-des3
is four characters. As a best practice it should include numbers and/or punctuation and not be a word in a dictionary. Also remember that your passphrase is case-sensitive.server.key
file.server.key
, and you can use this file to generate the CSR without passphrase.server.csr
file.server.crt
file.server.key
and certificate file server.crt
, or the certificate file issued by your CA, by running following commands at a terminal prompt:/etc/ssl/openssl.cnf
, and in the [ CA_default ] change:/etc/ssl/newcerts/01.pem
, containing the same output. Copy and paste everything beginning with the line: -----BEGIN CERTIFICATE----- and continuing through the line: ----END CERTIFICATE----- lines to a file named after the hostname of the server where the certificate will be installed. For example mail.example.com.crt
, is a nice descriptive name.02.pem
, 03.pem
, etc./etc/ssl/certs
. This enables multiple services to use the same certificate without overly complicated file permissions./etc/ssl/certs/cacert.pem
file to the /etc/ssl/certs/
directory on each server.