It works OK. Now, we have a certificate from Thawte available. I wanted to
see how many configuration steps an Outlook user will save, if we install
a commercial certificate rather than self-signed one. The Thawte
certificate has passphrase.
> I'm trying to create a certificate for a test with qpopper on sslwrap. I'd
> appreciate any advice.
> I used this command to create a certificate for sslwrap.
> (A) openssl req new -x509 -nodes -out my.pem -keyout my.pem -days 365.
> It works OK. Now, we have a certificate from Thawte available. I wanted to
> see how many configuration steps an Outlook user will save, if we install
> a commercial certificate rather than self-signed one. The Thawte
> certificate has passphrase.
> I tried, by guessing from the format,
> (1) Remove passphrase
> openssl rsa -in my.key -out my.nopass.key
> (2) Extract public part of the key
> openssl rsa -in my.nopass.key -pubout -out my.pub.key
> (3) Concatenate key and cert together.
> cat my.pub.key my.crt > my.pem
> But this didn't work.
> My purpose is to make an equivalent of (A) from the existing certificate.
> Could someone advise?
Qpopper will need the *private* key and the certificate.
You can first check the certificate is in the correct format with:
openssl x509 -in my.crt
If you don't get an error you just configure it to use my.crt and
my.nopass.key, or concatenate the two and just point it at that one file.