Problem
How to generate a csr for Qpopper
How do I generate a csr for Qpopper
Resolution
NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.
To create a certificate signed by a Certificate Authority using OpenSSL, follow these steps:
Create or choose a directory for the certificates and your private key. Because the private key is stored unencrypted, it is very important that only user root has access to this directory. For example, the following three commands:
mkdir -p -m665 /etc/mail/certs
chown root:mail /etc/mail/certs
chmod 660 /etc/mail/certs
Use openssl to create a public-private key pair and a Certificate Signing Request (CSR). For example, the following command (this text should be entered at a command prompt as one long line):
/usr/local/ssl/bin/openssl req -new -nodes -out req.pem -keyout /etc/mail/certs/cert.pem
When you run openssl it prompts you for items of information. It is very important that you properly answer these prompts; the default explanation may not be accurate. It asks you:
- Country Name: Supply the ISO-standard two-letter code for your country.
- State or Province Name: Type the full name of your state or province.
- Locality Name: Type the full name of your city or municipal area.
- Organization Name: Type the legal name of your company or organization.
- Organizational Unit Name: Type the name of your pision or section of your company.
- Common Name: Type the fully-qualified host name of the mail server host. Do not type your personal name, even if the openssl prompt sounds like that is what you should do. This must be the same name that a client enters to get to your server.
- Email Address: This should be your email address, or that of an institutional role (such as postmaster).
Ensure that the file which now contains the private key (and will later contain the signed certificate) is owned by and only accessible by root. For example, the following two commands:
chmod 600 /etc/mail/certs/cert.pem
chown root:0 /etc/mail/certs/cert.pem
Send the CSR (file req.pem) to your Certificate Authority for signing. You will receive back a signed request.
For instructions to install the certificate for Qpopper, go to the following solution: SO2650
Instructions found at http://www.eudora.com/products/unsupported/qpopper/index.html
