What is the role of cakey.pem and cacert.pem in addition to .key and .crt based encryption

encryption ssl openssl ssl-certificate public-key-encryption
8,201

You don’t need a Certificate authority. A self-signed certificate is perfectly valid by itself. Indeed, it is its own CA.

If you want to use a dedicated CA, you need to sign smtpd.crt with the CA instead. CAs are used to establish a chain of trust. If a client trusts a CA, it automatically trusts all certificates signed by it.

Here’s a guide to create a self-signed CA and sign a certificate with it, taken from Parallels:

  • openssl genrsa -out rootCA.key 2048
  • openssl req -x509 -new -nodes -key rootCA.key -days 3650 -out rootCA.pem
  • openssl genrsa -out server.key 2048
  • openssl req -new -key server.key -out server.csr
  • openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 730
Share:
8,201

Related videos on Youtube

greenV
Author by

greenV

Updated on September 18, 2022

Comments

  • greenV
    greenV over 1 year

    I have .key file which holds the private key data, .crt file which would be certificate with public key and, to my knowledge, that's it for public key encryption, right?

    Not exactly. In order to achieve my goal I must also generate cakey.pem and cacert.pem, which I do not know what they are for.

    I have example with setting up TLS with Postfix MTA.

    I do:

    openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt

    these two - smtpd.key and smtpd.crt - are key (private key) and certificate (with public key incorporated).

    what is the

    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

    cakey.pem and cacert.pem files for?

  • greenV
    greenV about 10 years
    I think I do need CA. If I, for example, omit to specify smtpd_tls_CAfile, it wont work. here is reference
  • Daniel B
    Daniel B about 10 years
    Well, the guide is broken. The way the certificates are generated, they have no relation whatsoever. I’ll edit the post to include a guide from Parallels.
  • greenV
    greenV about 10 years
    true for broken guide and also for generating CA. Thank you!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSL Alternative - encrypt password with JavaScript submit to PHP to decrypt
Invalid CA certificate with self signed certificate chain
Error while creating self-signed SSL certificate
How can the SSL client validate the server's certificate?
SSL certificate not accepted
How to create an OpenSSL Self-Signed Certificate using SAN?
Unable to load Key pair from p12 certificate - OPENSSL error
How do I use the openssl command to decode a public key .PEM file?
Decrypt PEM containing key and certificate
MongoDB: Getting SSL peer certificate validation failed: self signed certificate