3-B: SSL / TLS Cerficates

For people who don't know. TLS and SSL are ways to encrypt a communication by using client/server certificates. We are now generating those certificates.

If you already have a valid and CA-signed certificate you may of course skip this step. Just remember qmail handles only .pem certificates.

cd /var/qmail/control

openssl req -newkey rsa:1024 -x509 -nodes -days 3650 -out servercert.pem -keyout servercert.pem

#Answer the prompt. The only important field is COMMON NAME. There you have to enter the full hostname of the mail server: eg: MAIL.DOMAIN.COM

ln -s servercert.pem clientcert.pem
chmod 640 servercert.pem rsa512.pem clientcert.pem
chown qmaild:vchkpw servercert.pem rsa512.pem