+# Don't forget to update the key in the mail vserver for dovecot as
+# well!
+#
# Generate key 2048 bit rsa key with out passphrase:
-DOMAIN=mail.stdout.nl.key
+DOMAIN=mail.stdin.nl
sudo touch $DOMAIN.key
sudo chmod 400 $DOMAIN.key
sudo openssl genrsa -out $DOMAIN.key 2048
# After receiving the .crt file from the issuer, make sure you cat the .key
# and .crt file together into a .pem file, which lighttpd's ssl.pemfile points
-# to.
+# to. Don't forget to create the file with 400 first:
+sudo touch $DOMAIN.pem
+sudo chmod 400 $DOMAIN.pem
+sudo sh -c "cat $DOMAIN.key $DOMAIN.crt > $DOMAIN.pem"
+# Also create a full chain cert, which is used by dovecot
+sudo sh -c "cat $DOMAIN.crt ca/startssl/all.pem > $DOMAIN.crt-chain"
# Optionally, you can use a config file to set attributes of the CSR (so you
# can leave out stuff like "Location" and "State"). However, when using
-# StartSSL, al the details from the CSR will be ignored anyway, so don't
-# bother. Anyway, the file to pass to -config should like this:
+# StartSSL, al the details (including common name) from the CSR will be ignored
+# anyway, so don't bother. Anyway, the file to pass to -config should like
+# this:
[ req ]
distinguished_name = req_distinguished_name