OpenSSL ------- When installing first, set serial by: echo "01" > /path/to/serial Certificate Authority --------------------- Creating the cert: # openssl req -new -x509 -keyout /usr/local/CQU-CA/private/CQU-CAkey.pem -out /usr/local/CQU-CA/private/CQU-CAcert.pem -keyout /usr/local/CQU-CA/private/CQU-CA/CAkey.pem # ./bin/openssl req -config ./openssl.cnf -new -x509 -keyout /usr/local/CQU-CA/private/CQU-CAkey.pem -out /usr/local/CQU-CA/certs/CQU-CAcert.pem -days 365 Generating a 1024 bit RSA private key .........................................................++++++ .++++++ writing new private key to '/usr/local/CQU-CA/private/CQU-CAkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:Queensland Locality Name (eg, city) []:Rockhampton Organization Name (eg, company) [Internet Widgits Pty Ltd]:Central Queensland University (CQU) Organizational Unit Name (eg, section) []:Information Technology Division (ITD) Common Name (eg, YOUR name) []:Central Queensland University CA Email Address []:cqu-ca@cqu.edu.au Converting to DER: # openssl x509 -inform PEM -outform DER -in /usr/local/CQU-CA/private/CQU-CAcert.pem -out /usr/local/CQU-CA/private/CQU-CAcert.der Requesting a new unencrypted cert: # openssl req -new -keyout newkey.pem -out newreq.pem -days 365 -nodes -config ./openssl.cnf Get a cert from IIS: # openssl x509 -req -days 365 -in certreq.txt -CA /usr/local/CQU-CA/private/CQU-CAcert.pem -CAkey /usr/local/CQU-CA/private/CQU-CAkey.pem -CAcreateserial -out new.crt Generating webmail cert # /usr/local/ssl/bin/openssl req -new -config ./openssl.cnf -keyout /usr/local/CQU-CA/certs/webmail-req.pem -out /usr/local/CQU-CA/certs/webmail-req.pem -nodes # /usr/local/ssl/bin/openssl x509 -req -days 365 -in ./webmail-req.pem -CA /usr/local/CQU-CA/certs/CQU-CAcert.pem -CAkey /usr/local/CQU-CA/private/CQU-CAkey.pem -CAcreateserial -out ./webmail.crt