1 # Generate key 2048 bit rsa key with out passphrase:
3 DOMAIN=mail.stdout.nl.key
5 sudo chmod 400 $DOMAIN.key
6 sudo openssl genrsa -out $DOMAIN.key 2048
9 sudo openssl req -new -key $DOMAIN.key -out $DOMAIN.csr
11 # After receiving the .crt file from the issuer, make sure you cat the .key
12 # and .crt file together into a .pem file, which lighttpd's ssl.pemfile points
15 # Optionally, you can use a config file to set attributes of the CSR (so you
16 # can leave out stuff like "Location" and "State"). However, when using
17 # StartSSL, al the details from the CSR will be ignored anyway, so don't
18 # bother. Anyway, the file to pass to -config should like this:
21 distinguished_name = req_distinguished_name
24 [ req_distinguished_name ]