Self signed certs for Exim and Dovecot (High Sierra)


(Replace dnsbureau.com with your domain name)

login root
mkdir -p /private/etc/certificates
cd /private/etc/certificates
openssl genrsa -des3 -out dnsbureau.com.key.secure 2048
openssl req -new -key dnsbureau.com.key.secure -out dnsbureau.com.csr

Follow instructions on screen:

countryName = US
state = CA
localityName = Los Angeles
organizationName = CAPTAIN NET (dnsbureau.com)
organizationalUnitName = IT
commonName = dnsbureau.com
emailAddress = webmaster@dnsbureau.com

Sign and create a certificate and a nopass key

openssl x509 -req -days 365 -in dnsbureau.com.csr -signkey dnsbureau.com.key.secure -out dnsbureau.com.crt
openssl rsa -in dnsbureau.com.key.secure -out dnsbureau.com.key