TLS config help
Matthias Fechner
idefix at fechner.net
Wed Aug 29 09:20:58 UTC 2012
Am 29.08.12 12:38, schrieb AN:
> Trying to configure TLS and sendmail using the following steps
I use:
cd /etc/mail/certs
Create a CA:
- Edit /etc/ssl/openssl.cfn -> default_days = 1825
- Generate CAcertificate
-> /usr/src/crypto/openssl/apps/CA.pl -newca
cp demoCA/cacert.pem .
Create a key:
/usr/src/crypto/openssl/apps/CA.pl -newreq
Remove passphrase from key:
openssl rsa -in newkey.pem -out key.pem
Sign key:
/usr/src/crypto/openssl/apps/CA.pl -sign
Set permissions:
chmod 0600 *
Sendmail:
define(`confCACERT_PATH',`/etc/mail/certs')
define(`confCACERT',`/etc/mail/certs/cacert.pem')
define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem')
define(`confSERVER_KEY',`/etc/mail/certs/key.pem')
define(`confCLIENT_CERT',`/etc/mail/certs/newreq.pem')
define(`confCLIENT_KEY',`/etc/mail/certs/key.pem')
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Bye,
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook
More information about the freebsd-questions
mailing list