl.crt to be used in the webserver.

cat ssl.crt ca.pem > webserver.crt

"" and  "ca.pem" are the root certs from StartSSL.

Then we need to create a combine file ssl.crt to be used with postfix.

cat ssl.crt > smtpd.cert

Here are the links I used earlier to do research.

Here is how to encrypt a private_ssl_key.

To encrypt the key unencrypted.key and output it to encrypted.key, run this command: openssl rsa -in unencrypted.key -des3 -out encrypted.key

From completeness sake, to reverse the encryption (not sure why you would want to do that!), run this command: openssl rsa -in encrypted.key -out unencrypted.key

Got the above from,

Keywords: OpenSSL StartSSL SSL

blog comments powered by Disqus