This appendix describes how to generate a self-signed OpenSSL certificate for use with Jabberd.
From a working directory, enter the command below to begin an interactive key generation process:
openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
You will be prompted for a passphrase for the private key. After entering and confirming your passphrase, you will be prompted for public information about your key.
Common Namefor your certificate.
Enter this command to remove the passphrase from your private key:
openssl rsa -in privkey.pem -out privkey.pem
Enter this command to combine the private and public keys into a single file:
cat privkey.pem >> server.pem
You should now delete your private key:
You can now move your key to its permanent location. For example, to move
the key to the default Jabberd
pemfile location, you would
enter this command (as superuser):
mv server.pem /usr/local/etc/jabberd/server.pem
Then, you should set permissions on this file so that it is owned by superuser and is readonly (as superuser):
chown root:jabber /usr/local/etc/jabberd/server.pem chmod 640 /usr/local/etc/jabberd/server.pem
Your certificate is now ready for use by Jabberd. You should make a backup (such as to a floppy) of your certificate.
|© 2003 Will Kamishlian and Robert Norris|
|This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.|