Hello, I am going to build an email server on Centos for a small, private group of users and I just want to encrypt all communications between that server and the (remote) email clients of those users (or they browsers, when they use webmail). Client certificates are not necessary, at least now. I understand that to do that I need to create my own SSL CA, create with it a self signed certificate and key pair and make sure that the private key is not encrypted, so the server restarts unattended in case of a reboot. I have already looked at man pages and a few online tutorials, but frankly they are not clear on what to do to achieve all and _only_ what I wrote above. Most documentation, when not outdated, seems targeted at much more complex scenarions. Is this sequence of actions and commands correct and complete for my case, or not: 1) cd /usr/share/ssl 2) modify openssl.cnf to have your Common Name and other parameters 3) run: ./CA -newca ./CA -newreq-nodes 4) move the private key from the .pem file to a separate file 5) put the cert and key file in a location where Postfix, 6) Dovecot and Apache can all use them 7) configure each of those servers to use the certificate What have I missed? Thank you in advance for any feedback (I'll have access to the server only over the weekend, but it would be great to have this issue as clear as possible before starting...) Marco _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos