Live Chat
U.S. Partners List
Search Results
  • Search Results

Creating a self-signed SSL certificate

Quick Link: http://www.axigen.com/kb/show/48
Last updated on June 17, 2009

Description

How to create a self-signed SSL certificate to use with AXIGEN

Resolution

1. Using interactive OpenSSL config:
- Generate an OpenSSL key: 
openssl genrsa -out axigen_cert.key 1024
- Generate the self-signed certificate, using the key: 
openssl req -new -x509 -key axigen_cert.key -out axigen_cert.crt
The default validity for a certificate is 30 days. If you want to increase that validity to say 1 year (365 days), you may want to add the -days 365 parameter to the command above: 
openssl req -new -x509 -days 365 -key axigen_cert.key -out axigen_cert.crt
- Combine the key and certificate into a PEM file: 
cat axigen_cert.key axigen_cert.crt > axigen_cert.pem
2. Using OpenSSL config file:
- Create an OpenSSL config file named axigen_ssl.cnf, with the following contents: 
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
O=AXIGEN Mail Server
OU=Automatically-generated SSL key
CN=AXIGEN

[ cert_type ]
nsCertType = server
- Create the auto-signed certificate: 
openssl req -new -x509 -days 365 -nodes -config axigen_ssl.cnf \
-out /var/opt/axigen/axigen_cert.pem -keyout /var/opt/axigen/axigen_cert.pem
3. Using AXIGEN's initscript:
On all supported OSes and platforms, AXIGEN's initscript will create, at first run, a self-signed certificate automatically, saved in the data directory with a name of axigen_cert.pem. If you want to regenerate the certificate, you may run once more the initscript with the init parameter.
For example, in RedHat, you can regenerate the certificate with: 
/etc/init.d/axigen init
NOTE: The init parameter will also try to create the default domain database, which will almost sure fail on most systems (it will be already created).


In order to view the certificate information:
openssl x509 -text -noout -in /var/opt/axigen/axigen_cert.pemIn order to view the expiration date for the specified certificate, use the -enddate parameter:
openssl x509 -enddate -noout -in /var/opt/axigen/axigen_cert.pemThe command above should output something like:
notAfter=May  1 15:16:16 2008 GMT

Applies to

Releases: Mail Server 6.2.X, Mail Server 7.0.X, Mail Server 7.1.X
OS: Linux, Windows, FreeBSD, OpenBSD, NetBSD, Solaris
Distros: RPM based distros, Slackware, Debian, Ubuntu, Gentoo, Windows, Solaris 10 x86, Mandriva Linux, Solaris 10 SPARC, FreeBSD 6.x, SLES PPC, FreeBSD 7.x, NetBSD, OpenBSD 4.3
Back to knowledge base
 
Axigen is a powerful, award-winning Windows & Linux mail server. A free mail server software is available for immediate download and adds free support services, as well as the business mail server solution, which also includes features like personal organizer, antivirus, anti-spam or advanced security policies. The carrier-class ISP mail server solution completes the Axigen product range, with optional clustering support & delegated administration.
© Copyright 2005-2012 Gecad Technologies
All rights reserved

+1 (773) 598 5800 Sales Line (US): +44 (0) 207 193 2470 Sales Line (UK):
eStore Contact