This is an old revision of the document!
After rebuilding Bud due to successful attacks, a number of suggestions were made, they were implemented as folows:
daemon, bin, sys, games, man, mail, news, uucp, proxy, www-date, backup, list, irc, gnats, nobody,
groupadd –system wheel
Postfix and Apache both use the SSL certificates in /etc/ssl/ for secure communications and TLS authenication. The guide for creating the keys is at openssl.htm (http://www.nomoa.com/bsd/openssl.htm)
openssl genrsa -des3 -out /etc/ssl/private/server.key 1024
openssl rsa -in pass.key -out server.key
openssl req -new -key /etc/ssl/private/<name>.key -out /etc/ssl/private/<name>.csr
Self sign the certificate request to produce the certificate.
openssl x509 -req -days 3650 -in /etc/ssl/private/<name>.csr -signkey /etc/ssl/private/<name>.key -out /etc/ssl/<name>.crt
chown :postfix /etc/ssl/private/postfix.key chown :postfix /etc/ssl/postfix.crt
The above commands are in openssl-gencrt to simplify cert creation:
openssl-gencrt <Certificate Name>e