NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Problem (again!) with openssl!

On Mon, 28 Jul 2014, Dave Huang wrote: makes it
sound like there's no configuration setting for the key/certificate
path. Putting a private key in /etc/openssl/certs sounds bad for
security to me, but maybe I'm making it a bigger deal than it really

Well, the contents of certs directory are all set to 644, while the ca.key (in /etc/openssl/private/) is 600, so it also feels bad to me.

In any case, that page says, "The imapd.pem and ipop3d.pem must
contain a private key and a certificate.  The private key must not be
encrypted." So, you'll need to find the file that contains the private
key that matches that certificate, cat the key and the certificate
together, and put the combined file at /etc/openssl/certs/imapd.pem

This works. But still not so sure that I want the key file to be world readable...

Why would the _server_ need to access they key? Wouldn't it make more sense for the _client_ to prove it possesses the key?

| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at    |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at |
| Kernel Developer |                          | pgoyette at  |

Home | Main Index | Thread Index | Old Index