postfix with TLS

Jon Radel jon at radel.com
Wed May 6 15:14:28 UTC 2015 

On 5/6/15 9:55 AM, Ernie Luzar wrote:
>    
>
>
>     Thank you noel for your help so far. That quick-start  instructions are
>     all most useless because they don't make sense
Really?  You seem to have come to all the correct conclusions based on them!
>     and reference a script which is not available.
You mean CA.pl?  I'd suggest making a self-signed certificate and being 
done with it.  Skip setting up your own CA until you're more confident 
with this stuff.  And I hardly think it's Postfix's fault that the base 
install of FreeBSD does indeed appear to not install CA.pl with openssl.
>     First of all the "Self-signed server certificate" section says this
>     "In the examples below, user input is shown in bold font, and a "#"
>     prompt indicates a super-user shell."
>     But there is no bold font, just blue links and I can only guess that
>     what there trying to say about ""#" prompt indicates a super-user
>     shell"
Well, arguably the whole thing should be bold.  The links are merely 
links to elsewhere in the documentation when it explains that that 
option does.

Execute those commands as root.  I'd suggest cutting and pasting as 
typos could get ugly.
>     is a indirect way of saying this.
>     Copy the code shown in the "Self-signed server certificate" section and
>     paste it in a newly created blank file.
>     Insert "#! /bin/sh" as the first line of the file and remove all the
>     "#"
>     Save and exec.
This should also work.
>     As I read the quick-start  instructions is see that the first part of
>     the instructions in the "Private Certification Authority" section is
>     based on a perl script called CA.pl. I have perl installed and the
>     locate command does not find it.
It generally ships with openssl.  The FreeBSD 10.1 machine I just 
checked doesn't have it either, but it's quite a standard file.
>     Upon closer re-reading of the quick-start  instructions it almost seems
>     that what is shown under the  "Self-signed server certificate" section
>     is an newer and quicker method of accomplishing what is shown in the
>     "Private Certification Authority" section. You do one or the other but
>     not both.
>    
Newer:  no.   Quicker:  yes.  Alternative methods of which you want to 
do only one:  most certainly.

--Jon Radel
jon at radel.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3870 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150506/3b25a607/attachment.bin>

More information about the freebsd-questions mailing list