Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


It is probably best to generate/move certificates in
to share them easily among daemons and to put symlinks to it as

The script from /etc/ssl/local should generate decent enough
self-signed certificate:
     .crt + .key
     .pem as symlink to .crt
     .der as der encoded version (sometimes necessary)

Some daemon (exim4) need read access to the certs. In this case, it's possible to use the special group ssl-cert
     adduser Debian-exim ssl-cert
     chgrp ssl-cert /etc/ssl/local/domain...
     chmod g+r /etc/ssl/local/domain...

Daemons compiled with GNU TLS (exim once again) may have troubles to deal
with SHA2-512 sigs along with TLS 1.2. The temporary workaround is to disable
TLS 1.2 see

     tls_require_ciphers = NORMAL:-VERS-SSL3.0:-VERS-TLS1.2

For the record, at the moment (2014 April) it's recommended to rely only on
TLS and deactivate SSLv3, SSL2, etc.