postfix with TLS
Ernie Luzar
luzar722 at gmail.com
Wed May 6 13:55:12 UTC 2015
Noel wrote:
On 5/5/2015 3:53 PM, Ernie Luzar wrote:
Matthew Seaman wrote:
On 03/05/2015 17:41, Ernie Luzar wrote:
Is the ability builtin to create SSL keys and certs?
No. That's where you'ld use openssl.
Mathew
On my system 10.1 system 'locate openssl' shows /usr/bin/openssl.
So I take that to mean that 'yes' the ability is builtin to the
FreeBSD base to
create the SSL keys and certs needed by postfix.
No need to 'pkg install openssl', correct?
Correct. openssl is part of the base.
Do some TLS parameters have to be added to postfix's main.cf file ?
Yes, although TLS is supported by the package, it is not enabled by
default.
[1]http://www.postfix.org/TLS_README.html#quick-start
The openssl comand has to be run to create SSL keys and certs
needed by postfix for TLS?
The quick-start section of TLS _README gives examples for creating a
self-signed certificate using openssl, and shows the common settings
required in postfix to enable TLS. The remaining postfix TLS
settings -- and there's a lot of them -- have reasonable defaults
and seldom need adjusting.
[2]http://www.postfix.org/TLS_README.html#quick-start
-- Noel Jones
Thank you noel for your help so far. That quick-start instructions are
all most useless because they don't make sense
and reference a script which is not available.
First of all the "Self-signed server certificate" section says this
"In the examples below, user input is shown in bold font, and a "#"
prompt indicates a super-user shell."
But there is no bold font, just blue links and I can only guess that
what there trying to say about ""#" prompt indicates a super-user
shell"
is a indirect way of saying this.
Copy the code shown in the "Self-signed server certificate" section and
paste it in a newly created blank file.
Insert "#! /bin/sh" as the first line of the file and remove all the
"#"
Save and exec.
As I read the quick-start instructions is see that the first part of
the instructions in the "Private Certification Authority" section is
based on a perl script called CA.pl. I have perl installed and the
locate command does not find it.
Upon closer re-reading of the quick-start instructions it almost seems
that what is shown under the "Self-signed server certificate" section
is an newer and quicker method of accomplishing what is shown in the
"Private Certification Authority" section. You do one or the other but
not both.
What is your thoughts on that?
References
1. http://www.postfix.org/TLS_README.html#quick-start
2. http://www.postfix.org/TLS_README.html#quick-start
More information about the freebsd-questions
mailing list