TLS config help

Matthias Fechner idefix at fechner.net
Wed Aug 29 09:20:58 UTC 2012


Am 29.08.12 12:38, schrieb AN:
> Trying to configure TLS and sendmail using the following steps

I use:
cd /etc/mail/certs


Create a CA:

- Edit /etc/ssl/openssl.cfn -> default_days    = 1825
- Generate CAcertificate
-> /usr/src/crypto/openssl/apps/CA.pl -newca
cp demoCA/cacert.pem .

Create a key:

/usr/src/crypto/openssl/apps/CA.pl -newreq

Remove passphrase from key:

openssl rsa -in newkey.pem -out key.pem

Sign key:

/usr/src/crypto/openssl/apps/CA.pl -sign

Set permissions:

chmod 0600 *

Sendmail:

define(`confCACERT_PATH',`/etc/mail/certs')
define(`confCACERT',`/etc/mail/certs/cacert.pem')
define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem')
define(`confSERVER_KEY',`/etc/mail/certs/key.pem')
define(`confCLIENT_CERT',`/etc/mail/certs/newreq.pem')
define(`confCLIENT_KEY',`/etc/mail/certs/key.pem')

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

Bye,
Matthias

-- 
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook


More information about the freebsd-questions mailing list