Tag Archives: OpenSSL

Creating ECC Certificates

Here’s a very quick guide on creating ECC 256Bit Self-Signed Certificates with OpenSSL and Ubuntu 12 and 14.

1. Firstly lets create a folder to hold the files..

2. Move to that directory…

3. Now lets create the key

4. Create the request

5. Create the certificate

6. While we are here, lets combine the private key and certificate into a .pem file.

You now have a Self-Signed ECC 256Bit SHA256 certificate for your domain, and a .csr file for use at your favourite CA.

Should you wish to have ECC 384 Bit, simply replace “prime256v1” in step three, with secp384r1,
and “-sha256” in step five with -sha384.


Creating DH Parameters

By default DH Parameters are just 1024bits in Ubuntu 12.04.5 LTS which is considered weak by todays standards.
You will need to create a new one of either 2048Bit or 4096Bit depending on your certificates public key size.

1. Create a folder to hold the dhparams…

2. Move to that directory

3. Create the new DH Parameters, at 2048Bit

And 4096Bit (this will take some time)

5. You can also create DSA versions, at 2048Bit…

And 4096Bit

Now you can add the directives to your servers, Courier-Imap, Dovecot, Nginx and Postfix.


Dovecot (creates it’s own)