postfix with TLS
Jon Radel
jon at radel.com
Wed May 6 15:14:28 UTC 2015
On 5/6/15 9:55 AM, Ernie Luzar wrote:
>
>
>
> Thank you noel for your help so far. That quick-start instructions are
> all most useless because they don't make sense
Really? You seem to have come to all the correct conclusions based on them!
> and reference a script which is not available.
You mean CA.pl? I'd suggest making a self-signed certificate and being
done with it. Skip setting up your own CA until you're more confident
with this stuff. And I hardly think it's Postfix's fault that the base
install of FreeBSD does indeed appear to not install CA.pl with openssl.
> First of all the "Self-signed server certificate" section says this
> "In the examples below, user input is shown in bold font, and a "#"
> prompt indicates a super-user shell."
> But there is no bold font, just blue links and I can only guess that
> what there trying to say about ""#" prompt indicates a super-user
> shell"
Well, arguably the whole thing should be bold. The links are merely
links to elsewhere in the documentation when it explains that that
option does.
Execute those commands as root. I'd suggest cutting and pasting as
typos could get ugly.
> is a indirect way of saying this.
> Copy the code shown in the "Self-signed server certificate" section and
> paste it in a newly created blank file.
> Insert "#! /bin/sh" as the first line of the file and remove all the
> "#"
> Save and exec.
This should also work.
> As I read the quick-start instructions is see that the first part of
> the instructions in the "Private Certification Authority" section is
> based on a perl script called CA.pl. I have perl installed and the
> locate command does not find it.
It generally ships with openssl. The FreeBSD 10.1 machine I just
checked doesn't have it either, but it's quite a standard file.
> Upon closer re-reading of the quick-start instructions it almost seems
> that what is shown under the "Self-signed server certificate" section
> is an newer and quicker method of accomplishing what is shown in the
> "Private Certification Authority" section. You do one or the other but
> not both.
>
Newer: no. Quicker: yes. Alternative methods of which you want to
do only one: most certainly.
--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150506/3b25a607/attachment.bin>
More information about the freebsd-questions
mailing list