test

Sun Java System Messaging Server 6 2005Q4 Administration Guide

To Create Self-signed Certificates

If you want to create self-signed certificates in command-line mode, follow the instructions in this section. To create certificates with the certificate wizard, see Obtaining Certificates through the Administration Console.

ProcedureTo Create Self-signed Certificates

Steps

  1. Log in as or become superuser (root).

  2. Specify the certificate database password for certutil in /opt/SUNWmsgsr/config/sslpassword. For example:


    # echo "password" > /opt/SUNWmsgsr/config/sslpassword

    where password is your specific password.

  3. Move to the sbin directory and generate the certificate database (cert8.db) and key database (key3.db). For example:


    # cd /opt/SUNWmsgsr/sbin
# ./certutil -N -d /opt/SUNWmsgsr/config -f /opt/SUNWmsgsr/config/sslpassword

  4. Generate a default self-signed root Certificate Authority certificate. Example:


    # ./certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu"
-s "CN=My Sample Root CA, O=sesta.com" -m 25000
-o /opt/SUNWmsgsr/config/SampleRootCA.crt
-d /opt/SUNWmsgsr/config
-f /opt/SUNWmsgsr/config/sslpassword   -z /etc/passwd

  5. Generate a certificate for the host. For example:


    ../certutil -S -n Server-Cert -c SampleRootCA -t "u,u,u"
-s "CN=hostname.sesta.com, o=sesta.com" -m 25001
-o /opt/SUNWmsgsr/config/SampleSSLServer.crt
-d /opt/SUNWmsgsr/config -f /opt/SUNWmsgsr/config/sslpassword
-z /etc/passwd

    where hostname.sesta.com is the server host name.

  6. Validate the certificates. For example:


    # ./certutil -V -u V -n  SampleRootCA -d /opt/SUNWmsgsr/config
# ./certutil -V -u V -n  Server-Cert -d /opt/SUNWmsgsr/config

  7. List the certificates. For example:


    # ./certutil -L -d /opt/SUNWmsgsr/config
# ./certutil -L -n Server-Cert -d /opt/SUNWmsgsr/config

  8. Use modutil to list the available security modules (secmod.db). For example:


    # ./modutil -list -dbdir /opt/SUNWmsgsr/config

  9. Change the owner of the certificate database files to the mail server user and group, as shown in the example.


    chown mailsrv:mail /opt/SUNWmsgsr/config/cert8.db
chown mailsrv:mail /opt/SUNWmsgsr/config/key3.db

  10. Restart the messaging services to enable the SSL.

    Note –

    Previously, certificates and key files were always located in the Messaging Server configuration directory. It is now possible to specify the location of the these files using local.ssldbpath (specifies the location of the certificate and key files) and local.ssldbprefix (specifies the prefixes of the certificate and key files.)