Date: Wed, 29 Aug 2012 11:04:26 +0100 From: Jamie Paul Griffin <jamie@kode5.net> To: freebsd-questions@freebsd.org Subject: Re: TLS config help Message-ID: <20120829100426.GE81304@kontrol.kode5.net> In-Reply-To: <503DDEE5.7000505@fechner.net> References: <alpine.BSF.2.00.1208290601530.80429@mail.neu.net> <503DDEE5.7000505@fechner.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Matthias Fechner wrote on Wed 29.Aug'12 at 11:20:37 +0200 ] > Am 29.08.12 12:38, schrieb AN: > > Trying to configure TLS and sendmail using the following steps > > I use: > cd /etc/mail/certs > > > Create a CA: > > - Edit /etc/ssl/openssl.cfn -> default_days = 1825 > - Generate CAcertificate > -> /usr/src/crypto/openssl/apps/CA.pl -newca > cp demoCA/cacert.pem . > > Create a key: > > /usr/src/crypto/openssl/apps/CA.pl -newreq > > Remove passphrase from key: > > openssl rsa -in newkey.pem -out key.pem > > Sign key: > > /usr/src/crypto/openssl/apps/CA.pl -sign > > Set permissions: > > chmod 0600 * > > Sendmail: > > define(`confCACERT_PATH',`/etc/mail/certs') > define(`confCACERT',`/etc/mail/certs/cacert.pem') > define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem') > define(`confSERVER_KEY',`/etc/mail/certs/key.pem') > define(`confCLIENT_CERT',`/etc/mail/certs/newreq.pem') > define(`confCLIENT_KEY',`/etc/mail/certs/key.pem') > > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > > Bye, > Matthias That's very handy info, I am planning on setting up TLS for sendmail myself. So thanks to the OP for asking that question, although i'm sure there's loads of info on the net as well. I've only used Postfix before now, but since installing FBSD on this machine I thought i'd stick to using base MTA. Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120829100426.GE81304>