Hello Peter,
Excellent news - as we have the passed the SPF setup let’s continue our journey with DKIM, which means that we’ll sign all authenticated messages sent via our mail server.
Let’s generate the private and public RSA key pair to be used for signing (on Axigen side) / verifying the signature (on receiving side).
For this, please open a command line terminal and check if you have access to openssl binary (as mentioned in prerequisite #3), with a command like:
$ openssl version
OpenSSL 1.1.1f 31 Mar 2020
If this passed let’s generate the private key which will be used by Axigen to sign messages sent from your domain:
$ openssl genrsa -out dkim.privkey.testdomain_com.pem 2048
Generating RSA private key, 2048 bit long modulus
..+++
................................................................................................................................+++
e is 65537 (0x010001)
From the private key, let’s extract the public key to be publish into DNS (we’ll talk about this latter) so the remote parties could check the message signature:
$ openssl rsa -in dkim.privkey.testdomain_com.pem -outform PEM -pubout -out dkim.pubkey.testdomain_com.pem
writing RSA key
At this point we should have two local text files: dkim.privkey.testdomain_com.pem
and dkim.pubkey.testdomain_com.pem
and in order to check that all is fine please check their contents.
Note: please do not made any modifications to them, just “look” at their contents
You should see something similar with:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAqrg9fKp/lvlT4GyaJIZqL69Plz6klotzRKF5k7MWlDznKFqJ
d6WvlVlXDp9T423covNm4wJFbIF61VZrI+n/jC4UXmjuJr5PB2pyNh+R6FROhRrp
...
u6Wpk5JSFZFzYsoTOlEkGrtJ+YJFddZRmoakUEMMB3OfwxQ+rac=
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1AHYx6g+IYNWA6VcJxm
...
RwIDAQAB
-----END PUBLIC KEY-----
As an extra verification step, just in case you like to have a confirmation that these files are paired, we could check that both of them have the same “modulus” (actually we’ll compare their MD5 hash).
For this please use the following commands and check that their output is similar (in our case we have an MD5 hash of 9e756d472eba0c25b37d92dc8c4a596d
:
$ openssl rsa -modulus -pubin -noout -in dkim.pubkey.testdomain_com.pem | openssl md5
(stdin)= 9e756d472eba0c25b37d92dc8c4a596d
$ openssl rsa -modulus -noout -in dkim.privkey.testdomain_com.pem | openssl md5
(stdin)= 9e756d472eba0c25b37d92dc8c4a596d
I’ll wait for your confirmation that you’ve managed to generate these two files so we could advance to the next step.
BR,
Ioan