TLS config help
Jamie Paul Griffin
jamie at kode5.net
Wed Aug 29 10:04:29 UTC 2012
[ Matthias Fechner wrote on Wed 29.Aug'12 at 11:20:37 +0200 ]
> Am 29.08.12 12:38, schrieb AN:
> > Trying to configure TLS and sendmail using the following steps
>
> I use:
> cd /etc/mail/certs
>
>
> Create a CA:
>
> - Edit /etc/ssl/openssl.cfn -> default_days = 1825
> - Generate CAcertificate
> -> /usr/src/crypto/openssl/apps/CA.pl -newca
> cp demoCA/cacert.pem .
>
> Create a key:
>
> /usr/src/crypto/openssl/apps/CA.pl -newreq
>
> Remove passphrase from key:
>
> openssl rsa -in newkey.pem -out key.pem
>
> Sign key:
>
> /usr/src/crypto/openssl/apps/CA.pl -sign
>
> Set permissions:
>
> chmod 0600 *
>
> Sendmail:
>
> define(`confCACERT_PATH',`/etc/mail/certs')
> define(`confCACERT',`/etc/mail/certs/cacert.pem')
> define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem')
> define(`confSERVER_KEY',`/etc/mail/certs/key.pem')
> define(`confCLIENT_CERT',`/etc/mail/certs/newreq.pem')
> define(`confCLIENT_KEY',`/etc/mail/certs/key.pem')
>
> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>
> Bye,
> Matthias
That's very handy info, I am planning on setting up TLS for sendmail myself. So thanks to the OP for asking that question, although i'm sure there's loads of info on the net as well. I've only used Postfix before now, but since installing FBSD on this machine I thought i'd stick to using base MTA.
Jamie
More information about the freebsd-questions
mailing list