key rollover: Generic OpenSSL PEM instructions

To: debian-www@lists.debian.org
Cc: team@security.debian.org
Subject: key rollover: Generic OpenSSL PEM instructions
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sat, 17 May 2008 00:25:37 +0200
Message-id: <[🔎] 20080516222537.GA5969@galadriel.inutil.org>

Hi,
please add this to the top next to OpenSSH, since it can be referenced
by the instructions for several other packages.

OpenSSL: Generic PEM key generation instructions
================================================

This is just a reminder for those who (re-)generate PEM encoded
certificates. Your site probably has other policies in place about how
to manage keys which you should follow. Additionally, you may need to
get the certificates signed again by a 3rd party Certificate Authority
rather than by using a self-signed certificate as shown below:

cd /etc/ssl/private
openssl genrsa 1024 > mysite.pem
cd /etc/ssl/certs
openssl req -new -key ../private/mysite.pem -x509 -days 9999 -out mysite.pem

Reply to:

Follow-Ups:
- Re: key rollover: Generic OpenSSL PEM instructions
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Fwd: Implications of Debian OpenSSL flaw for MIT PKINIT
Next by Date: Re: key rollover: Generic OpenSSL PEM instructions
Previous by thread: Re: Fwd: Implications of Debian OpenSSL flaw for MIT PKINIT
Next by thread: Re: key rollover: Generic OpenSSL PEM instructions
Index(es):
- Date
- Thread