As my home server's SSL certificates are going to expire soon, I need to renew them.
But it has been over one year since the certificates are created, I've forgotten how to make them, so I've done some research, to be record, here are the steps:
1. Generating RSA private key
openssl genrsa -des3 -out server.key 1024
2. Making certificate request
openssl req -new -key server.key -out server.csr
3. Go to CACert.org to generate the certificate, using the server.csr file.
4. Or self sign using openssl command
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Then a certificate file is generated.
To use the certificate in Apache:
To use the certificate in Postfix:
smtpd_tls_CAfile = /etc/ssl/postfix/cacert.pem
To use the certificate in Courier IMAP:
Make a server.key, with contents from server.crt and server.pem combined, like:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Then configure in imapd-ssl