sslug-teknik team mailing list archive
-
sslug-teknik team
-
Mailing list archive
-
Message #60592
Re: SSL certifikat udløbet
Anders Misfeldt wrote:
> Jeg benytter ssl til at connecte til min pop3 server, men nu er mit ssl
> certifikat udløbet...
Man openssl, eller brug openssl interaktivt:
# openssl
OpenSSL> ?
OpenSSL> genrsa ?
Eller kig i koden til en app der bruger openssl; sådanne har ofte en
funktion til at generere et dummy certifikat.
Ex. fra Courier-imap:
-----------
cp /dev/null
/usr/local/share/imapd.pem
chmod 600
/usr/local/share/imapd.pem
chown root
/usr/local/share/imapd.pem
cleanup()
{
rm -f
/usr/local/share/imapd.pem
rm -f
/usr/local/share/imapd.rand
exit
1
}
cd
/usr/local/share
dd if=/dev/urandom of=/usr/local/share/imapd.rand count=1
2>/dev/null
/usr/bin/openssl req -new -x509 -days 365 -nodes
\
-config /etc/imapd.cnf -out /usr/local/share/imapd.pem -keyout
/usr/loca
l/share/imapd.pem ||
cleanup
/usr/bin/openssl gendh -rand /usr/local/share/imapd.rand 512
>>/usr/local/share/
imapd.pem ||
cleanup
/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in
/usr/local/share/i
mapd.pem ||
cleanup
rm -f
/usr/local/share/imapd.rand
-----------
Ellers er der flere metoder:
dd if=/dev/urandom of=/tmp/random.data bs=1024 count=1024
1024+0 records in
1024+0 records out
/usr/bin/openssl genrsa -rand /tmp/random.data 1024 > server.key
1048576 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
Hvis du bruger /dev/urandom (eller random), så husk at sætte maskinen
til at bestille en masse imens, eller får du ikke nok entropy-varians.
Eller uden (u)random:
usr/bin/openssl genrsa -des 1024 > /tmp/server.key
Generating RSA private key, 1024 bit long modulus
................................................++++++
.....++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
--
Kind regards / venlig hilsen,
Mogens Valentin, Mr Dev
IT Networking, Security, Server Setup
http://www.mrdev.com mrdev@xxxxxxxxx
Phone +45 32 525 878 Cell 51 227 668
References
