Home Explore Help
Register Sign In
hp
/
kopano-core
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
kopano-core
/
doc
/
adminssl.txt

adminssl.txt 923 B
Permalink History Raw

12345678910111213141516171819202122232425262728 
  1. The server.cfg server_ssl_key_file and admin.cfg sslkey_file variable are to
    2. 

  2. point to a file containing a "PRIVATE KEY" and one or more "CERTIFICATE"
    3. 

  3. sections. ["TRUSTED CERTIFICATE"?] A depth zero self-signed certificate can
    4. 

  4. be generated using `openssl req -x509 -nodes -newkey rsa`.
    5. 

  5. 

  6. The server.cfg sslkeys_path must point to a directory which contains "PUBLIC
    7. 

  7. KEY" files for the corresponding allowed client certificate(s). These can be
    8. 

  8. generated per certificate using `openssl rsa -in client.private.key -pubout`.
    9. 

  9. 

  10. To generate subjectAltNames:
    11. 

  11. 

  12. cat >local.conf <<-EOF
    13. 

  13. 	[v3_req]
    14. 

  14. 	# For "real" requests
    15. 

  15. 	subjectAltName=@alt
    16. 

  16. 	[v3_ca]
    17. 

  17. 	# For CAs and self-signed certificates
    18. 

  18. 	subjectAltName=@alt
    19. 

  19. 	[alt]
    20. 

  20. 	DNS.1 = kopano.example.com
    21. 

  21. 	DNS.2 = localhost
    22. 

  22. 	IP.1 = 127.0.0.1
    23. 

  23. EOF
    24. 

  24. openssl req ... -config <(cat /etc/ssl/openssl.cnf local.conf) \
    25. 

  25. 	-subj /CN=CouldBeAnything
    26. 

  26. 

  27. openssl.cnf is the distro-provided default configuration.
    28. 

  28.