|
Project Information
Links
|
InstallationJust download the latest version from the [section], and extract the tarball somewhere. UsageSet up a CA certificate (with key). If you don’t know how to, then please refer to, [howto create you own CA and server certificate], on how to. Edit '''./mkcert.cfg''' (the parameters is described in the file), and run the command: # ./mkcert.pl -commonName <commonName> \
[-subjectAltName <subjectAltName>] \
[-subjectAltName <subjectAltName>]
For example: # ./mkcert.pl -commonName mailstore.se.lemche.net \
-subjectAltName DNS:pop.se.lemche.net \
-subjectAltName DNS:imap.se.lemche.net
This will create the configuration file: '''/etc/ssl/configs/mailstore.se.lemche.net.cnf''' And the following scripts: '''/etc/ssl/scripts/create-mailstore.se.lemche.net.sh''' '''/etc/ssl/scripts/sign-mailstore.se.lemche.net.sh''' '''/etc/ssl/scripts/revoke-mailstore.se.lemche.net.sh''' '''/etc/ssl/scripts/renew-mailstore.se.lemche.net.sh''' The script create-mailstore.se.lemche.net.sh will create the ''Certificate Key'' and ''Certificate Signing Request (CSR)'' as: '''/etc/ssl/private/mailstore.se.lemche.net-key.pem''' '''/etc/ssl/mailstore.se.lemche.net-req.pem''' The create script will also call the script sign-mailstore.se.lemche.net.sh. This will sign the CSR and create a PEM formattet certificate, convert
the PEM certificate to a DER formattet certificate and finally create a PKCS#12 certificate from the certificate and the key. The files are: '''/etc/ssl/mailstore.se.lemche.net-cert.pem''' '''/etc/ssl/mailstore.se.lemche.net-cert.der''' '''/etc/ssl/mailstore.se.lemche.net-cert.p12''' Running revoke-mailstore.se.lemche.net.sh will revoke the certificate and update the ''Certificate Revokation List (CRL)'' of the CA. Running renew-mailstore.se.lemche.net.sh will first call revoke-mailstore.se.lemche.net.sh and then sign-mailstore.se.lemche.net.sh. That’s pretty easy, isn’t it? Copyright'''mkcert.pl''' is Copyright (C) 2006, 2007 Valdemar Lemche. All rights reserved.
This script is free software; you can redistribute it and/or modify it under the same terms as Perl itself. This script is released TOTALLY AS-IS. If it will have any negative impact on your systems, make you sleepless at night or
even cause World War III; I will claim no responsibility! You may use
this script at you OWN risk.
|