make cert command creates a self signed certificate and places it in /var/qmail/control/cert.pem file. Remember that this file contains both, the private key and public key. You might want to seperate the private key from this file. You can create the certificate by issueing command make cert as shown below

. # make cert
/usr/bin/openssl req -new -x509 -nodes \
-out `head -1 conf-qmail`/control/cert.pem -days 366 \
-keyout `head -1 conf-qmail`/control/cert.pem
Generating a 1024 bit RSA private key
............++++++
........++++++
writing new private key to '/var/qmail/control/cert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Maharashtra
Locality Name (eg, city) []:Nagpur
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Major & Minor Exims Pvt. Ltd.
Organizational Unit Name (eg, section) []:Internet Security Group
Common Name (eg, YOUR name) []:ironclad.mil
Email Address []:myname@mydomain.com
chmod 640 `head -1 conf-qmail`/control/cert.pem
chown qmaild:qmail `head -1 conf-qmail`/control/cert.pem
#

This actually invokes the openssl command to create new certificate. It prompts you to supply some vital information that will appear on your certificate. Remember, you need to provide the your server name as Common Name here. This will also change the permissions of the file to be readable and writable by user qmaild and readable by group qmail and owner and group as qmaild and qmail respectively. Make sure permissions are as shown below:

# ls -lh /var/qmail/control/cert.pem
-rw-r----- 1 qmaild qmail 2.4K 2005-05-25 11:43 /var/qmail/control/cert.pem

What this make cert command does is it actually executes the cert: part present at the end of our Makefile. This is nothing but selective execution of Makefile. The part that gets executed from Makefile is shown below.

cert:
      $(OPENSSLBIN) req -new -x509 -nodes \
      -out `head -1 conf-qmail`/control/cert.pem -days 366 \
      -keyout `head -1 conf-qmail`/control/cert.pem
      chmod 640 `head -1 conf-qmail`/control/cert.pem
      chown qmaild:qmail `head -1 conf-qmail`/control/cert.pem

Sameer N. Ingole

strike <at> proscrutiny <dot> com

This documentation is distributed in hope that it will be useful but WITHOUT ANY WARRANTY. Without even the implied warranty of FITNESS FOR A PARTICULAR PURPOSE. This documentation is COPYLEFTED. What is COPYLEFT?