Date: Wed, 29 Aug 2012 11:20:37 +0200 From: Matthias Fechner <idefix@fechner.net> To: AN <andy@neu.net> Cc: freebsd-questions@freebsd.org Subject: Re: TLS config help Message-ID: <503DDEE5.7000505@fechner.net> In-Reply-To: <alpine.BSF.2.00.1208290601530.80429@mail.neu.net> References: <alpine.BSF.2.00.1208290601530.80429@mail.neu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 29.08.12 12:38, schrieb AN: > Trying to configure TLS and sendmail using the following steps I use: cd /etc/mail/certs Create a CA: - Edit /etc/ssl/openssl.cfn -> default_days = 1825 - Generate CAcertificate -> /usr/src/crypto/openssl/apps/CA.pl -newca cp demoCA/cacert.pem . Create a key: /usr/src/crypto/openssl/apps/CA.pl -newreq Remove passphrase from key: openssl rsa -in newkey.pem -out key.pem Sign key: /usr/src/crypto/openssl/apps/CA.pl -sign Set permissions: chmod 0600 * Sendmail: define(`confCACERT_PATH',`/etc/mail/certs') define(`confCACERT',`/etc/mail/certs/cacert.pem') define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem') define(`confSERVER_KEY',`/etc/mail/certs/key.pem') define(`confCLIENT_CERT',`/etc/mail/certs/newreq.pem') define(`confCLIENT_KEY',`/etc/mail/certs/key.pem') DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl Bye, Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?503DDEE5.7000505>