Solution
Using interactive OpenSSL config
Generate an OpenSSL key:
openssl genrsa -out axigen_cert.key 1024
Generate the self-signed certificate, using the key:
openssl req -new -x509 -key axigen_cert.key -out axigen_cert.crt
The default validity for a certificate is 30 days. If you want to increase that validity to say 1 year (365 days), you may want to add the -days 365 parameter to the command above:
openssl req -new -x509 -days 365 -key axigen_cert.key -out axigen_cert.crt
Combine the key and certificate into a PEM file:
cat axigen_cert.key axigen_cert.crt > axigen_cert.pem
Using the OpenSSL config file:
Create an OpenSSL config file named axigen_ssl.cnf, with the following contents:
[ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] O=AXIGEN Mail Server OU=Automatically-generated SSL key CN=AXIGEN [ cert_type ] nsCertType = server
Create the auto-signed certificate:
openssl req -new -x509 -days 365 -nodes -config axigen_ssl.cnf \ -out /var/opt/axigen/axigen_cert.pem -keyout /var/opt/axigen/axigen_cert.pem
Using Axigen's initscript:
On all supported operating systems, Axigen's initscript will automatically create a self-signed certificate at the first run and save it in the data directory with a name of axigen_cert.pem. If you want to regenerate the certificate, you may run once more the initscript with the init parameter. For example, in RedHat, you can regenerate the certificate with:
/etc/init.d/axigen init
The init parameter will also try to create the default domain database, which will almost sure fail on most systems (it will be already created).
In order to view the certificate information:
openssl x509 -text -noout -in /var/opt/axigen/axigen_cert.pem
In order to view the expiration date for the specified certificate, use the -enddate parameter:
openssl x509 -enddate -noout -in /var/opt/axigen/axigen_cert.pemThe command above should output something like:notAfter=May 1 15:16:16 2008 GMT