Inlägg

How to properly generate a .csr file

-
During my short IT-career, I have dealt with alot people who struggle with generating a .csr file (certificate signing request) on Linux. Windows (especially IIS) have a more clearer approach so that can most of the people figure out by themselves without having to ask to many stupid questions :) The following example generates a .csr and a .key file for the Company "Company Name", located in some country in the city "City". Just replace the variables to your liking. DOMAIN=www.example.com COUNTRY=2 letter country code ORG="Company Name" CITY="City" openssl req -utf8 -nameopt multiline,utf8 -new -newkey rsa:2048 -nodes -sha256 -out $DOMAIN.csr -keyout $DOMAIN.key -subj "/C=${COUNTRY}/ST=${STATE}/L=${CITY}/O=${ORG}/OU=IT/CN=$DOMAIN" Sometimes, you do want to generare a .csr file that includes two or more domains - a SAN certificate. Using the same variable as above, we can now add more CN's to the .csr: openssl req -u...
4 kommentarer
Läs mer

Deploy OpenDMARC to your postfix server

-
As a MTA lover, I always try to encourage people (especially "IT-people") to host their own mailserver. Mostly so they actually can learn something and also that I do not like how the big providers like Google, Microsoft, Amazon etc keep eating up the market. Diversity is a key to a healthy market - but that is another topic. This guide will mostly apply to Debian-based distros like Debian (9 or newer), Ubuntu (16.04 or newer) or any other serverdistro. I do assume that you already have a working mailserver that do both deliver and receive emails that are DKIM signed (or atleast perform validation with OpenDKIM), otherwhise you can read my short guide here (coming soon). First, install OpenDMARC from the repository. apt update apt install opendmarc -y Verify that the user and group "opendmarc" has been created by checking /etc/passwd and /etc/group. Otherwhise, create them. When you have installed it, verify the installation by running this: opend...
3 kommentarer
Läs mer