Re: [Exim] TLS and Intermediate (root) certificates

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Sheldon Hearn
Ημερομηνία:  
Προς: ph10
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] TLS and Intermediate (root) certificates

On Mon, 14 Jan 2002 23:34:49 +0200, Sheldon Hearn wrote:

> I now have MS Outlook sending and receiving mail securely and without
> silly warnings to and from Ian Freislich's BSD-licensed popd and Exim
> respectively.


I'd like to suggest the following change to text this section of the
specification:

| 38.4 Certificates and all that


Immediately following the following paragraph:

| A self-signed certificate made in this way is sufficient for testing,
| and may be adequate for all your requirements if you are mainly
| interested in encrypting transfers, and not in secure identification.


I'd suggest that the following text be added:

| However, many clients require that the certificate presented by Exim be
| a user (also called "leaf" or "site") certificate, and not a self-signed
| certificate. In this case, the self-signed certificate described above
| must be installed on the client host as a trusted root certification
| authority and the certificate used by Exim must be a user certificate
| signed with that self-signed certificate.

|
| For information on creating self-signed CA certificates and using them
| to sign user certificates, see the "General implementation overview"
| chapter of the Open-source PKI Book, available online at:

|
|     http://ospibook.sourcefourge.net/


Ciao,
Sheldon.